Sun Microsystems manual Ug Characteristics of Solaris 10 Zones

Version 3.1-enSolaris 10 Container Guide - 3.1 2. Functionality

Effective: 30/11/2009

Shared kernel:

The kernel is shared by the global zone and the local zones. The resources needed by the OS are

needed only once. Costs for a local zone are therefore low, as measured by main memory, CPU

consumption and disk space.

Shared objects:

In Unix, all objects such as programs, files and shared libraries are loaded only once as a shared

memory segment which improves overall performance. For Solaris 10, this also includes zones; that is,

no matter how frequently e.g. a program or a shared library is used in zones: in the main memory, it will

occupy space only once. (other than in virtual machines.)

File system:

The visible portion of the file system of the local zone can be limited to one subtree or several subtrees of

the global zone. The files in the local zone can be configured on the basis of directories shared with the

global zone or as copies.

Patches:

For packages (Solaris packages) installed as copies in the local zone, patches can be installed

separately as well. The patch level regarding non-Application patches should be the same, because all

zones share the same kernel.

Network:

Zones have their own IP addresses on one or more virtual or physical interfaces. Network

communication between zones takes place, if possible, via the shared network layers or when using

exclusive IP-instances via external network connections.

Process:

Each local zone can see its own processes only. The global zone sees all processes of the local zones.

Separation:

Access to the resources of the global zone or other local zones, unless explicitly configured as such

(devices, memory), is prevented. Any software errors that may occur are limited to their respective local

zone by means of error isolation.

Assigned devices:

No physical devices are contained in the standard configuration of a local zone. It is, however, possible to

assign devices (e.g. disks, volumes, DVD drives, etc.) to one or more local zones.

Special drivers can be used this way as well.

Shared disk space:

In addition, further parts of the file tree (file systems or directories) can be assigned from the global zone

to one or more local zones.

Physical devices:

Physical devices are administered from the global zone. Local zones do not have any access to the

assignment of these devices.

Root delegation:

A local zone has an individual root account (zone administrator). Therefore, the administration of

applications and services in a local zone can be delegated completely to other persons – including the

root portion. Operating safety in the global zone or in other local zones is not affected by this. The global

zone root has general access to all local zones.

Naming

Local zones have an independent naming environment with host names, network services, users, roles

environment:

and process environments. The name service of one zone can be configured from local files, and another

zone from the same computer can use e.g. LDAP or NIS.

System settings:

Settings in /etc/system apply to the kernel used by all zones. However, the most important settings of

earlier Solaris versions (shared memory, semaphores and message queues) can be modified from

Solaris 10 onwards by the Solaris resource manager for each zone independently.