1 '\" te
   2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
   3 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
   5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
   6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH ZONECFG 1M "Feb 28, 2014"
   8 .SH NAME
   9 zonecfg \- set up zone configuration
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
  14 .fi
  15 
  16 .LP
  17 .nf
  18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
  19 .fi
  20 
  21 .LP
  22 .nf
  23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
  24 .fi
  25 
  26 .LP
  27 .nf
  28 \fBzonecfg\fR help
  29 .fi
  30 
  31 .SH DESCRIPTION
  32 .sp
  33 .LP
  34 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
  35 Zone configuration consists of a number of resources and properties.
  36 .sp
  37 .LP
  38 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
  39 default scope is global.
  40 .sp
  41 .LP
  42 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
  43 .sp
  44 .in +2
  45 .nf
  46 zonecfg \fB-z\fR \fIzonename subcommand\fR
  47 .fi
  48 .in -2
  49 .sp
  50 
  51 .sp
  52 .LP
  53 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
  54 must be rebooted for the changes to take effect.
  55 .sp
  56 .LP
  57 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
  58 also be used to persistently specify the resource management settings for the
  59 global zone.
  60 .sp
  61 .LP
  62 In the following text, "rctl" is used as an abbreviation for "resource
  63 control". See \fBresource_controls\fR(5).
  64 .sp
  65 .LP
  66 Every zone is configured with an associated brand. The brand determines the
  67 user-level environment used within the zone, as well as various behaviors for
  68 the zone when it is installed, boots, or is shutdown. Once a zone has been
  69 installed the brand cannot be changed. The default brand is determined by the
  70 installed distribution in the global zone. Some brands do not support all of
  71 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
  72 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
  73 man page.
  74 .SS "Resources"
  75 .sp
  76 .LP
  77 The following resource types are supported:
  78 .sp
  79 .ne 2
  80 .na
  81 \fB\fBattr\fR\fR
  82 .ad
  83 .sp .6
  84 .RS 4n
  85 Generic attribute.
  86 .RE
  87 
  88 .sp
  89 .ne 2
  90 .na
  91 \fB\fBcapped-cpu\fR\fR
  92 .ad
  93 .sp .6
  94 .RS 4n
  95 Limits for CPU usage.
  96 .RE
  97 
  98 .sp
  99 .ne 2
 100 .na
 101 \fB\fBcapped-memory\fR\fR
 102 .ad
 103 .sp .6
 104 .RS 4n
 105 Limits for physical, swap, and locked memory.
 106 .RE
 107 
 108 .sp
 109 .ne 2
 110 .na
 111 \fB\fBdataset\fR\fR
 112 .ad
 113 .sp .6
 114 .RS 4n
 115 \fBZFS\fR dataset.
 116 .RE
 117 
 118 .sp
 119 .ne 2
 120 .na
 121 \fB\fBdedicated-cpu\fR\fR
 122 .ad
 123 .sp .6
 124 .RS 4n
 125 Subset of the system's processors dedicated to this zone while it is running.
 126 .RE
 127 
 128 .sp
 129 .ne 2
 130 .na
 131 \fB\fBdevice\fR\fR
 132 .ad
 133 .sp .6
 134 .RS 4n
 135 Device.
 136 .RE
 137 
 138 .sp
 139 .ne 2
 140 .na
 141 \fB\fBfs\fR\fR
 142 .ad
 143 .sp .6
 144 .RS 4n
 145 file-system
 146 .RE
 147 
 148 .sp
 149 .ne 2
 150 .na
 151 \fB\fBnet\fR\fR
 152 .ad
 153 .sp .6
 154 .RS 4n
 155 Network interface.
 156 .RE
 157 
 158 .sp
 159 .ne 2
 160 .na
 161 \fB\fBrctl\fR\fR
 162 .ad
 163 .sp .6
 164 .RS 4n
 165 Resource control.
 166 .RE
 167 
 168 .SS "Properties"
 169 .sp
 170 .LP
 171 Each resource type has one or more properties. There are also some global
 172 properties, that is, properties of the configuration as a whole, rather than of
 173 some particular resource.
 174 .sp
 175 .LP
 176 The following properties are supported:
 177 .sp
 178 .ne 2
 179 .na
 180 \fB(global)\fR
 181 .ad
 182 .sp .6
 183 .RS 4n
 184 \fBzonename\fR
 185 .RE
 186 
 187 .sp
 188 .ne 2
 189 .na
 190 \fB(global)\fR
 191 .ad
 192 .sp .6
 193 .RS 4n
 194 \fBzonepath\fR
 195 .RE
 196 
 197 .sp
 198 .ne 2
 199 .na
 200 \fB(global)\fR
 201 .ad
 202 .sp .6
 203 .RS 4n
 204 \fBautoboot\fR
 205 .RE
 206 
 207 .sp
 208 .ne 2
 209 .na
 210 \fB(global)\fR
 211 .ad
 212 .sp .6
 213 .RS 4n
 214 \fBbootargs\fR
 215 .RE
 216 
 217 .sp
 218 .ne 2
 219 .na
 220 \fB(global)\fR
 221 .ad
 222 .sp .6
 223 .RS 4n
 224 \fBpool\fR
 225 .RE
 226 
 227 .sp
 228 .ne 2
 229 .na
 230 \fB(global)\fR
 231 .ad
 232 .sp .6
 233 .RS 4n
 234 \fBlimitpriv\fR
 235 .RE
 236 
 237 .sp
 238 .ne 2
 239 .na
 240 \fB(global)\fR
 241 .ad
 242 .sp .6
 243 .RS 4n
 244 \fBbrand\fR
 245 .RE
 246 
 247 .sp
 248 .ne 2
 249 .na
 250 \fB(global)\fR
 251 .ad
 252 .sp .6
 253 .RS 4n
 254 \fBcpu-shares\fR
 255 .RE
 256 
 257 .sp
 258 .ne 2
 259 .na
 260 \fB(global)\fR
 261 .ad
 262 .sp .6
 263 .RS 4n
 264 \fBhostid\fR
 265 .RE
 266 
 267 .sp
 268 .ne 2
 269 .na
 270 \fB(global)\fR
 271 .ad
 272 .sp .6
 273 .RS 4n
 274 \fBmax-lwps\fR
 275 .RE
 276 
 277 .sp
 278 .ne 2
 279 .na
 280 \fB(global)\fR
 281 .ad
 282 .sp .6
 283 .RS 4n
 284 \fBmax-msg-ids\fR
 285 .RE
 286 
 287 .sp
 288 .ne 2
 289 .na
 290 \fB(global)\fR
 291 .ad
 292 .sp .6
 293 .RS 4n
 294 \fBmax-sem-ids\fR
 295 .RE
 296 
 297 .sp
 298 .ne 2
 299 .na
 300 \fB(global)\fR
 301 .ad
 302 .sp .6
 303 .RS 4n
 304 \fBmax-shm-ids\fR
 305 .RE
 306 
 307 .sp
 308 .ne 2
 309 .na
 310 \fB(global)\fR
 311 .ad
 312 .sp .6
 313 .RS 4n
 314 \fBmax-shm-memory\fR
 315 .RE
 316 
 317 .sp
 318 .ne 2
 319 .na
 320 \fB(global)\fR
 321 .ad
 322 .sp .6
 323 .RS 4n
 324 \fBscheduling-class\fR
 325 .RE
 326 
 327 .sp
 328 .ne 2
 329 .na
 330 .B (global)
 331 .ad
 332 .sp .6
 333 .RS 4n
 334 .B fs-allowed
 335 .RE
 336 
 337 .sp
 338 .ne 2
 339 .na
 340 \fB\fBfs\fR\fR
 341 .ad
 342 .sp .6
 343 .RS 4n
 344 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
 345 .RE
 346 
 347 .sp
 348 .ne 2
 349 .na
 350 \fB\fBnet\fR\fR
 351 .ad
 352 .sp .6
 353 .RS 4n
 354 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
 355 .RE
 356 
 357 .sp
 358 .ne 2
 359 .na
 360 \fB\fBdevice\fR\fR
 361 .ad
 362 .sp .6
 363 .RS 4n
 364 \fBmatch\fR
 365 .RE
 366 
 367 .sp
 368 .ne 2
 369 .na
 370 \fB\fBrctl\fR\fR
 371 .ad
 372 .sp .6
 373 .RS 4n
 374 \fBname\fR, \fBvalue\fR
 375 .RE
 376 
 377 .sp
 378 .ne 2
 379 .na
 380 \fB\fBattr\fR\fR
 381 .ad
 382 .sp .6
 383 .RS 4n
 384 \fBname\fR, \fBtype\fR, \fBvalue\fR
 385 .RE
 386 
 387 .sp
 388 .ne 2
 389 .na
 390 \fB\fBdataset\fR\fR
 391 .ad
 392 .sp .6
 393 .RS 4n
 394 \fBname\fR
 395 .RE
 396 
 397 .sp
 398 .ne 2
 399 .na
 400 \fB\fBdedicated-cpu\fR\fR
 401 .ad
 402 .sp .6
 403 .RS 4n
 404 \fBncpus\fR, \fBimportance\fR
 405 .RE
 406 
 407 .sp
 408 .ne 2
 409 .na
 410 \fB\fBcapped-memory\fR\fR
 411 .ad
 412 .sp .6
 413 .RS 4n
 414 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
 415 .RE
 416 
 417 .sp
 418 .ne 2
 419 .na
 420 \fB\fBcapped-cpu\fR\fR
 421 .ad
 422 .sp .6
 423 .RS 4n
 424 \fBncpus\fR
 425 .RE
 426 
 427 .sp
 428 .LP
 429 As for the property values which are paired with these names, they are either
 430 simple, complex, or lists. The type allowed is property-specific. Simple values
 431 are strings, optionally enclosed within quotation marks. Complex values have
 432 the syntax:
 433 .sp
 434 .in +2
 435 .nf
 436 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
 437 .fi
 438 .in -2
 439 .sp
 440 
 441 .sp
 442 .LP
 443 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
 444 within a given property. Lists have the syntax:
 445 .sp
 446 .in +2
 447 .nf
 448 [<\fIvalue\fR>,...]
 449 .fi
 450 .in -2
 451 .sp
 452 
 453 .sp
 454 .LP
 455 where each <\fIvalue\fR> is either simple or complex. A list of a single value
 456 (either simple or complex) is equivalent to specifying that value without the
 457 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
 458 (denoted by "[]").
 459 .sp
 460 .LP
 461 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
 462 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
 463 .sp
 464 .LP
 465 The property types are described as follows:
 466 .sp
 467 .ne 2
 468 .na
 469 \fBglobal: \fBzonename\fR\fR
 470 .ad
 471 .sp .6
 472 .RS 4n
 473 The name of the zone.
 474 .RE
 475 
 476 .sp
 477 .ne 2
 478 .na
 479 \fBglobal: \fBzonepath\fR\fR
 480 .ad
 481 .sp .6
 482 .RS 4n
 483 Path to zone's file system.
 484 .RE
 485 
 486 .sp
 487 .ne 2
 488 .na
 489 \fBglobal: \fBautoboot\fR\fR
 490 .ad
 491 .sp .6
 492 .RS 4n
 493 Boolean indicating that a zone should be booted automatically at system boot.
 494 Note that if the zones service is disabled, the zone will not autoboot,
 495 regardless of the setting of this property. You enable the zones service with a
 496 \fBsvcadm\fR command, such as:
 497 .sp
 498 .in +2
 499 .nf
 500 # \fBsvcadm enable svc:/system/zones:default\fR
 501 .fi
 502 .in -2
 503 .sp
 504 
 505 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
 506 \fBsvcadm\fR(1M).
 507 .RE
 508 
 509 .sp
 510 .ne 2
 511 .na
 512 \fBglobal: \fBbootargs\fR\fR
 513 .ad
 514 .sp .6
 515 .RS 4n
 516 Arguments (options) to be passed to the zone bootup, unless options are
 517 supplied to the "\fBzoneadm boot\fR" command, in which case those take
 518 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
 519 .RE
 520 
 521 .sp
 522 .ne 2
 523 .na
 524 \fBglobal: \fBpool\fR\fR
 525 .ad
 526 .sp .6
 527 .RS 4n
 528 Name of the resource pool that this zone must be bound to when booted. This
 529 property is incompatible with the \fBdedicated-cpu\fR resource.
 530 .RE
 531 
 532 .sp
 533 .ne 2
 534 .na
 535 \fBglobal: \fBlimitpriv\fR\fR
 536 .ad
 537 .sp .6
 538 .RS 4n
 539 The maximum set of privileges any process in this zone can obtain. The property
 540 should consist of a comma-separated privilege set specification as described in
 541 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
 542 preceding their names with a dash (-) or an exclamation point (!). The special
 543 privilege string "zone" is not supported in this context. If the special string
 544 "default" occurs as the first token in the property, it expands into a safe set
 545 of privileges that preserve the resource and security isolation described in
 546 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
 547 safe privileges.
 548 .sp
 549 The system administrator must take extreme care when configuring privileges for
 550 a zone. Some privileges cannot be excluded through this mechanism as they are
 551 required in order to boot a zone. In addition, there are certain privileges
 552 which cannot be given to a zone as doing so would allow processes inside a zone
 553 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
 554 invalid privilege has been added or removed from a zone's privilege set when an
 555 attempt is made to either "boot" or "ready" the zone.
 556 .sp
 557 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
 558 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
 559 specify privileges as they are displayed by \fBppriv\fR. In
 560 \fBprivileges\fR(5), privileges are listed in the form
 561 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
 562 would specify it in this property, is listed in \fBprivileges\fR(5) as
 563 \fBPRIV_SYS_TIME\fR.
 564 .RE
 565 
 566 .sp
 567 .ne 2
 568 .na
 569 \fBglobal: \fBbrand\fR\fR
 570 .ad
 571 .sp .6
 572 .RS 4n
 573 The zone's brand type.
 574 .RE
 575 
 576 .sp
 577 .ne 2
 578 .na
 579 \fBglobal: \fBip-type\fR\fR
 580 .ad
 581 .sp .6
 582 .RS 4n
 583 A zone can either share the IP instance with the global zone, which is the
 584 default, or have its own exclusive instance of IP.
 585 .sp
 586 This property takes the values \fBshared\fR and \fBexclusive\fR.
 587 .RE
 588 
 589 .sp
 590 .ne 2
 591 .na
 592 \fBglobal: \fBhostid\fR\fR
 593 .ad
 594 .sp .6
 595 .RS 4n
 596 A zone can emulate a 32-bit host identifier to ease system consolidation. A
 597 zone's \fBhostid\fR property is empty by default, meaning that the zone does
 598 not emulate a host identifier. Zone host identifiers must be hexadecimal values
 599 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
 600 uppercase and lowercase hexadecimal digits are acceptable.
 601 .RE
 602 
 603 .sp
 604 .ne 2
 605 .na
 606 \fB\fBfs\fR: dir, special, raw, type, options\fR
 607 .ad
 608 .sp .6
 609 .RS 4n
 610 Values needed to determine how, where, and so forth to mount file systems. See
 611 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
 612 .RE
 613 
 614 .sp
 615 .ne 2
 616 .na
 617 \fB\fBnet\fR: address, physical, defrouter\fR
 618 .ad
 619 .sp .6
 620 .RS 4n
 621 The network address and physical interface name of the network interface. The
 622 network address is one of:
 623 .RS +4
 624 .TP
 625 .ie t \(bu
 626 .el o
 627 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
 628 .RE
 629 .RS +4
 630 .TP
 631 .ie t \(bu
 632 .el o
 633 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
 634 .RE
 635 .RS +4
 636 .TP
 637 .ie t \(bu
 638 .el o
 639 a host name which resolves to an IPv4 address.
 640 .RE
 641 Note that host names that resolve to IPv6 addresses are not supported.
 642 .sp
 643 The physical interface name is the network interface name.
 644 .sp
 645 The default router is specified similarly to the network address except that it
 646 must not be followed by a \fB/\fR (slash) and a network prefix length.
 647 .sp
 648 A zone can be configured to be either exclusive-IP or shared-IP. For a
 649 shared-IP zone, you must set both the physical and address properties; setting
 650 the default router is optional. The interface specified in the physical
 651 property must be plumbed in the global zone prior to booting the non-global
 652 zone. However, if the interface is not used by the global zone, it should be
 653 configured \fBdown\fR in the global zone, and the default router for the
 654 interface should be specified here.
 655 .sp
 656 For an exclusive-IP zone, the physical property must be set and the address and
 657 default router properties cannot be set.
 658 .RE
 659 
 660 .sp
 661 .ne 2
 662 .na
 663 \fB\fBdevice\fR: match\fR
 664 .ad
 665 .sp .6
 666 .RS 4n
 667 Device name to match.
 668 .RE
 669 
 670 .sp
 671 .ne 2
 672 .na
 673 \fB\fBrctl\fR: name, value\fR
 674 .ad
 675 .sp .6
 676 .RS 4n
 677 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
 678 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
 679 is to use the global property name associated with a specific rctl.
 680 .RE
 681 
 682 .sp
 683 .ne 2
 684 .na
 685 \fB\fBattr\fR: name, type, value\fR
 686 .ad
 687 .sp .6
 688 .RS 4n
 689 The name, type and value of a generic attribute. The \fBtype\fR must be one of
 690 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
 691 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
 692 .RE
 693 
 694 .sp
 695 .ne 2
 696 .na
 697 \fB\fBdataset\fR: name\fR
 698 .ad
 699 .sp .6
 700 .RS 4n
 701 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
 702 \fBzfs\fR(1M).
 703 .RE
 704 
 705 .sp
 706 .ne 2
 707 .na
 708 \fBglobal: \fBcpu-shares\fR\fR
 709 .ad
 710 .sp .6
 711 .RS 4n
 712 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
 713 property is incompatible with the \fBdedicated-cpu\fR resource. This property
 714 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
 715 .RE
 716 
 717 .sp
 718 .ne 2
 719 .na
 720 \fBglobal: \fBmax-lwps\fR\fR
 721 .ad
 722 .sp .6
 723 .RS 4n
 724 The maximum number of LWPs simultaneously available to this zone. This property
 725 is the preferred way to set the \fBzone.max-lwps\fR rctl.
 726 .RE
 727 
 728 .sp
 729 .ne 2
 730 .na
 731 \fBglobal: \fBmax-msg-ids\fR\fR
 732 .ad
 733 .sp .6
 734 .RS 4n
 735 The maximum number of message queue IDs allowed for this zone. This property is
 736 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
 737 .RE
 738 
 739 .sp
 740 .ne 2
 741 .na
 742 \fBglobal: \fBmax-sem-ids\fR\fR
 743 .ad
 744 .sp .6
 745 .RS 4n
 746 The maximum number of semaphore IDs allowed for this zone. This property is the
 747 preferred way to set the \fBzone.max-sem-ids\fR rctl.
 748 .RE
 749 
 750 .sp
 751 .ne 2
 752 .na
 753 \fBglobal: \fBmax-shm-ids\fR\fR
 754 .ad
 755 .sp .6
 756 .RS 4n
 757 The maximum number of shared memory IDs allowed for this zone. This property is
 758 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
 759 .RE
 760 
 761 .sp
 762 .ne 2
 763 .na
 764 \fBglobal: \fBmax-shm-memory\fR\fR
 765 .ad
 766 .sp .6
 767 .RS 4n
 768 The maximum amount of shared memory allowed for this zone. This property is the
 769 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
 770 can be applied to the value for this number (for example, 1M is one megabyte).
 771 .RE
 772 
 773 .sp
 774 .ne 2
 775 .na
 776 \fBglobal: \fBscheduling-class\fR\fR
 777 .ad
 778 .sp .6
 779 .RS 4n
 780 Specifies the scheduling class used for processes running in a zone. When this
 781 property is not specified, the scheduling class is established as follows:
 782 .RS +4
 783 .TP
 784 .ie t \(bu
 785 .el o
 786 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
 787 class FSS is used.
 788 .RE
 789 .RS +4
 790 .TP
 791 .ie t \(bu
 792 .el o
 793 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
 794 property references a pool that has a default scheduling class, that class is
 795 used.
 796 .RE
 797 .RS +4
 798 .TP
 799 .ie t \(bu
 800 .el o
 801 Under any other conditions, the system default scheduling class is used.
 802 .RE
 803 .RE
 804 
 805 
 806 
 807 .sp
 808 .ne 2
 809 .na
 810 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
 811 .ad
 812 .sp .6
 813 .RS 4n
 814 The number of CPUs that should be assigned for this zone's exclusive use. The
 815 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
 816 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
 817 property can specify a single value or a range (for example, 1-4) of
 818 processors. The \fBimportance\fR property is optional; if set, it will specify
 819 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
 820 used, there must be enough free processors to allocate to this zone when it
 821 boots or the zone will not boot. The processors assigned to this zone will not
 822 be available for the use of the global zone or other zones. This resource is
 823 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
 824 single instance of this resource can be added to the zone.
 825 .RE
 826 
 827 .sp
 828 .ne 2
 829 .na
 830 \fB\fBcapped-memory\fR: physical, swap, locked\fR
 831 .ad
 832 .sp .6
 833 .RS 4n
 834 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
 835 be applied to the value for each of these numbers (for example, 1M is one
 836 megabyte). Each of these properties is optional but at least one property must
 837 be set when adding this resource. Only a single instance of this resource can
 838 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
 839 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
 840 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
 841 rctl. The \fBlocked\fR property is the preferred way to set the
 842 \fBzone.max-locked-memory\fR rctl.
 843 .RE
 844 
 845 .sp
 846 .ne 2
 847 .na
 848 \fB\fBcapped-cpu\fR: ncpus\fR
 849 .ad
 850 .sp .6
 851 .RS 4n
 852 Sets a limit on the amount of CPU time that can be used by a zone. The unit
 853 used translates to the percentage of a single CPU that can be used by all user
 854 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
 855 mixed number (whole number and fraction, for example, \fB1.25\fR). An
 856 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
 857 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
 858 have their own caps, the minimum value takes precedence.
 859 .sp
 860 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
 861 control and is related to the \fBzone.cpu-cap\fR resource control. See
 862 \fBresource_controls\fR(5).
 863 .RE
 864 
 865 .sp
 866 .ne 2
 867 .na
 868 \fBglobal: \fBfs-allowed\fR\fR
 869 .ad
 870 .sp .6
 871 .RS 4n
 872 A comma-separated list of additional filesystems that may be mounted within
 873 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
 874 filesystems can be mounted. If the first entry in the list is "-" then
 875 that disables all of the default filesystems. If any filesystems are listed
 876 after "-" then only those filesystems can be mounted.
 877 
 878 This property does not apply to filesystems mounted into the zone via "add fs"
 879 or "add dataset".
 880 
 881 WARNING: allowing filesystem mounts other than the default may allow the zone
 882 administrator to compromise the system with a malicious filesystem image, and
 883 is not supported.
 884 .RE
 885 
 886 .sp
 887 .LP
 888 The following table summarizes resources, property-names, and types:
 889 .sp
 890 .in +2
 891 .nf
 892 resource          property-name   type
 893 (global)          zonename        simple
 894 (global)          zonepath        simple
 895 (global)          autoboot        simple
 896 (global)          bootargs        simple
 897 (global)          pool            simple
 898 (global)          limitpriv       simple
 899 (global)          brand           simple
 900 (global)          ip-type         simple
 901 (global)          hostid          simple
 902 (global)          cpu-shares      simple
 903 (global)          max-lwps        simple
 904 (global)          max-msg-ids     simple
 905 (global)          max-sem-ids     simple
 906 (global)          max-shm-ids     simple
 907 (global)          max-shm-memory  simple
 908 (global)          scheduling-class simple
 909 fs                dir             simple
 910                    special         simple
 911                    raw             simple
 912                    type            simple
 913                    options         list of simple
 914 net               address         simple
 915                    physical        simple
 916 device            match           simple
 917 rctl              name            simple
 918                    value           list of complex
 919 attr              name            simple
 920                    type            simple
 921                    value           simple
 922 dataset           name            simple
 923 dedicated-cpu     ncpus           simple or range
 924                    importance      simple
 925 
 926 capped-memory     physical        simple with scale
 927                    swap            simple with scale
 928                    locked          simple with scale
 929 
 930 capped-cpu        ncpus           simple
 931 .fi
 932 .in -2
 933 .sp
 934 
 935 .sp
 936 .LP
 937 To further specify things, the breakdown of the complex property "value" of the
 938 "rctl" resource type, it consists of three name/value pairs, the names being
 939 "priv", "limit" and "action", each of which takes a simple value. The "name"
 940 property of an "attr" resource is syntactically restricted in a fashion similar
 941 but not identical to zone names: it must begin with an alphanumeric, and can
 942 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
 943 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
 944 use by the system. Finally, the "autoboot" global property must have a value of
 945 "true" or "false".
 946 .SS "Using Kernel Statistics to Monitor CPU Caps"
 947 .sp
 948 .LP
 949 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
 950 maintains information for all capped projects and zones. You can access this
 951 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
 952 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
 953 kernel statistics for all active CPU caps:
 954 .sp
 955 .in +2
 956 .nf
 957 # \fBkstat caps::'/cpucaps/'\fR
 958 .fi
 959 .in -2
 960 .sp
 961 
 962 .sp
 963 .LP
 964 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
 965 that zone and for projects in that zone. See \fBEXAMPLES\fR.
 966 .sp
 967 .LP
 968 The following are cap-related arguments for use with \fBkstat\fR(1M):
 969 .sp
 970 .ne 2
 971 .na
 972 \fB\fBcaps\fR\fR
 973 .ad
 974 .sp .6
 975 .RS 4n
 976 The \fBkstat\fR module.
 977 .RE
 978 
 979 .sp
 980 .ne 2
 981 .na
 982 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
 983 .ad
 984 .sp .6
 985 .RS 4n
 986 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
 987 .RE
 988 
 989 .sp
 990 .ne 2
 991 .na
 992 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
 993 .ad
 994 .sp .6
 995 .RS 4n
 996 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
 997 project or zone identifier.
 998 .RE
 999 
1000 .sp
1001 .LP
1002 The following fields are displayed in response to a \fBkstat\fR(1M) command
1003 requesting statistics for all CPU caps.
1004 .sp
1005 .ne 2
1006 .na
1007 \fB\fBmodule\fR\fR
1008 .ad
1009 .sp .6
1010 .RS 4n
1011 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1012 .RE
1013 
1014 .sp
1015 .ne 2
1016 .na
1017 \fB\fBname\fR\fR
1018 .ad
1019 .sp .6
1020 .RS 4n
1021 As described above, \fBcpucaps_project_\fR\fIid\fR or
1022 \fBcpucaps_zone_\fR\fIid\fR
1023 .RE
1024 
1025 .sp
1026 .ne 2
1027 .na
1028 \fB\fBabove_sec\fR\fR
1029 .ad
1030 .sp .6
1031 .RS 4n
1032 Total time, in seconds, spent above the cap.
1033 .RE
1034 
1035 .sp
1036 .ne 2
1037 .na
1038 \fB\fBbelow_sec\fR\fR
1039 .ad
1040 .sp .6
1041 .RS 4n
1042 Total time, in seconds, spent below the cap.
1043 .RE
1044 
1045 .sp
1046 .ne 2
1047 .na
1048 \fB\fBmaxusage\fR\fR
1049 .ad
1050 .sp .6
1051 .RS 4n
1052 Maximum observed CPU usage.
1053 .RE
1054 
1055 .sp
1056 .ne 2
1057 .na
1058 \fB\fBnwait\fR\fR
1059 .ad
1060 .sp .6
1061 .RS 4n
1062 Number of threads on cap wait queue.
1063 .RE
1064 
1065 .sp
1066 .ne 2
1067 .na
1068 \fB\fBusage\fR\fR
1069 .ad
1070 .sp .6
1071 .RS 4n
1072 Current aggregated CPU usage for all threads belonging to a capped project or
1073 zone, in terms of a percentage of a single CPU.
1074 .RE
1075 
1076 .sp
1077 .ne 2
1078 .na
1079 \fB\fBvalue\fR\fR
1080 .ad
1081 .sp .6
1082 .RS 4n
1083 The cap value, in terms of a percentage of a single CPU.
1084 .RE
1085 
1086 .sp
1087 .ne 2
1088 .na
1089 \fB\fBzonename\fR\fR
1090 .ad
1091 .sp .6
1092 .RS 4n
1093 Name of the zone for which statistics are displayed.
1094 .RE
1095 
1096 .sp
1097 .LP
1098 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1099 .SH OPTIONS
1100 .sp
1101 .LP
1102 The following options are supported:
1103 .sp
1104 .ne 2
1105 .na
1106 \fB\fB-f\fR \fIcommand_file\fR\fR
1107 .ad
1108 .sp .6
1109 .RS 4n
1110 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1111 file of \fBzonecfg\fR subcommands, one per line.
1112 .RE
1113 
1114 .sp
1115 .ne 2
1116 .na
1117 \fB\fB-z\fR \fIzonename\fR\fR
1118 .ad
1119 .sp .6
1120 .RS 4n
1121 Specify the name of a zone. Zone names are case sensitive. Zone names must
1122 begin with an alphanumeric character and can contain alphanumeric characters,
1123 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1124 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1125 cannot be used.
1126 .RE
1127 
1128 .SH SUBCOMMANDS
1129 .sp
1130 .LP
1131 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1132 resource, at which point the scope changes to that resource. The \fBend\fR and
1133 \fBcancel\fR subcommands are used to complete the resource specification, at
1134 which time the scope is reverted back to global. Certain subcommands, such as
1135 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1136 .sp
1137 .LP
1138 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1139 .sp
1140 .in +2
1141 .nf
1142 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1143 .fi
1144 .in -2
1145 .sp
1146 
1147 .sp
1148 .LP
1149 Subcommands which can result in destructive actions or loss of work have an
1150 \fB-F\fR option to force the action. If input is from a terminal device, the
1151 user is prompted when appropriate if such a command is given without the
1152 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1153 option, the action is disallowed, with a diagnostic message written to standard
1154 error.
1155 .sp
1156 .LP
1157 The following subcommands are supported:
1158 .sp
1159 .ne 2
1160 .na
1161 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1162 .ad
1163 .br
1164 .na
1165 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1166 .ad
1167 .sp .6
1168 .RS 4n
1169 In the global scope, begin the specification for a given resource type. The
1170 scope is changed to that resource type.
1171 .sp
1172 In the resource scope, add a property of the given name with the given value.
1173 The syntax for property values varies with different property types. In
1174 general, it is a simple value or a list of simple values enclosed in square
1175 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1176 .RE
1177 
1178 .sp
1179 .ne 2
1180 .na
1181 \fB\fBcancel\fR\fR
1182 .ad
1183 .sp .6
1184 .RS 4n
1185 End the resource specification and reset scope to global. Abandons any
1186 partially specified resources. \fBcancel\fR is only applicable in the resource
1187 scope.
1188 .RE
1189 
1190 .sp
1191 .ne 2
1192 .na
1193 \fB\fBclear\fR \fIproperty-name\fR\fR
1194 .ad
1195 .sp .6
1196 .RS 4n
1197 Clear the value for the property.
1198 .RE
1199 
1200 .sp
1201 .ne 2
1202 .na
1203 \fB\fBcommit\fR\fR
1204 .ad
1205 .sp .6
1206 .RS 4n
1207 Commit the current configuration from memory to stable storage. The
1208 configuration must be committed to be used by \fBzoneadm\fR. Until the
1209 in-memory configuration is committed, you can remove changes with the
1210 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1211 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1212 correct to be committed, this operation automatically does a verify.
1213 .RE
1214 
1215 .sp
1216 .ne 2
1217 .na
1218 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1219 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1220 .ad
1221 .sp .6
1222 .RS 4n
1223 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1224 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1225 storage.
1226 .sp
1227 If you are overwriting an existing configuration, specify the \fB-F\fR option
1228 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1229 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1230 a configured zone.
1231 .sp
1232 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1233 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1234 zone that has been moved on to this new host. Once the detached zone is
1235 configured, it should be installed using the "\fBzoneadm attach\fR" command
1236 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1237 \fBattach\fR process, not during zone configuration.
1238 .sp
1239 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1240 \fBcreate\fR applies the Sun default settings.
1241 .RE
1242 
1243 .sp
1244 .ne 2
1245 .na
1246 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1247 .ad
1248 .sp .6
1249 .RS 4n
1250 Delete the specified configuration from memory and stable storage. This action
1251 is instantaneous, no commit is necessary. A deleted configuration cannot be
1252 reverted.
1253 .sp
1254 Specify the \fB-F\fR option to force the action.
1255 .RE
1256 
1257 .sp
1258 .ne 2
1259 .na
1260 \fB\fBend\fR\fR
1261 .ad
1262 .sp .6
1263 .RS 4n
1264 End the resource specification. This subcommand is only applicable in the
1265 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1266 completely specified. If so, it is added to the in-memory configuration (see
1267 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1268 global. If the specification is incomplete, it issues an appropriate error
1269 message.
1270 .RE
1271 
1272 .sp
1273 .ne 2
1274 .na
1275 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1276 .ad
1277 .sp .6
1278 .RS 4n
1279 Print configuration to standard output. Use the \fB-f\fR option to print the
1280 configuration to \fIoutput-file\fR. This option produces output in a form
1281 suitable for use in a command file.
1282 .RE
1283 
1284 .sp
1285 .ne 2
1286 .na
1287 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1288 .ad
1289 .sp .6
1290 .RS 4n
1291 Print general help or help about given topic.
1292 .RE
1293 
1294 .sp
1295 .ne 2
1296 .na
1297 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1298 .ad
1299 .br
1300 .na
1301 \fB\fBinfo [\fR\fIresource-type\fR
1302 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1303 .ad
1304 .sp .6
1305 .RS 4n
1306 Display information about the current configuration. If \fIresource-type\fR is
1307 specified, displays only information about resources of the relevant type. If
1308 any \fIproperty-name\fR value pairs are specified, displays only information
1309 about resources meeting the given criteria. In the resource scope, any
1310 arguments are ignored, and \fBinfo\fR displays information about the resource
1311 which is currently being added or modified.
1312 .RE
1313 
1314 .sp
1315 .ne 2
1316 .na
1317 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1318 -value\fR\fB}\fR(global scope)\fR
1319 .ad
1320 .sp .6
1321 .RS 4n
1322 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1323 0 or more of whatever is inside the square braces. If you want only to remove a
1324 single instance of the resource, you must specify enough property name-value
1325 pairs for the resource to be uniquely identified. If no property name-value
1326 pairs are specified, all instances will be removed. If there is more than one
1327 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1328 option.
1329 .RE
1330 
1331 .sp
1332 .ne 2
1333 .na
1334 \fB\fBselect\fR \fIresource-type\fR
1335 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1336 .ad
1337 .sp .6
1338 .RS 4n
1339 Select the resource of the given type which matches the given
1340 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1341 subcommand is applicable only in the global scope. The scope is changed to that
1342 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1343 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1344 for the resource to be uniquely identified.
1345 .RE
1346 
1347 .sp
1348 .ne 2
1349 .na
1350 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1351 .ad
1352 .sp .6
1353 .RS 4n
1354 Set a given property name to the given value. Some properties (for example,
1355 \fBzonename\fR and \fBzonepath\fR) are global while others are
1356 resource-specific. This subcommand is applicable in both the global and
1357 resource scopes.
1358 .RE
1359 
1360 .sp
1361 .ne 2
1362 .na
1363 \fB\fBverify\fR\fR
1364 .ad
1365 .sp .6
1366 .RS 4n
1367 Verify the current configuration for correctness:
1368 .RS +4
1369 .TP
1370 .ie t \(bu
1371 .el o
1372 All resources have all of their required properties specified.
1373 .RE
1374 .RS +4
1375 .TP
1376 .ie t \(bu
1377 .el o
1378 A \fBzonepath\fR is specified.
1379 .RE
1380 .RE
1381 
1382 .sp
1383 .ne 2
1384 .na
1385 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1386 .ad
1387 .sp .6
1388 .RS 4n
1389 Revert the configuration back to the last committed state. The \fB-F\fR option
1390 can be used to force the action.
1391 .RE
1392 
1393 .sp
1394 .ne 2
1395 .na
1396 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1397 .ad
1398 .sp .6
1399 .RS 4n
1400 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1401 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1402 option can be used to force the action.
1403 .RE
1404 
1405 .SH EXAMPLES
1406 .LP
1407 \fBExample 1 \fRCreating the Environment for a New Zone
1408 .sp
1409 .LP
1410 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1411 \fB/usr/local\fR is loopback mounted from the global zone into
1412 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1413 three logical network interfaces are added, and a limit on the number of
1414 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1415 resource type. The example also shows how to select a given resource for
1416 modification.
1417 
1418 .sp
1419 .in +2
1420 .nf
1421 example# \fBzonecfg -z myzone3\fR
1422 my-zone3: No such zone configured
1423 Use 'create' to begin configuring a new zone.
1424 zonecfg:myzone3> \fBcreate\fR
1425 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1426 zonecfg:myzone3> \fBset autoboot=true\fR
1427 zonecfg:myzone3> \fBadd fs\fR
1428 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1429 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1430 zonecfg:myzone3:fs> \fBset type=lofs\fR
1431 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1432 zonecfg:myzone3:fs> \fBend\fR
1433 zonecfg:myzone3> \fBadd fs\fR
1434 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1435 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1436 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1437 zonecfg:myzone3:fs> \fBset type=ufs\fR
1438 zonecfg:myzone3:fs> \fBend\fR
1439 zonecfg:myzone3> \fBadd net\fR
1440 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1441 zonecfg:myzone3:net> \fBset physical=eri0\fR
1442 zonecfg:myzone3:net> \fBend\fR
1443 zonecfg:myzone3> \fBadd net\fR
1444 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1445 zonecfg:myzone3:net> \fBset physical=eri0\fR
1446 zonecfg:myzone3:net> \fBend\fR
1447 zonecfg:myzone3> \fBadd net\fR
1448 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1449 zonecfg:myzone3:net> \fBset physical=eri0\fR
1450 zonecfg:myzone3:net> \fBend\fR
1451 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1452 zonecfg:my-zone3> \fBadd capped-memory\fR
1453 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1454 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1455 zonecfg:my-zone3:capped-memory> \fBend\fR
1456 zonecfg:myzone3> \fBexit\fR
1457 .fi
1458 .in -2
1459 .sp
1460 
1461 .LP
1462 \fBExample 2 \fRCreating a Non-Native Zone
1463 .sp
1464 .LP
1465 The following example creates a new Linux zone:
1466 
1467 .sp
1468 .in +2
1469 .nf
1470 example# \fBzonecfg -z lxzone\fR
1471 lxzone: No such zone configured
1472 Use 'create' to begin configuring a new zone
1473 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1474 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1475 zonecfg:lxzone> \fBset autoboot=true\fR
1476 zonecfg:lxzone> \fBexit\fR
1477 .fi
1478 .in -2
1479 .sp
1480 
1481 .LP
1482 \fBExample 3 \fRCreating an Exclusive-IP Zone
1483 .sp
1484 .LP
1485 The following example creates a zone that is granted exclusive access to
1486 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1487 other zones configured on the system.
1488 
1489 .sp
1490 .LP
1491 The IP addresses and routing is configured inside the new zone using
1492 \fBsysidtool\fR(1M).
1493 
1494 .sp
1495 .in +2
1496 .nf
1497 example# \fBzonecfg -z excl\fR
1498 excl: No such zone configured
1499 Use 'create' to begin configuring a new zone
1500 zonecfg:excl> \fBcreate\fR
1501 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1502 zonecfg:excl> \fBset ip-type=exclusive\fR
1503 zonecfg:excl> \fBadd net\fR
1504 zonecfg:excl:net> \fBset physical=bge1\fR
1505 zonecfg:excl:net> \fBend\fR
1506 zonecfg:excl> \fBadd net\fR
1507 zonecfg:excl:net> \fBset physical=bge33000\fR
1508 zonecfg:excl:net> \fBend\fR
1509 zonecfg:excl> \fBexit\fR
1510 .fi
1511 .in -2
1512 .sp
1513 
1514 .LP
1515 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1516 .sp
1517 .LP
1518 The following example shows how to associate an existing zone with an existing
1519 resource pool:
1520 
1521 .sp
1522 .in +2
1523 .nf
1524 example# \fBzonecfg -z myzone\fR
1525 zonecfg:myzone> \fBset pool=mypool\fR
1526 zonecfg:myzone> \fBexit\fR
1527 .fi
1528 .in -2
1529 .sp
1530 
1531 .sp
1532 .LP
1533 For more information about resource pools, see \fBpooladm\fR(1M) and
1534 \fBpoolcfg\fR(1M).
1535 
1536 .LP
1537 \fBExample 5 \fRChanging the Name of a Zone
1538 .sp
1539 .LP
1540 The following example shows how to change the name of an existing zone:
1541 
1542 .sp
1543 .in +2
1544 .nf
1545 example# \fBzonecfg -z myzone\fR
1546 zonecfg:myzone> \fBset zonename=myzone2\fR
1547 zonecfg:myzone2> \fBexit\fR
1548 .fi
1549 .in -2
1550 .sp
1551 
1552 .LP
1553 \fBExample 6 \fRChanging the Privilege Set of a Zone
1554 .sp
1555 .LP
1556 The following example shows how to change the set of privileges an existing
1557 zone's processes will be limited to the next time the zone is booted. In this
1558 particular case, the privilege set will be the standard safe set of privileges
1559 a zone normally has along with the privilege to change the system date and
1560 time:
1561 
1562 .sp
1563 .in +2
1564 .nf
1565 example# \fBzonecfg -z myzone\fR
1566 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1567 zonecfg:myzone2> \fBexit\fR
1568 .fi
1569 .in -2
1570 .sp
1571 
1572 .LP
1573 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1574 .sp
1575 .LP
1576 The following command sets the \fBzone.cpu-shares\fR property for the global
1577 zone:
1578 
1579 .sp
1580 .in +2
1581 .nf
1582 example# \fBzonecfg -z global\fR
1583 zonecfg:global> \fBset cpu-shares=5\fR
1584 zonecfg:global> \fBexit\fR
1585 .fi
1586 .in -2
1587 .sp
1588 
1589 .LP
1590 \fBExample 8 \fRUsing Pattern Matching
1591 .sp
1592 .LP
1593 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1594 In the zone \fBflexlm\fR, enter:
1595 
1596 .sp
1597 .in +2
1598 .nf
1599 zonecfg:flexlm> \fBadd device\fR
1600 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1601 zonecfg:flexlm:device> \fBend\fR
1602 .fi
1603 .in -2
1604 .sp
1605 
1606 .sp
1607 .LP
1608 In the global zone, enter:
1609 
1610 .sp
1611 .in +2
1612 .nf
1613 global# \fBls /dev/cua\fR
1614 a     a000  a001  a002  a003  a004  a005  a006  a007  b
1615 .fi
1616 .in -2
1617 .sp
1618 
1619 .sp
1620 .LP
1621 In the zone \fBflexlm\fR, enter:
1622 
1623 .sp
1624 .in +2
1625 .nf
1626 flexlm# \fBls /dev/cua\fR
1627 a002  a003  a004  a005
1628 .fi
1629 .in -2
1630 .sp
1631 
1632 .LP
1633 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1634 .sp
1635 .LP
1636 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1637 zone to three CPUs.
1638 
1639 .sp
1640 .in +2
1641 .nf
1642 zonecfg:myzone> \fBadd capped-cpu\fR
1643 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1644 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1645 .fi
1646 .in -2
1647 .sp
1648 
1649 .sp
1650 .LP
1651 The preceding sequence, which uses the capped-cpu property, is equivalent to
1652 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1653 control.
1654 
1655 .sp
1656 .in +2
1657 .nf
1658 zonecfg:myzone> \fBadd rctl\fR
1659 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1660 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1661 zonecfg:myzone:rctl> \fBend\fR
1662 .fi
1663 .in -2
1664 .sp
1665 
1666 .LP
1667 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1668 .sp
1669 .LP
1670 The following command displays information about all CPU caps.
1671 
1672 .sp
1673 .in +2
1674 .nf
1675 # \fBkstat -n /cpucaps/\fR
1676 module: caps                            instance: 0
1677 name:   cpucaps_project_0               class:    project_caps
1678         above_sec                       0
1679         below_sec                       2157
1680         crtime                          821.048183159
1681         maxusage                        2
1682         nwait                           0
1683         snaptime                        235885.637253027
1684         usage                           0
1685         value                           18446743151372347932
1686         zonename                        global
1687 
1688 module: caps                            instance: 0
1689 name:   cpucaps_project_1               class:    project_caps
1690         above_sec                       0
1691         below_sec                       0
1692         crtime                          225339.192787265
1693         maxusage                        5
1694         nwait                           0
1695         snaptime                        235885.637591677
1696         usage                           5
1697         value                           18446743151372347932
1698         zonename                        global
1699 
1700 module: caps                            instance: 0
1701 name:   cpucaps_project_201             class:    project_caps
1702         above_sec                       0
1703         below_sec                       235105
1704         crtime                          780.37961782
1705         maxusage                        100
1706         nwait                           0
1707         snaptime                        235885.637789687
1708         usage                           43
1709         value                           100
1710         zonename                        global
1711 
1712 module: caps                            instance: 0
1713 name:   cpucaps_project_202             class:    project_caps
1714         above_sec                       0
1715         below_sec                       235094
1716         crtime                          791.72983782
1717         maxusage                        100
1718         nwait                           0
1719         snaptime                        235885.637967512
1720         usage                           48
1721         value                           100
1722         zonename                        global
1723 
1724 module: caps                            instance: 0
1725 name:   cpucaps_project_203             class:    project_caps
1726         above_sec                       0
1727         below_sec                       235034
1728         crtime                          852.104401481
1729         maxusage                        75
1730         nwait                           0
1731         snaptime                        235885.638144304
1732         usage                           47
1733         value                           100
1734         zonename                        global
1735 
1736 module: caps                            instance: 0
1737 name:   cpucaps_project_86710           class:    project_caps
1738         above_sec                       22
1739         below_sec                       235166
1740         crtime                          698.441717859
1741         maxusage                        101
1742         nwait                           0
1743         snaptime                        235885.638319871
1744         usage                           54
1745         value                           100
1746         zonename                        global
1747 
1748 module: caps                            instance: 0
1749 name:   cpucaps_zone_0                  class:    zone_caps
1750         above_sec                       100733
1751         below_sec                       134332
1752         crtime                          821.048177123
1753         maxusage                        207
1754         nwait                           2
1755         snaptime                        235885.638497731
1756         usage                           199
1757         value                           200
1758         zonename                        global
1759 
1760 module: caps                            instance: 1
1761 name:   cpucaps_project_0               class:    project_caps
1762         above_sec                       0
1763         below_sec                       0
1764         crtime                          225360.256448422
1765         maxusage                        7
1766         nwait                           0
1767         snaptime                        235885.638714404
1768         usage                           7
1769         value                           18446743151372347932
1770         zonename                        test_001
1771 
1772 module: caps                            instance: 1
1773 name:   cpucaps_zone_1                  class:    zone_caps
1774         above_sec                       2
1775         below_sec                       10524
1776         crtime                          225360.256440278
1777         maxusage                        106
1778         nwait                           0
1779         snaptime                        235885.638896443
1780         usage                           7
1781         value                           100
1782         zonename                        test_001
1783 .fi
1784 .in -2
1785 .sp
1786 
1787 .LP
1788 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1789 .sp
1790 .LP
1791 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1792 for a specific zone or project, as below. The first command produces a display
1793 for a specific project, the second for the same project within zone 1.
1794 
1795 .sp
1796 .in +2
1797 .nf
1798 # \fBkstat -c project_caps\fR
1799 
1800 # \fBkstat -c project_caps -i 1\fR
1801 .fi
1802 .in -2
1803 .sp
1804 
1805 .SH EXIT STATUS
1806 .sp
1807 .LP
1808 The following exit values are returned:
1809 .sp
1810 .ne 2
1811 .na
1812 \fB\fB0\fR\fR
1813 .ad
1814 .sp .6
1815 .RS 4n
1816 Successful completion.
1817 .RE
1818 
1819 .sp
1820 .ne 2
1821 .na
1822 \fB\fB1\fR\fR
1823 .ad
1824 .sp .6
1825 .RS 4n
1826 An error occurred.
1827 .RE
1828 
1829 .sp
1830 .ne 2
1831 .na
1832 \fB\fB2\fR\fR
1833 .ad
1834 .sp .6
1835 .RS 4n
1836 Invalid usage.
1837 .RE
1838 
1839 .SH ATTRIBUTES
1840 .sp
1841 .LP
1842 See \fBattributes\fR(5) for descriptions of the following attributes:
1843 .sp
1844 
1845 .sp
1846 .TS
1847 box;
1848 c | c
1849 l | l .
1850 ATTRIBUTE TYPE  ATTRIBUTE VALUE
1851 _
1852 Interface Stability     Volatile
1853 .TE
1854 
1855 .SH SEE ALSO
1856 .sp
1857 .LP
1858 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1859 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1860 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1861 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
1862 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1863 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1864 \fBzones\fR(5)
1865 .sp
1866 .LP
1867 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1868 Solaris Zones\fR
1869 .SH NOTES
1870 .sp
1871 .LP
1872 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.