Print this page
5432 zoneadm install could fix zonepath permissions automatically
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/man/man1m/zoneadm.1m.man.txt
+++ new/usr/src/man/man1m/zoneadm.1m.man.txt
1 1 ZONEADM(1M) Maintenance Commands ZONEADM(1M)
2 2
3 3
4 4
5 5 NAME
6 6 zoneadm - administer zones
7 7
8 8 SYNOPSIS
9 9 zoneadm -z zonename [-u uuid-match] subcommand
10 10 [subcommand_options]
11 11
12 12
13 13 zoneadm [-R root] [-z zonename] [-u uuid-match] list
14 14 [list_options]
15 15
16 16
17 17 zoneadm [-R root] -z zonename [-u uuid-match] mark incomplete
18 18
19 19
20 20 DESCRIPTION
21 21 The zoneadm utility is used to administer system zones. A zone is an
22 22 application container that is maintained by the operating system
23 23 runtime.
24 24
25 25 SECURITY
26 26 Once a process has been placed in a zone other than zone 0, the process
27 27 or any of its children cannot change zones.
28 28
29 29 OPTIONS
30 30 The following options are supported:
31 31
32 32 -R root
33 33 Specify an alternate root (boot environment). This option can only
34 34 be used in conjunction with the "list" and "mark" subcommands.
35 35
36 36
37 37 -u uuid-match
38 38 Unique identifier for a zone, as assigned by libuuid(3LIB). If this
39 39 option is present and the argument is a non-empty string, then the
40 40 zone matching the UUID is selected instead of the one named by the
41 41 -z option, if such a zone is present.
42 42
43 43
44 44 -z zonename
45 45 String identifier for a zone.
46 46
47 47
48 48 SUBCOMMANDS
49 49 Subcommands which can result in destructive actions or loss of work
50 50 have a -F flag to force the action. If input is from a terminal device,
51 51 the user is prompted if such a command is given without the -F flag;
52 52 otherwise, if such a command is given without the -F flag, the action is
53 53 disallowed, with a diagnostic message written to standard error. If a
54 54 zone installation or uninstallation is interrupted, the zone is left in
55 55 the incomplete state. Use uninstall to reset such a zone back to the
56 56 configured state.
57 57
58 58
59 59 The following subcommands are supported:
60 60
61 61 attach [-F] [-n path] [brand-specific options]
62 62 The attach subcommand takes a zone that has been detached from one
63 63 system and attaches the zone onto a new system. Therefore, it is
64 64 advised (though not required) that the detach subcommand should be
65 65 run before the "attach" takes place. Once you have the new zone in
66 66 the configured state, use the attach subcommand to set up the zone
67 67 root instead of installing the zone as a new zone.
68 68
69 69 The -F option can be used to force the zone into the "installed"
70 70 state with no validation. This option should be used with care
71 71 since it can leave the zone in an unsupportable state if it was
72 72 moved from a source system to a target system that is unable to
73 73 properly host the zone. The -n option can be used to run the attach
74 74 subcommand, without executing the command. It uses the output of
75 75 the "detach -n" subcommand as input and is useful to identify any
76 76 conflicting issues, such as the network device being incompatible,
77 77 and can also determine whether the host is capable of supporting
78 78 the zone. The path can be "-", to read the input from standard
79 79 input.
80 80
81 81 The zone's brand may include additional options that govern how the
82 82 zone will be attached. See brands(5) for specific brand
83 83 information.
84 84
85 85 The zone being attached must first be configured using the zonecfg
86 86 (see zonecfg(1M)) command. This does not apply when running "attach
87 87 -n".
88 88
89 89 Use the following command to attach a zone:
90 90
91 91 # zoneadm -z my-zone attach
92 92
93 93
94 94
95 95
96 96 boot [-- boot_options]
97 97 Boot (or activate) the specified zones.
98 98
99 99 The following boot_options are supported:
100 100
101 101 -i altinit
102 102 Select an alternative executable to be the primordial Process.
103 103 altinit is a valid path to an executable. The default
104 104 primordial process is init(1M).
105 105
106 106
107 107 -m smf_options
108 108 The smf_options include two categories of options to control
109 109 booting behavior of the service management facility: recovery
110 110 options and messages options.
111 111
112 112 Message options determine the type and amount of messages that
113 113 smf(5) displays during boot. Service options determine the
114 114 services which are used to boot the system. See kernel(1M) for
115 115 a listing of the -m suboptions.
116 116
117 117
118 118 -s
119 119 Boots only to milestone svc:/milestone/single-user:default. This
120 120 milestone is equivalent to init level s. See svc.startd(1M) and
121 121 init(1M).
122 122
123 123
124 124
125 125 clone [-m copy] [-s zfs_snapshot] source_zone
126 126 Install a zone by copying an existing installed zone. This
127 127 subcommand is an alternative way to install the zone.
128 128
129 129 -m copy
130 130 Force the clone to be a copy, even if a "ZFS clone" is
131 131 possible.
132 132
133 133
134 134 -s zfs_snapshot
135 135 Specify the name of a ZFS snapshot to use as the source of the
136 136 clone. The snapshot must be a snapshot of the source zone taken
137 137 from a previous "zoneadm clone" installation.
138 138
139 139 The source zone must be halted before this subcommand can be used.
140 140
141 141
142 142 detach [-n]
143 143 Detach the specified zone. Detaching a zone is the first step in
144 144 moving a zone from one system to another. The full procedure to
145 145 migrate a zone is that the zone is detached, the zonepath directory
146 146 is moved to the new host, and then the zone is attached on the new
147 147 host. Once the zone is detached, it is left in the configured
148 148 state. If you try to install or clone to a configured zone that has
149 149 been detached, you will receive an error message and the install or
150 150 clone subcommand will not be allowed to proceed. The -n option can
151 151 be used to run the detach subcommand, without executing the
152 152 command. This generates the information needed for running the
153 153 "attach -n" subcommand, which is useful to identify any conflicting
154 154 issues, such as the network device being incompatible or if the
155 155 host is capable of supporting the zone. The information is sent to
156 156 standard output and can be saved to a file or piped to the "attach
157 157 -n" subcommand.
158 158
159 159 Use the following command to detach a zone:
160 160
161 161 # zoneadm -z my-zone detach
162 162
163 163
164 164 The source zone must be halted before this subcommand can be used.
165 165
166 166
167 167 halt
168 168 Halt the specified zones. halt bypasses running the shutdown
169 169 scripts inside the zone. It also removes run time resources of the
↓ open down ↓ |
169 lines elided |
↑ open up ↑ |
170 170 zone.
171 171
172 172
173 173 help [subcommand]
174 174 Display general help. If you specify subcommand, displays help on
175 175 subcommand.
176 176
177 177
178 178 install [-x nodataset] [brand-specific options]
179 179 Install the specified zone on the system. This subcommand
180 - automatically attempts to verify first. It refuses to install if
181 - the verify step fails. See the verify subcommand.
180 + automatically attempts to verify first, most verification errors
181 + are fatal. See the verify subcommand.
182 182
183 183 -x nodataset
184 184 Do not create a ZFS file system.
185 185
186 186 The zone's brand may include additional options that govern how the
187 187 software will be installed in the zone. See brands(5) for specific
188 188 brand information.
189 189
190 190
191 191 list [list_options]
192 192 Display the name of the current zones, or the specified zone if
193 193 indicated.
194 194
195 195 By default, all running zones are listed. If you use this
196 196 subcommand with the zoneadm -z zonename option, it lists only the
197 197 specified zone, regardless of its state. In this case, the -i and -c
198 198 options are disallowed.
199 199
200 200 If neither the -i or -c options are given, all running zones are
201 201 listed.
202 202
203 203 The following list_options are supported:
204 204
205 205 -c
206 206 Display all configured zones. This option overides the -i
207 207 option.
208 208
209 209
210 210 -i
211 211 Expand the display to all installed zones.
212 212
213 213
214 214 -p
215 215 Request machine parsable output. The output format is a list of
216 216 lines, one per zone, with colon- delimited fields. These fields
217 217 are:
218 218
219 219 zoneid:zonename:state:zonepath:uuid:brand:ip-type
220 220
221 221
222 222 If the zonepath contains embedded colons, they can be escaped
223 223 by a backslash (":"), which is parsable by using the shell
224 224 read(1) function with the environmental variable IFS. The uuid
225 225 value is assigned by libuuid(3LIB) when the zone is installed,
226 226 and is useful for identifying the same zone when present (or
227 227 renamed) on alternate boot environments. Any software that
228 228 parses the output of the "zoneadm list -p" command must be able
229 229 to handle any fields that may be added in the future.
230 230
231 231 The -v and -p options are mutually exclusive. If neither -v nor -p
232 232 is used, just the zone name is listed.
233 233
234 234
235 235 -v
236 236 Display verbose information, including zone name, id, current
237 237 state, root directory, brand type, ip-type, and options.
238 238
239 239 The -v and -p options are mutually exclusive. If neither -v nor -p
240 240 is used, just the zone name is listed.
241 241
242 242
243 243
244 244 mark incomplete
245 245 Change the state of an installed zone to "incomplete." This command
246 246 may be useful in cases where administrative changes on the system
247 247 have rendered a zone unusable or inconsistent. This change cannot
248 248 be undone (except by uninstalling the zone).
249 249
250 250
251 251 move new_zonepath
252 252 Move the zonepath to new_zonepath. The zone must be halted before
253 253 this subcommand can be used. The new_zonepath must be a local file
254 254 system and normal restrictions for zonepath apply.
255 255
256 256
257 257 ready
258 258 Prepares a zone for running applications but does not start any
259 259 user processes in the zone.
260 260
261 261
262 262 reboot[-- boot_options]]
263 263 Restart the zones. This is equivalent to a halt boot sequence. This
264 264 subcommand fails if the specified zones are not active. See boot
265 265 subcommand for the boot options.
266 266
267 267
268 268 shutdown [-r [-- boot_options]]
269 269 Gracefully shutdown the specified zone. This subcommand waits for
270 270 all zone processes to finish; the default timeout is
271 271 SCF_PROPERTY_TIMEOUT value from the SMF service system/zones. If
272 272 the -r option is specified, reboot the zone. See boot subcommand for
273 273 the boot options.
274 274
275 275
276 276 uninstall [-F]
277 277 Uninstall the specified zone from the system. Use this subcommand
278 278 with caution. It removes all of the files under the zonepath of
279 279 the zone in question. You can use the -F flag to force the action.
280 280
281 281
282 282 verify
283 283 Check to make sure the configuration of the specified zone can
284 284 safely be installed on the machine. Following is a break-down of the
285 285 checks by resource/property type:
286 286
287 287 zonepath
288 288 zonepath and its parent directory exist and are owned by root
289 289 with appropriate modes . The appropriate modes are that
290 290 zonepath is 700, its parent is not group or world-writable and
291 291 so forth. zonepath is not over an NFS mount. A sub-directory of
292 292 the zonepath named "root" does not exist.
293 293
294 294 If zonepath does not exist, the verify does not fail, but
295 295 merely warns that a subsequent install will attempt to create
296 296 it with proper permissions. A verify subsequent to that might
297 297 fail should anything go wrong.
298 298
299 299 zonepath cannot be a symbolic link.
300 300
301 301
302 302 fs
303 303 Any fs resources have their type value checked. An error is
304 304 reported if the value is one of proc, mntfs, autofs, cachefs,
305 305 or nfs or the filesystem does not have an associated mount
306 306 binary at /usr/lib/fs/<fstype>/mount.
307 307
308 308 It is an error for the directory to be a relative path.
309 309
310 310 It is an error for the path specified by raw to be a relative
311 311 path or if there is no fsck binary for a given filesystem type
312 312 at /usr/lib/fs/<fstype>/fsck. It is also an error if a
313 313 corresponding fsck binary exists but a raw path is not
314 314 specified.
315 315
316 316
317 317 net
318 318 All physical network interfaces exist. All network address
319 319 resources are one of:
320 320
321 321 o a valid IPv4 address, optionally followed by "/" and
322 322 a prefix length;
323 323
324 324 o a valid IPv6 address, which must be followed by "/"
325 325 and a prefix length;
326 326
327 327 o a host name which resolves to an IPv4 address.
328 328 Note that hostnames that resolve to IPv6 addresses are not
329 329 supported.
330 330
331 331 The physical interface name is the network interface name.
332 332
333 333 A zone can be configured to be either exclusive-IP or shared-IP.
334 334 For a shared-IP zone, both the physical and address properties
335 335 must be set. For an exclusive-IP zone, the physical property
336 336 must be set and the address property cannot be set.
337 337
338 338
339 339 rctl
340 340 It also verifies that any defined resource control values are
341 341 valid on the current machine. This means that the privilege
342 342 level is privileged, the limit is lower than the currently
343 343 defined system value, and that the defined action agrees with
344 344 the actions that are valid for the given resource control.
345 345
346 346
347 347
348 348 EXAMPLES
349 349 Example 1 Using the -m Option
350 350
351 351
352 352 The following command illustrates the use of the -m option.
353 353
354 354
355 355 # zoneadm boot -- -m verbose
356 356
357 357
358 358
359 359 Example 2 Using the -i Option
360 360
361 361
362 362 The following command illustrates the use of the -i option.
363 363
364 364
365 365 # zoneadm boot -- -i /sbin/init
366 366
367 367
368 368
369 369 Example 3 Using the -s Option
370 370
371 371
372 372 The following command illustrates the use of the -s option.
373 373
374 374
375 375 # zoneadm boot -- -s
376 376
377 377
378 378
379 379 EXIT STATUS
380 380 The following exit values are returned:
381 381
382 382 0
383 383 Successful completion.
384 384
385 385
386 386 1
387 387 An error occurred.
388 388
389 389
390 390 2
391 391 Invalid usage.
392 392
393 393
394 394 ATTRIBUTES
395 395 See attributes(5) for descriptions of the following attributes:
396 396
397 397
398 398
399 399
400 400 +--------------------+-----------------+
401 401 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
402 402 +--------------------+-----------------+
403 403 |Interface Stability | Committed |
404 404 +--------------------+-----------------+
405 405
406 406 SEE ALSO
407 407 read(1), svcs(1), zlogin(1), zonename(1), init(1M), kernel(1M),
408 408 svcadm(1M), svc.startd(1M), svc.startd(1M), zonecfg(1M), libuuid(3LIB),
409 409 attributes(5), brands(5), native(5), smf(5), zones(5)
410 410
411 411 NOTES
412 412 The zones(5) service is managed by the service management facility,
413 413 smf(5), under the service identifier:
414 414
415 415 svc:/system/zones:default
416 416
417 417
418 418
419 419
420 420 Administrative actions on this service, such as enabling, disabling, or
421 421 requesting restart, can be performed using svcadm(1M). The service's
422 422 status can be queried using the svcs(1) command.
423 423
424 424
425 425 The act of installing a new non-global zone is a fresh installation of
426 426 the Solaris operating system. A new installation of Solaris must not
↓ open down ↓ |
235 lines elided |
↑ open up ↑ |
427 427 require interaction with the user (that is, it must be "hands off").
428 428 Because of this, packages installed in the global zone and all non-
429 429 global zones cannot contain request scripts (see pkgask(1M)). If a
430 430 package did have a request script, then the creation of a non-global
431 431 zone could not be done without user intervention. Any package that
432 432 contains a request script is added to the global zone only. See
433 433 pkgadd(1M).
434 434
435 435
436 436
437 - October 30, 2013 ZONEADM(1M)
437 + December 26, 2014 ZONEADM(1M)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX