1 '\" te
2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH ZONECFG 1M "Feb 28, 2014"
8 .SH NAME
9 zonecfg \- set up zone configuration
10 .SH SYNOPSIS
11 .LP
12 .nf
13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
14 .fi
15
16 .LP
17 .nf
18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
19 .fi
20
21 .LP
22 .nf
23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
24 .fi
25
26 .LP
27 .nf
28 \fBzonecfg\fR help
29 .fi
30
31 .SH DESCRIPTION
32 .sp
33 .LP
34 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
35 Zone configuration consists of a number of resources and properties.
36 .sp
37 .LP
38 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
39 default scope is global.
40 .sp
41 .LP
42 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
43 .sp
44 .in +2
45 .nf
46 zonecfg \fB-z\fR \fIzonename subcommand\fR
47 .fi
48 .in -2
49 .sp
50
51 .sp
52 .LP
53 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
54 must be rebooted for the changes to take effect.
55 .sp
56 .LP
57 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
58 also be used to persistently specify the resource management settings for the
59 global zone.
60 .sp
61 .LP
62 In the following text, "rctl" is used as an abbreviation for "resource
63 control". See \fBresource_controls\fR(5).
64 .sp
65 .LP
66 Every zone is configured with an associated brand. The brand determines the
67 user-level environment used within the zone, as well as various behaviors for
68 the zone when it is installed, boots, or is shutdown. Once a zone has been
69 installed the brand cannot be changed. The default brand is determined by the
70 installed distribution in the global zone. Some brands do not support all of
71 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
72 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
73 man page.
74 .SS "Resources"
75 .sp
76 .LP
77 The following resource types are supported:
78 .sp
79 .ne 2
80 .na
81 \fB\fBattr\fR\fR
82 .ad
83 .sp .6
84 .RS 4n
85 Generic attribute.
86 .RE
87
88 .sp
89 .ne 2
90 .na
91 \fB\fBcapped-cpu\fR\fR
92 .ad
93 .sp .6
94 .RS 4n
95 Limits for CPU usage.
96 .RE
97
98 .sp
99 .ne 2
100 .na
101 \fB\fBcapped-memory\fR\fR
102 .ad
103 .sp .6
104 .RS 4n
105 Limits for physical, swap, and locked memory.
106 .RE
107
108 .sp
109 .ne 2
110 .na
111 \fB\fBdataset\fR\fR
112 .ad
113 .sp .6
114 .RS 4n
115 \fBZFS\fR dataset.
116 .RE
117
118 .sp
119 .ne 2
120 .na
121 \fB\fBdedicated-cpu\fR\fR
122 .ad
123 .sp .6
124 .RS 4n
125 Subset of the system's processors dedicated to this zone while it is running.
126 .RE
127
128 .sp
129 .ne 2
130 .na
131 \fB\fBdevice\fR\fR
132 .ad
133 .sp .6
134 .RS 4n
135 Device.
136 .RE
137
138 .sp
139 .ne 2
140 .na
141 \fB\fBfs\fR\fR
142 .ad
143 .sp .6
144 .RS 4n
145 file-system
146 .RE
147
148 .sp
149 .ne 2
150 .na
151 \fB\fBnet\fR\fR
152 .ad
153 .sp .6
154 .RS 4n
155 Network interface.
156 .RE
157
158 .sp
159 .ne 2
160 .na
161 \fB\fBrctl\fR\fR
162 .ad
163 .sp .6
164 .RS 4n
165 Resource control.
166 .RE
167
168 .SS "Properties"
169 .sp
170 .LP
171 Each resource type has one or more properties. There are also some global
172 properties, that is, properties of the configuration as a whole, rather than of
173 some particular resource.
174 .sp
175 .LP
176 The following properties are supported:
177 .sp
178 .ne 2
179 .na
180 \fB(global)\fR
181 .ad
182 .sp .6
183 .RS 4n
184 \fBzonename\fR
185 .RE
186
187 .sp
188 .ne 2
189 .na
190 \fB(global)\fR
191 .ad
192 .sp .6
193 .RS 4n
194 \fBzonepath\fR
195 .RE
196
197 .sp
198 .ne 2
199 .na
200 \fB(global)\fR
201 .ad
202 .sp .6
203 .RS 4n
204 \fBautoboot\fR
205 .RE
206
207 .sp
208 .ne 2
209 .na
210 \fB(global)\fR
211 .ad
212 .sp .6
213 .RS 4n
214 \fBbootargs\fR
215 .RE
216
217 .sp
218 .ne 2
219 .na
220 \fB(global)\fR
221 .ad
222 .sp .6
223 .RS 4n
224 \fBpool\fR
225 .RE
226
227 .sp
228 .ne 2
229 .na
230 \fB(global)\fR
231 .ad
232 .sp .6
233 .RS 4n
234 \fBlimitpriv\fR
235 .RE
236
237 .sp
238 .ne 2
239 .na
240 \fB(global)\fR
241 .ad
242 .sp .6
243 .RS 4n
244 \fBbrand\fR
245 .RE
246
247 .sp
248 .ne 2
249 .na
250 \fB(global)\fR
251 .ad
252 .sp .6
253 .RS 4n
254 \fBcpu-shares\fR
255 .RE
256
257 .sp
258 .ne 2
259 .na
260 \fB(global)\fR
261 .ad
262 .sp .6
263 .RS 4n
264 \fBhostid\fR
265 .RE
266
267 .sp
268 .ne 2
269 .na
270 \fB(global)\fR
271 .ad
272 .sp .6
273 .RS 4n
274 \fBmax-lwps\fR
275 .RE
276
277 .sp
278 .ne 2
279 .na
280 \fB(global)\fR
281 .ad
282 .sp .6
283 .RS 4n
284 \fBmax-msg-ids\fR
285 .RE
286
287 .sp
288 .ne 2
289 .na
290 \fB(global)\fR
291 .ad
292 .sp .6
293 .RS 4n
294 \fBmax-sem-ids\fR
295 .RE
296
297 .sp
298 .ne 2
299 .na
300 \fB(global)\fR
301 .ad
302 .sp .6
303 .RS 4n
304 \fBmax-shm-ids\fR
305 .RE
306
307 .sp
308 .ne 2
309 .na
310 \fB(global)\fR
311 .ad
312 .sp .6
313 .RS 4n
314 \fBmax-shm-memory\fR
315 .RE
316
317 .sp
318 .ne 2
319 .na
320 \fB(global)\fR
321 .ad
322 .sp .6
323 .RS 4n
324 \fBscheduling-class\fR
325 .RE
326
327 .sp
328 .ne 2
329 .na
330 .B (global)
331 .ad
332 .sp .6
333 .RS 4n
334 .B fs-allowed
335 .RE
336
337 .sp
338 .ne 2
339 .na
340 \fB\fBfs\fR\fR
341 .ad
342 .sp .6
343 .RS 4n
344 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
345 .RE
346
347 .sp
348 .ne 2
349 .na
350 \fB\fBnet\fR\fR
351 .ad
352 .sp .6
353 .RS 4n
354 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
355 .RE
356
357 .sp
358 .ne 2
359 .na
360 \fB\fBdevice\fR\fR
361 .ad
362 .sp .6
363 .RS 4n
364 \fBmatch\fR
365 .RE
366
367 .sp
368 .ne 2
369 .na
370 \fB\fBrctl\fR\fR
371 .ad
372 .sp .6
373 .RS 4n
374 \fBname\fR, \fBvalue\fR
375 .RE
376
377 .sp
378 .ne 2
379 .na
380 \fB\fBattr\fR\fR
381 .ad
382 .sp .6
383 .RS 4n
384 \fBname\fR, \fBtype\fR, \fBvalue\fR
385 .RE
386
387 .sp
388 .ne 2
389 .na
390 \fB\fBdataset\fR\fR
391 .ad
392 .sp .6
393 .RS 4n
394 \fBname\fR
395 .RE
396
397 .sp
398 .ne 2
399 .na
400 \fB\fBdedicated-cpu\fR\fR
401 .ad
402 .sp .6
403 .RS 4n
404 \fBncpus\fR, \fBimportance\fR
405 .RE
406
407 .sp
408 .ne 2
409 .na
410 \fB\fBcapped-memory\fR\fR
411 .ad
412 .sp .6
413 .RS 4n
414 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
415 .RE
416
417 .sp
418 .ne 2
419 .na
420 \fB\fBcapped-cpu\fR\fR
421 .ad
422 .sp .6
423 .RS 4n
424 \fBncpus\fR
425 .RE
426
427 .sp
428 .LP
429 As for the property values which are paired with these names, they are either
430 simple, complex, or lists. The type allowed is property-specific. Simple values
431 are strings, optionally enclosed within quotation marks. Complex values have
432 the syntax:
433 .sp
434 .in +2
435 .nf
436 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
437 .fi
438 .in -2
439 .sp
440
441 .sp
442 .LP
443 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
444 within a given property. Lists have the syntax:
445 .sp
446 .in +2
447 .nf
448 [<\fIvalue\fR>,...]
449 .fi
450 .in -2
451 .sp
452
453 .sp
454 .LP
455 where each <\fIvalue\fR> is either simple or complex. A list of a single value
456 (either simple or complex) is equivalent to specifying that value without the
457 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
458 (denoted by "[]").
459 .sp
460 .LP
461 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
462 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
463 .sp
464 .LP
465 The property types are described as follows:
466 .sp
467 .ne 2
468 .na
469 \fBglobal: \fBzonename\fR\fR
470 .ad
471 .sp .6
472 .RS 4n
473 The name of the zone.
474 .RE
475
476 .sp
477 .ne 2
478 .na
479 \fBglobal: \fBzonepath\fR\fR
480 .ad
481 .sp .6
482 .RS 4n
483 Path to zone's file system.
484 .RE
485
486 .sp
487 .ne 2
488 .na
489 \fBglobal: \fBautoboot\fR\fR
490 .ad
491 .sp .6
492 .RS 4n
493 Boolean indicating that a zone should be booted automatically at system boot.
494 Note that if the zones service is disabled, the zone will not autoboot,
495 regardless of the setting of this property. You enable the zones service with a
496 \fBsvcadm\fR command, such as:
497 .sp
498 .in +2
499 .nf
500 # \fBsvcadm enable svc:/system/zones:default\fR
501 .fi
502 .in -2
503 .sp
504
505 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
506 \fBsvcadm\fR(1M).
507 .RE
508
509 .sp
510 .ne 2
511 .na
512 \fBglobal: \fBbootargs\fR\fR
513 .ad
514 .sp .6
515 .RS 4n
516 Arguments (options) to be passed to the zone bootup, unless options are
517 supplied to the "\fBzoneadm boot\fR" command, in which case those take
518 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
519 .RE
520
521 .sp
522 .ne 2
523 .na
524 \fBglobal: \fBpool\fR\fR
525 .ad
526 .sp .6
527 .RS 4n
528 Name of the resource pool that this zone must be bound to when booted. This
529 property is incompatible with the \fBdedicated-cpu\fR resource.
530 .RE
531
532 .sp
533 .ne 2
534 .na
535 \fBglobal: \fBlimitpriv\fR\fR
536 .ad
537 .sp .6
538 .RS 4n
539 The maximum set of privileges any process in this zone can obtain. The property
540 should consist of a comma-separated privilege set specification as described in
541 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
542 preceding their names with a dash (-) or an exclamation point (!). The special
543 privilege string "zone" is not supported in this context. If the special string
544 "default" occurs as the first token in the property, it expands into a safe set
545 of privileges that preserve the resource and security isolation described in
546 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
547 safe privileges.
548 .sp
549 The system administrator must take extreme care when configuring privileges for
550 a zone. Some privileges cannot be excluded through this mechanism as they are
551 required in order to boot a zone. In addition, there are certain privileges
552 which cannot be given to a zone as doing so would allow processes inside a zone
553 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
554 invalid privilege has been added or removed from a zone's privilege set when an
555 attempt is made to either "boot" or "ready" the zone.
556 .sp
557 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
558 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
559 specify privileges as they are displayed by \fBppriv\fR. In
560 \fBprivileges\fR(5), privileges are listed in the form
561 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
562 would specify it in this property, is listed in \fBprivileges\fR(5) as
563 \fBPRIV_SYS_TIME\fR.
564 .RE
565
566 .sp
567 .ne 2
568 .na
569 \fBglobal: \fBbrand\fR\fR
570 .ad
571 .sp .6
572 .RS 4n
573 The zone's brand type.
574 .RE
575
576 .sp
577 .ne 2
578 .na
579 \fBglobal: \fBip-type\fR\fR
580 .ad
581 .sp .6
582 .RS 4n
583 A zone can either share the IP instance with the global zone, which is the
584 default, or have its own exclusive instance of IP.
585 .sp
586 This property takes the values \fBshared\fR and \fBexclusive\fR.
587 .RE
588
589 .sp
590 .ne 2
591 .na
592 \fBglobal: \fBhostid\fR\fR
593 .ad
594 .sp .6
595 .RS 4n
596 A zone can emulate a 32-bit host identifier to ease system consolidation. A
597 zone's \fBhostid\fR property is empty by default, meaning that the zone does
598 not emulate a host identifier. Zone host identifiers must be hexadecimal values
599 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
600 uppercase and lowercase hexadecimal digits are acceptable.
601 .RE
602
603 .sp
604 .ne 2
605 .na
606 \fB\fBfs\fR: dir, special, raw, type, options\fR
607 .ad
608 .sp .6
609 .RS 4n
610 Values needed to determine how, where, and so forth to mount file systems. See
611 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
612 .RE
613
614 .sp
615 .ne 2
616 .na
617 \fB\fBnet\fR: address, physical, defrouter\fR
618 .ad
619 .sp .6
620 .RS 4n
621 The network address and physical interface name of the network interface. The
622 network address is one of:
623 .RS +4
624 .TP
625 .ie t \(bu
626 .el o
627 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
628 .RE
629 .RS +4
630 .TP
631 .ie t \(bu
632 .el o
633 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
634 .RE
635 .RS +4
636 .TP
637 .ie t \(bu
638 .el o
639 a host name which resolves to an IPv4 address.
640 .RE
641 Note that host names that resolve to IPv6 addresses are not supported.
642 .sp
643 The physical interface name is the network interface name.
644 .sp
645 The default router is specified similarly to the network address except that it
646 must not be followed by a \fB/\fR (slash) and a network prefix length.
647 .sp
648 A zone can be configured to be either exclusive-IP or shared-IP. For a
649 shared-IP zone, you must set both the physical and address properties; setting
650 the default router is optional. The interface specified in the physical
651 property must be plumbed in the global zone prior to booting the non-global
652 zone. However, if the interface is not used by the global zone, it should be
653 configured \fBdown\fR in the global zone, and the default router for the
654 interface should be specified here.
655 .sp
656 For an exclusive-IP zone, the physical property must be set and the address and
657 default router properties cannot be set.
658 .RE
659
660 .sp
661 .ne 2
662 .na
663 \fB\fBdevice\fR: match\fR
664 .ad
665 .sp .6
666 .RS 4n
667 Device name to match.
668 .RE
669
670 .sp
671 .ne 2
672 .na
673 \fB\fBrctl\fR: name, value\fR
674 .ad
675 .sp .6
676 .RS 4n
677 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
678 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
679 is to use the global property name associated with a specific rctl.
680 .RE
681
682 .sp
683 .ne 2
684 .na
685 \fB\fBattr\fR: name, type, value\fR
686 .ad
687 .sp .6
688 .RS 4n
689 The name, type and value of a generic attribute. The \fBtype\fR must be one of
690 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
691 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
692 .RE
693
694 .sp
695 .ne 2
696 .na
697 \fB\fBdataset\fR: name\fR
698 .ad
699 .sp .6
700 .RS 4n
701 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
702 \fBzfs\fR(1M).
703 .RE
704
705 .sp
706 .ne 2
707 .na
708 \fBglobal: \fBcpu-shares\fR\fR
709 .ad
710 .sp .6
711 .RS 4n
712 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
713 property is incompatible with the \fBdedicated-cpu\fR resource. This property
714 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
715 .RE
716
717 .sp
718 .ne 2
719 .na
720 \fBglobal: \fBmax-lwps\fR\fR
721 .ad
722 .sp .6
723 .RS 4n
724 The maximum number of LWPs simultaneously available to this zone. This property
725 is the preferred way to set the \fBzone.max-lwps\fR rctl.
726 .RE
727
728 .sp
729 .ne 2
730 .na
731 \fBglobal: \fBmax-msg-ids\fR\fR
732 .ad
733 .sp .6
734 .RS 4n
735 The maximum number of message queue IDs allowed for this zone. This property is
736 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
737 .RE
738
739 .sp
740 .ne 2
741 .na
742 \fBglobal: \fBmax-sem-ids\fR\fR
743 .ad
744 .sp .6
745 .RS 4n
746 The maximum number of semaphore IDs allowed for this zone. This property is the
747 preferred way to set the \fBzone.max-sem-ids\fR rctl.
748 .RE
749
750 .sp
751 .ne 2
752 .na
753 \fBglobal: \fBmax-shm-ids\fR\fR
754 .ad
755 .sp .6
756 .RS 4n
757 The maximum number of shared memory IDs allowed for this zone. This property is
758 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
759 .RE
760
761 .sp
762 .ne 2
763 .na
764 \fBglobal: \fBmax-shm-memory\fR\fR
765 .ad
766 .sp .6
767 .RS 4n
768 The maximum amount of shared memory allowed for this zone. This property is the
769 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
770 can be applied to the value for this number (for example, 1M is one megabyte).
771 .RE
772
773 .sp
774 .ne 2
775 .na
776 \fBglobal: \fBscheduling-class\fR\fR
777 .ad
778 .sp .6
779 .RS 4n
780 Specifies the scheduling class used for processes running in a zone. When this
781 property is not specified, the scheduling class is established as follows:
782 .RS +4
783 .TP
784 .ie t \(bu
785 .el o
786 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
787 class FSS is used.
788 .RE
789 .RS +4
790 .TP
791 .ie t \(bu
792 .el o
793 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
794 property references a pool that has a default scheduling class, that class is
795 used.
796 .RE
797 .RS +4
798 .TP
799 .ie t \(bu
800 .el o
801 Under any other conditions, the system default scheduling class is used.
802 .RE
803 .RE
804
805
806
807 .sp
808 .ne 2
809 .na
810 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
811 .ad
812 .sp .6
813 .RS 4n
814 The number of CPUs that should be assigned for this zone's exclusive use. The
815 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
816 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
817 property can specify a single value or a range (for example, 1-4) of
818 processors. The \fBimportance\fR property is optional; if set, it will specify
819 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
820 used, there must be enough free processors to allocate to this zone when it
821 boots or the zone will not boot. The processors assigned to this zone will not
822 be available for the use of the global zone or other zones. This resource is
823 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
824 single instance of this resource can be added to the zone.
825 .RE
826
827 .sp
828 .ne 2
829 .na
830 \fB\fBcapped-memory\fR: physical, swap, locked\fR
831 .ad
832 .sp .6
833 .RS 4n
834 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
835 be applied to the value for each of these numbers (for example, 1M is one
836 megabyte). Each of these properties is optional but at least one property must
837 be set when adding this resource. Only a single instance of this resource can
838 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
839 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
840 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
841 rctl. The \fBlocked\fR property is the preferred way to set the
842 \fBzone.max-locked-memory\fR rctl.
843 .RE
844
845 .sp
846 .ne 2
847 .na
848 \fB\fBcapped-cpu\fR: ncpus\fR
849 .ad
850 .sp .6
851 .RS 4n
852 Sets a limit on the amount of CPU time that can be used by a zone. The unit
853 used translates to the percentage of a single CPU that can be used by all user
854 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
855 mixed number (whole number and fraction, for example, \fB1.25\fR). An
856 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
857 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
858 have their own caps, the minimum value takes precedence.
859 .sp
860 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
861 control and is related to the \fBzone.cpu-cap\fR resource control. See
862 \fBresource_controls\fR(5).
863 .RE
864
865 .sp
866 .ne 2
867 .na
868 \fBglobal: \fBfs-allowed\fR\fR
869 .ad
870 .sp .6
871 .RS 4n
872 A comma-separated list of additional filesystems that may be mounted within
873 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
874 filesystems can be mounted. If the first entry in the list is "-" then
875 that disables all of the default filesystems. If any filesystems are listed
876 after "-" then only those filesystems can be mounted.
877
878 This property does not apply to filesystems mounted into the zone via "add fs"
879 or "add dataset".
880
881 WARNING: allowing filesystem mounts other than the default may allow the zone
882 administrator to compromise the system with a malicious filesystem image, and
883 is not supported.
884 .RE
885
886 .sp
887 .LP
888 The following table summarizes resources, property-names, and types:
889 .sp
890 .in +2
891 .nf
892 resource property-name type
893 (global) zonename simple
894 (global) zonepath simple
895 (global) autoboot simple
896 (global) bootargs simple
897 (global) pool simple
898 (global) limitpriv simple
899 (global) brand simple
900 (global) ip-type simple
901 (global) hostid simple
902 (global) cpu-shares simple
903 (global) max-lwps simple
904 (global) max-msg-ids simple
905 (global) max-sem-ids simple
906 (global) max-shm-ids simple
907 (global) max-shm-memory simple
908 (global) scheduling-class simple
909 fs dir simple
910 special simple
911 raw simple
912 type simple
913 options list of simple
914 net address simple
915 physical simple
916 device match simple
917 rctl name simple
918 value list of complex
919 attr name simple
920 type simple
921 value simple
922 dataset name simple
923 dedicated-cpu ncpus simple or range
924 importance simple
925
926 capped-memory physical simple with scale
927 swap simple with scale
928 locked simple with scale
929
930 capped-cpu ncpus simple
931 .fi
932 .in -2
933 .sp
934
935 .sp
936 .LP
937 To further specify things, the breakdown of the complex property "value" of the
938 "rctl" resource type, it consists of three name/value pairs, the names being
939 "priv", "limit" and "action", each of which takes a simple value. The "name"
940 property of an "attr" resource is syntactically restricted in a fashion similar
941 but not identical to zone names: it must begin with an alphanumeric, and can
942 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
943 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
944 use by the system. Finally, the "autoboot" global property must have a value of
945 "true" or "false".
946 .SS "Using Kernel Statistics to Monitor CPU Caps"
947 .sp
948 .LP
949 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
950 maintains information for all capped projects and zones. You can access this
951 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
952 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
953 kernel statistics for all active CPU caps:
954 .sp
955 .in +2
956 .nf
957 # \fBkstat caps::'/cpucaps/'\fR
958 .fi
959 .in -2
960 .sp
961
962 .sp
963 .LP
964 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
965 that zone and for projects in that zone. See \fBEXAMPLES\fR.
966 .sp
967 .LP
968 The following are cap-related arguments for use with \fBkstat\fR(1M):
969 .sp
970 .ne 2
971 .na
972 \fB\fBcaps\fR\fR
973 .ad
974 .sp .6
975 .RS 4n
976 The \fBkstat\fR module.
977 .RE
978
979 .sp
980 .ne 2
981 .na
982 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
983 .ad
984 .sp .6
985 .RS 4n
986 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
987 .RE
988
989 .sp
990 .ne 2
991 .na
992 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
993 .ad
994 .sp .6
995 .RS 4n
996 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
997 project or zone identifier.
998 .RE
999
1000 .sp
1001 .LP
1002 The following fields are displayed in response to a \fBkstat\fR(1M) command
1003 requesting statistics for all CPU caps.
1004 .sp
1005 .ne 2
1006 .na
1007 \fB\fBmodule\fR\fR
1008 .ad
1009 .sp .6
1010 .RS 4n
1011 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1012 .RE
1013
1014 .sp
1015 .ne 2
1016 .na
1017 \fB\fBname\fR\fR
1018 .ad
1019 .sp .6
1020 .RS 4n
1021 As described above, \fBcpucaps_project_\fR\fIid\fR or
1022 \fBcpucaps_zone_\fR\fIid\fR
1023 .RE
1024
1025 .sp
1026 .ne 2
1027 .na
1028 \fB\fBabove_sec\fR\fR
1029 .ad
1030 .sp .6
1031 .RS 4n
1032 Total time, in seconds, spent above the cap.
1033 .RE
1034
1035 .sp
1036 .ne 2
1037 .na
1038 \fB\fBbelow_sec\fR\fR
1039 .ad
1040 .sp .6
1041 .RS 4n
1042 Total time, in seconds, spent below the cap.
1043 .RE
1044
1045 .sp
1046 .ne 2
1047 .na
1048 \fB\fBmaxusage\fR\fR
1049 .ad
1050 .sp .6
1051 .RS 4n
1052 Maximum observed CPU usage.
1053 .RE
1054
1055 .sp
1056 .ne 2
1057 .na
1058 \fB\fBnwait\fR\fR
1059 .ad
1060 .sp .6
1061 .RS 4n
1062 Number of threads on cap wait queue.
1063 .RE
1064
1065 .sp
1066 .ne 2
1067 .na
1068 \fB\fBusage\fR\fR
1069 .ad
1070 .sp .6
1071 .RS 4n
1072 Current aggregated CPU usage for all threads belonging to a capped project or
1073 zone, in terms of a percentage of a single CPU.
1074 .RE
1075
1076 .sp
1077 .ne 2
1078 .na
1079 \fB\fBvalue\fR\fR
1080 .ad
1081 .sp .6
1082 .RS 4n
1083 The cap value, in terms of a percentage of a single CPU.
1084 .RE
1085
1086 .sp
1087 .ne 2
1088 .na
1089 \fB\fBzonename\fR\fR
1090 .ad
1091 .sp .6
1092 .RS 4n
1093 Name of the zone for which statistics are displayed.
1094 .RE
1095
1096 .sp
1097 .LP
1098 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1099 .SH OPTIONS
1100 .sp
1101 .LP
1102 The following options are supported:
1103 .sp
1104 .ne 2
1105 .na
1106 \fB\fB-f\fR \fIcommand_file\fR\fR
1107 .ad
1108 .sp .6
1109 .RS 4n
1110 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1111 file of \fBzonecfg\fR subcommands, one per line.
1112 .RE
1113
1114 .sp
1115 .ne 2
1116 .na
1117 \fB\fB-z\fR \fIzonename\fR\fR
1118 .ad
1119 .sp .6
1120 .RS 4n
1121 Specify the name of a zone. Zone names are case sensitive. Zone names must
1122 begin with an alphanumeric character and can contain alphanumeric characters,
1123 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1124 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1125 cannot be used.
1126 .RE
1127
1128 .SH SUBCOMMANDS
1129 .sp
1130 .LP
1131 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1132 resource, at which point the scope changes to that resource. The \fBend\fR and
1133 \fBcancel\fR subcommands are used to complete the resource specification, at
1134 which time the scope is reverted back to global. Certain subcommands, such as
1135 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1136 .sp
1137 .LP
1138 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1139 .sp
1140 .in +2
1141 .nf
1142 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1143 .fi
1144 .in -2
1145 .sp
1146
1147 .sp
1148 .LP
1149 Subcommands which can result in destructive actions or loss of work have an
1150 \fB-F\fR option to force the action. If input is from a terminal device, the
1151 user is prompted when appropriate if such a command is given without the
1152 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1153 option, the action is disallowed, with a diagnostic message written to standard
1154 error.
1155 .sp
1156 .LP
1157 The following subcommands are supported:
1158 .sp
1159 .ne 2
1160 .na
1161 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1162 .ad
1163 .br
1164 .na
1165 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1166 .ad
1167 .sp .6
1168 .RS 4n
1169 In the global scope, begin the specification for a given resource type. The
1170 scope is changed to that resource type.
1171 .sp
1172 In the resource scope, add a property of the given name with the given value.
1173 The syntax for property values varies with different property types. In
1174 general, it is a simple value or a list of simple values enclosed in square
1175 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1176 .RE
1177
1178 .sp
1179 .ne 2
1180 .na
1181 \fB\fBcancel\fR\fR
1182 .ad
1183 .sp .6
1184 .RS 4n
1185 End the resource specification and reset scope to global. Abandons any
1186 partially specified resources. \fBcancel\fR is only applicable in the resource
1187 scope.
1188 .RE
1189
1190 .sp
1191 .ne 2
1192 .na
1193 \fB\fBclear\fR \fIproperty-name\fR\fR
1194 .ad
1195 .sp .6
1196 .RS 4n
1197 Clear the value for the property.
1198 .RE
1199
1200 .sp
1201 .ne 2
1202 .na
1203 \fB\fBcommit\fR\fR
1204 .ad
1205 .sp .6
1206 .RS 4n
1207 Commit the current configuration from memory to stable storage. The
1208 configuration must be committed to be used by \fBzoneadm\fR. Until the
1209 in-memory configuration is committed, you can remove changes with the
1210 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1211 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1212 correct to be committed, this operation automatically does a verify.
1213 .RE
1214
1215 .sp
1216 .ne 2
1217 .na
1218 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1219 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1220 .ad
1221 .sp .6
1222 .RS 4n
1223 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1224 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1225 storage.
1226 .sp
1227 If you are overwriting an existing configuration, specify the \fB-F\fR option
1228 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1229 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1230 a configured zone.
1231 .sp
1232 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1233 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1234 zone that has been moved on to this new host. Once the detached zone is
1235 configured, it should be installed using the "\fBzoneadm attach\fR" command
1236 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1237 \fBattach\fR process, not during zone configuration.
1238 .sp
1239 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1240 \fBcreate\fR applies the Sun default settings.
1241 .RE
1242
1243 .sp
1244 .ne 2
1245 .na
1246 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1247 .ad
1248 .sp .6
1249 .RS 4n
1250 Delete the specified configuration from memory and stable storage. This action
1251 is instantaneous, no commit is necessary. A deleted configuration cannot be
1252 reverted.
1253 .sp
1254 Specify the \fB-F\fR option to force the action.
1255 .RE
1256
1257 .sp
1258 .ne 2
1259 .na
1260 \fB\fBend\fR\fR
1261 .ad
1262 .sp .6
1263 .RS 4n
1264 End the resource specification. This subcommand is only applicable in the
1265 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1266 completely specified. If so, it is added to the in-memory configuration (see
1267 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1268 global. If the specification is incomplete, it issues an appropriate error
1269 message.
1270 .RE
1271
1272 .sp
1273 .ne 2
1274 .na
1275 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1276 .ad
1277 .sp .6
1278 .RS 4n
1279 Print configuration to standard output. Use the \fB-f\fR option to print the
1280 configuration to \fIoutput-file\fR. This option produces output in a form
1281 suitable for use in a command file.
1282 .RE
1283
1284 .sp
1285 .ne 2
1286 .na
1287 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1288 .ad
1289 .sp .6
1290 .RS 4n
1291 Print general help or help about given topic.
1292 .RE
1293
1294 .sp
1295 .ne 2
1296 .na
1297 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1298 .ad
1299 .br
1300 .na
1301 \fB\fBinfo [\fR\fIresource-type\fR
1302 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1303 .ad
1304 .sp .6
1305 .RS 4n
1306 Display information about the current configuration. If \fIresource-type\fR is
1307 specified, displays only information about resources of the relevant type. If
1308 any \fIproperty-name\fR value pairs are specified, displays only information
1309 about resources meeting the given criteria. In the resource scope, any
1310 arguments are ignored, and \fBinfo\fR displays information about the resource
1311 which is currently being added or modified.
1312 .RE
1313
1314 .sp
1315 .ne 2
1316 .na
1317 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1318 -value\fR\fB}\fR(global scope)\fR
1319 .ad
1320 .sp .6
1321 .RS 4n
1322 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1323 0 or more of whatever is inside the square braces. If you want only to remove a
1324 single instance of the resource, you must specify enough property name-value
1325 pairs for the resource to be uniquely identified. If no property name-value
1326 pairs are specified, all instances will be removed. If there is more than one
1327 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1328 option.
1329 .RE
1330
1331 .sp
1332 .ne 2
1333 .na
1334 \fB\fBselect\fR \fIresource-type\fR
1335 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1336 .ad
1337 .sp .6
1338 .RS 4n
1339 Select the resource of the given type which matches the given
1340 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1341 subcommand is applicable only in the global scope. The scope is changed to that
1342 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1343 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1344 for the resource to be uniquely identified.
1345 .RE
1346
1347 .sp
1348 .ne 2
1349 .na
1350 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1351 .ad
1352 .sp .6
1353 .RS 4n
1354 Set a given property name to the given value. Some properties (for example,
1355 \fBzonename\fR and \fBzonepath\fR) are global while others are
1356 resource-specific. This subcommand is applicable in both the global and
1357 resource scopes.
1358 .RE
1359
1360 .sp
1361 .ne 2
1362 .na
1363 \fB\fBverify\fR\fR
1364 .ad
1365 .sp .6
1366 .RS 4n
1367 Verify the current configuration for correctness:
1368 .RS +4
1369 .TP
1370 .ie t \(bu
1371 .el o
1372 All resources have all of their required properties specified.
1373 .RE
1374 .RS +4
1375 .TP
1376 .ie t \(bu
1377 .el o
1378 A \fBzonepath\fR is specified.
1379 .RE
1380 .RE
1381
1382 .sp
1383 .ne 2
1384 .na
1385 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1386 .ad
1387 .sp .6
1388 .RS 4n
1389 Revert the configuration back to the last committed state. The \fB-F\fR option
1390 can be used to force the action.
1391 .RE
1392
1393 .sp
1394 .ne 2
1395 .na
1396 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1397 .ad
1398 .sp .6
1399 .RS 4n
1400 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1401 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1402 option can be used to force the action.
1403 .RE
1404
1405 .SH EXAMPLES
1406 .LP
1407 \fBExample 1 \fRCreating the Environment for a New Zone
1408 .sp
1409 .LP
1410 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1411 \fB/usr/local\fR is loopback mounted from the global zone into
1412 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1413 three logical network interfaces are added, and a limit on the number of
1414 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1415 resource type. The example also shows how to select a given resource for
1416 modification.
1417
1418 .sp
1419 .in +2
1420 .nf
1421 example# \fBzonecfg -z myzone3\fR
1422 my-zone3: No such zone configured
1423 Use 'create' to begin configuring a new zone.
1424 zonecfg:myzone3> \fBcreate\fR
1425 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1426 zonecfg:myzone3> \fBset autoboot=true\fR
1427 zonecfg:myzone3> \fBadd fs\fR
1428 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1429 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1430 zonecfg:myzone3:fs> \fBset type=lofs\fR
1431 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1432 zonecfg:myzone3:fs> \fBend\fR
1433 zonecfg:myzone3> \fBadd fs\fR
1434 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1435 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1436 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1437 zonecfg:myzone3:fs> \fBset type=ufs\fR
1438 zonecfg:myzone3:fs> \fBend\fR
1439 zonecfg:myzone3> \fBadd net\fR
1440 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1441 zonecfg:myzone3:net> \fBset physical=eri0\fR
1442 zonecfg:myzone3:net> \fBend\fR
1443 zonecfg:myzone3> \fBadd net\fR
1444 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1445 zonecfg:myzone3:net> \fBset physical=eri0\fR
1446 zonecfg:myzone3:net> \fBend\fR
1447 zonecfg:myzone3> \fBadd net\fR
1448 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1449 zonecfg:myzone3:net> \fBset physical=eri0\fR
1450 zonecfg:myzone3:net> \fBend\fR
1451 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1452 zonecfg:my-zone3> \fBadd capped-memory\fR
1453 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1454 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1455 zonecfg:my-zone3:capped-memory> \fBend\fR
1456 zonecfg:myzone3> \fBexit\fR
1457 .fi
1458 .in -2
1459 .sp
1460
1461 .LP
1462 \fBExample 2 \fRCreating a Non-Native Zone
1463 .sp
1464 .LP
1465 The following example creates a new Linux zone:
1466
1467 .sp
1468 .in +2
1469 .nf
1470 example# \fBzonecfg -z lxzone\fR
1471 lxzone: No such zone configured
1472 Use 'create' to begin configuring a new zone
1473 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1474 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1475 zonecfg:lxzone> \fBset autoboot=true\fR
1476 zonecfg:lxzone> \fBexit\fR
1477 .fi
1478 .in -2
1479 .sp
1480
1481 .LP
1482 \fBExample 3 \fRCreating an Exclusive-IP Zone
1483 .sp
1484 .LP
1485 The following example creates a zone that is granted exclusive access to
1486 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1487 other zones configured on the system.
1488
1489 .sp
1490 .LP
1491 The IP addresses and routing is configured inside the new zone using
1492 \fBsysidtool\fR(1M).
1493
1494 .sp
1495 .in +2
1496 .nf
1497 example# \fBzonecfg -z excl\fR
1498 excl: No such zone configured
1499 Use 'create' to begin configuring a new zone
1500 zonecfg:excl> \fBcreate\fR
1501 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1502 zonecfg:excl> \fBset ip-type=exclusive\fR
1503 zonecfg:excl> \fBadd net\fR
1504 zonecfg:excl:net> \fBset physical=bge1\fR
1505 zonecfg:excl:net> \fBend\fR
1506 zonecfg:excl> \fBadd net\fR
1507 zonecfg:excl:net> \fBset physical=bge33000\fR
1508 zonecfg:excl:net> \fBend\fR
1509 zonecfg:excl> \fBexit\fR
1510 .fi
1511 .in -2
1512 .sp
1513
1514 .LP
1515 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1516 .sp
1517 .LP
1518 The following example shows how to associate an existing zone with an existing
1519 resource pool:
1520
1521 .sp
1522 .in +2
1523 .nf
1524 example# \fBzonecfg -z myzone\fR
1525 zonecfg:myzone> \fBset pool=mypool\fR
1526 zonecfg:myzone> \fBexit\fR
1527 .fi
1528 .in -2
1529 .sp
1530
1531 .sp
1532 .LP
1533 For more information about resource pools, see \fBpooladm\fR(1M) and
1534 \fBpoolcfg\fR(1M).
1535
1536 .LP
1537 \fBExample 5 \fRChanging the Name of a Zone
1538 .sp
1539 .LP
1540 The following example shows how to change the name of an existing zone:
1541
1542 .sp
1543 .in +2
1544 .nf
1545 example# \fBzonecfg -z myzone\fR
1546 zonecfg:myzone> \fBset zonename=myzone2\fR
1547 zonecfg:myzone2> \fBexit\fR
1548 .fi
1549 .in -2
1550 .sp
1551
1552 .LP
1553 \fBExample 6 \fRChanging the Privilege Set of a Zone
1554 .sp
1555 .LP
1556 The following example shows how to change the set of privileges an existing
1557 zone's processes will be limited to the next time the zone is booted. In this
1558 particular case, the privilege set will be the standard safe set of privileges
1559 a zone normally has along with the privilege to change the system date and
1560 time:
1561
1562 .sp
1563 .in +2
1564 .nf
1565 example# \fBzonecfg -z myzone\fR
1566 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1567 zonecfg:myzone2> \fBexit\fR
1568 .fi
1569 .in -2
1570 .sp
1571
1572 .LP
1573 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1574 .sp
1575 .LP
1576 The following command sets the \fBzone.cpu-shares\fR property for the global
1577 zone:
1578
1579 .sp
1580 .in +2
1581 .nf
1582 example# \fBzonecfg -z global\fR
1583 zonecfg:global> \fBset cpu-shares=5\fR
1584 zonecfg:global> \fBexit\fR
1585 .fi
1586 .in -2
1587 .sp
1588
1589 .LP
1590 \fBExample 8 \fRUsing Pattern Matching
1591 .sp
1592 .LP
1593 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1594 In the zone \fBflexlm\fR, enter:
1595
1596 .sp
1597 .in +2
1598 .nf
1599 zonecfg:flexlm> \fBadd device\fR
1600 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1601 zonecfg:flexlm:device> \fBend\fR
1602 .fi
1603 .in -2
1604 .sp
1605
1606 .sp
1607 .LP
1608 In the global zone, enter:
1609
1610 .sp
1611 .in +2
1612 .nf
1613 global# \fBls /dev/cua\fR
1614 a a000 a001 a002 a003 a004 a005 a006 a007 b
1615 .fi
1616 .in -2
1617 .sp
1618
1619 .sp
1620 .LP
1621 In the zone \fBflexlm\fR, enter:
1622
1623 .sp
1624 .in +2
1625 .nf
1626 flexlm# \fBls /dev/cua\fR
1627 a002 a003 a004 a005
1628 .fi
1629 .in -2
1630 .sp
1631
1632 .LP
1633 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1634 .sp
1635 .LP
1636 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1637 zone to three CPUs.
1638
1639 .sp
1640 .in +2
1641 .nf
1642 zonecfg:myzone> \fBadd capped-cpu\fR
1643 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1644 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1645 .fi
1646 .in -2
1647 .sp
1648
1649 .sp
1650 .LP
1651 The preceding sequence, which uses the capped-cpu property, is equivalent to
1652 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1653 control.
1654
1655 .sp
1656 .in +2
1657 .nf
1658 zonecfg:myzone> \fBadd rctl\fR
1659 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1660 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1661 zonecfg:myzone:rctl> \fBend\fR
1662 .fi
1663 .in -2
1664 .sp
1665
1666 .LP
1667 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1668 .sp
1669 .LP
1670 The following command displays information about all CPU caps.
1671
1672 .sp
1673 .in +2
1674 .nf
1675 # \fBkstat -n /cpucaps/\fR
1676 module: caps instance: 0
1677 name: cpucaps_project_0 class: project_caps
1678 above_sec 0
1679 below_sec 2157
1680 crtime 821.048183159
1681 maxusage 2
1682 nwait 0
1683 snaptime 235885.637253027
1684 usage 0
1685 value 18446743151372347932
1686 zonename global
1687
1688 module: caps instance: 0
1689 name: cpucaps_project_1 class: project_caps
1690 above_sec 0
1691 below_sec 0
1692 crtime 225339.192787265
1693 maxusage 5
1694 nwait 0
1695 snaptime 235885.637591677
1696 usage 5
1697 value 18446743151372347932
1698 zonename global
1699
1700 module: caps instance: 0
1701 name: cpucaps_project_201 class: project_caps
1702 above_sec 0
1703 below_sec 235105
1704 crtime 780.37961782
1705 maxusage 100
1706 nwait 0
1707 snaptime 235885.637789687
1708 usage 43
1709 value 100
1710 zonename global
1711
1712 module: caps instance: 0
1713 name: cpucaps_project_202 class: project_caps
1714 above_sec 0
1715 below_sec 235094
1716 crtime 791.72983782
1717 maxusage 100
1718 nwait 0
1719 snaptime 235885.637967512
1720 usage 48
1721 value 100
1722 zonename global
1723
1724 module: caps instance: 0
1725 name: cpucaps_project_203 class: project_caps
1726 above_sec 0
1727 below_sec 235034
1728 crtime 852.104401481
1729 maxusage 75
1730 nwait 0
1731 snaptime 235885.638144304
1732 usage 47
1733 value 100
1734 zonename global
1735
1736 module: caps instance: 0
1737 name: cpucaps_project_86710 class: project_caps
1738 above_sec 22
1739 below_sec 235166
1740 crtime 698.441717859
1741 maxusage 101
1742 nwait 0
1743 snaptime 235885.638319871
1744 usage 54
1745 value 100
1746 zonename global
1747
1748 module: caps instance: 0
1749 name: cpucaps_zone_0 class: zone_caps
1750 above_sec 100733
1751 below_sec 134332
1752 crtime 821.048177123
1753 maxusage 207
1754 nwait 2
1755 snaptime 235885.638497731
1756 usage 199
1757 value 200
1758 zonename global
1759
1760 module: caps instance: 1
1761 name: cpucaps_project_0 class: project_caps
1762 above_sec 0
1763 below_sec 0
1764 crtime 225360.256448422
1765 maxusage 7
1766 nwait 0
1767 snaptime 235885.638714404
1768 usage 7
1769 value 18446743151372347932
1770 zonename test_001
1771
1772 module: caps instance: 1
1773 name: cpucaps_zone_1 class: zone_caps
1774 above_sec 2
1775 below_sec 10524
1776 crtime 225360.256440278
1777 maxusage 106
1778 nwait 0
1779 snaptime 235885.638896443
1780 usage 7
1781 value 100
1782 zonename test_001
1783 .fi
1784 .in -2
1785 .sp
1786
1787 .LP
1788 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1789 .sp
1790 .LP
1791 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1792 for a specific zone or project, as below. The first command produces a display
1793 for a specific project, the second for the same project within zone 1.
1794
1795 .sp
1796 .in +2
1797 .nf
1798 # \fBkstat -c project_caps\fR
1799
1800 # \fBkstat -c project_caps -i 1\fR
1801 .fi
1802 .in -2
1803 .sp
1804
1805 .SH EXIT STATUS
1806 .sp
1807 .LP
1808 The following exit values are returned:
1809 .sp
1810 .ne 2
1811 .na
1812 \fB\fB0\fR\fR
1813 .ad
1814 .sp .6
1815 .RS 4n
1816 Successful completion.
1817 .RE
1818
1819 .sp
1820 .ne 2
1821 .na
1822 \fB\fB1\fR\fR
1823 .ad
1824 .sp .6
1825 .RS 4n
1826 An error occurred.
1827 .RE
1828
1829 .sp
1830 .ne 2
1831 .na
1832 \fB\fB2\fR\fR
1833 .ad
1834 .sp .6
1835 .RS 4n
1836 Invalid usage.
1837 .RE
1838
1839 .SH ATTRIBUTES
1840 .sp
1841 .LP
1842 See \fBattributes\fR(5) for descriptions of the following attributes:
1843 .sp
1844
1845 .sp
1846 .TS
1847 box;
1848 c | c
1849 l | l .
1850 ATTRIBUTE TYPE ATTRIBUTE VALUE
1851 _
1852 Interface Stability Volatile
1853 .TE
1854
1855 .SH SEE ALSO
1856 .sp
1857 .LP
1858 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1859 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1860 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1861 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
1862 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1863 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1864 \fBzones\fR(5)
1865 .sp
1866 .LP
1867 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1868 Solaris Zones\fR
1869 .SH NOTES
1870 .sp
1871 .LP
1872 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.