1 '\" te
2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2013 Joyent, Inc. All Rights Reserved.
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH ZONECFG 1M "Feb 28, 2014"
8 .SH NAME
9 zonecfg \- set up zone configuration
10 .SH SYNOPSIS
11 .LP
12 .nf
13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
14 .fi
15
16 .LP
17 .nf
18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
19 .fi
20
21 .LP
22 .nf
23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
24 .fi
25
26 .LP
27 .nf
28 \fBzonecfg\fR help
29 .fi
30
31 .SH DESCRIPTION
32 .sp
33 .LP
34 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
35 Zone configuration consists of a number of resources and properties.
36 .sp
37 .LP
38 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
39 default scope is global.
40 .sp
41 .LP
42 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
43 .sp
44 .in +2
45 .nf
46 zonecfg \fB-z\fR \fIzonename subcommand\fR
47 .fi
48 .in -2
49 .sp
50
51 .sp
52 .LP
53 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
54 must be rebooted for the changes to take effect.
55 .sp
56 .LP
57 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
58 also be used to persistently specify the resource management settings for the
59 global zone.
60 .sp
61 .LP
62 In the following text, "rctl" is used as an abbreviation for "resource
63 control". See \fBresource_controls\fR(5).
64 .sp
65 .LP
66 Every zone is configured with an associated brand. The brand determines the
67 user-level environment used within the zone, as well as various behaviors for
68 the zone when it is installed, boots, or is shutdown. Once a zone has been
69 installed the brand cannot be changed. The default brand is determined by the
70 installed distribution in the global zone. Some brands do not support all of
71 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
72 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
73 man page.
74 .SS "Resources"
75 .sp
76 .LP
77 The following resource types are supported:
78 .sp
79 .ne 2
80 .na
81 \fB\fBattr\fR\fR
82 .ad
83 .sp .6
84 .RS 4n
85 Generic attribute.
86 .RE
87
88 .sp
89 .ne 2
90 .na
91 \fB\fBcapped-cpu\fR\fR
92 .ad
93 .sp .6
94 .RS 4n
95 Limits for CPU usage.
96 .RE
97
98 .sp
99 .ne 2
100 .na
101 \fB\fBcapped-memory\fR\fR
102 .ad
103 .sp .6
104 .RS 4n
105 Limits for physical, swap, and locked memory.
106 .RE
107
108 .sp
109 .ne 2
110 .na
111 \fB\fBdataset\fR\fR
112 .ad
113 .sp .6
114 .RS 4n
115 \fBZFS\fR dataset.
116 .RE
117
118 .sp
119 .ne 2
120 .na
121 \fB\fBdedicated-cpu\fR\fR
122 .ad
123 .sp .6
124 .RS 4n
125 Subset of the system's processors dedicated to this zone while it is running.
126 .RE
127
128 .sp
129 .ne 2
130 .na
131 \fB\fBdevice\fR\fR
132 .ad
133 .sp .6
134 .RS 4n
135 Device.
136 .RE
137
138 .sp
139 .ne 2
140 .na
141 \fB\fBfs\fR\fR
142 .ad
143 .sp .6
144 .RS 4n
145 file-system
146 .RE
147
148 .sp
149 .ne 2
150 .na
151 \fB\fBnet\fR\fR
152 .ad
153 .sp .6
154 .RS 4n
155 Network interface.
156 .RE
157
158 .sp
159 .ne 2
160 .na
161 \fB\fBrctl\fR\fR
162 .ad
163 .sp .6
164 .RS 4n
165 Resource control.
166 .RE
167
168 .SS "Properties"
169 .sp
170 .LP
171 Each resource type has one or more properties. There are also some global
172 properties, that is, properties of the configuration as a whole, rather than of
173 some particular resource.
174 .sp
175 .LP
176 The following properties are supported:
177 .sp
178 .ne 2
179 .na
180 \fB(global)\fR
181 .ad
182 .sp .6
183 .RS 4n
184 \fBzonename\fR
185 .RE
186
187 .sp
188 .ne 2
189 .na
190 \fB(global)\fR
191 .ad
192 .sp .6
193 .RS 4n
194 \fBzonepath\fR
195 .RE
196
197 .sp
198 .ne 2
199 .na
200 \fB(global)\fR
201 .ad
202 .sp .6
203 .RS 4n
204 \fBautoboot\fR
205 .RE
206
207 .sp
208 .ne 2
209 .na
210 \fB(global)\fR
211 .ad
212 .sp .6
213 .RS 4n
214 \fBbootargs\fR
215 .RE
216
217 .sp
218 .ne 2
219 .na
220 \fB(global)\fR
221 .ad
222 .sp .6
223 .RS 4n
224 \fBpool\fR
225 .RE
226
227 .sp
228 .ne 2
229 .na
230 \fB(global)\fR
231 .ad
232 .sp .6
233 .RS 4n
234 \fBlimitpriv\fR
235 .RE
236
237 .sp
238 .ne 2
239 .na
240 \fB(global)\fR
241 .ad
242 .sp .6
243 .RS 4n
244 \fBbrand\fR
245 .RE
246
247 .sp
248 .ne 2
249 .na
250 \fB(global)\fR
251 .ad
252 .sp .6
253 .RS 4n
254 \fBcpu-shares\fR
255 .RE
256
257 .sp
258 .ne 2
259 .na
260 \fB(global)\fR
261 .ad
262 .sp .6
263 .RS 4n
264 \fBhostid\fR
265 .RE
266
267 .sp
268 .ne 2
269 .na
270 \fB(global)\fR
271 .ad
272 .sp .6
273 .RS 4n
274 \fBmax-lwps\fR
275 .RE
276
277 .sp
278 .ne 2
279 .na
280 \fB(global)\fR
281 .ad
282 .sp .6
283 .RS 4n
284 \fBmax-msg-ids\fR
285 .RE
286
287 .sp
288 .ne 2
289 .na
290 \fB(global)\fR
291 .ad
292 .sp .6
293 .RS 4n
294 \fBmax-sem-ids\fR
295 .RE
296
297 .sp
298 .ne 2
299 .na
300 \fB(global)\fR
301 .ad
302 .sp .6
303 .RS 4n
304 \fBmax-shm-ids\fR
305 .RE
306
307 .sp
308 .ne 2
309 .na
310 \fB(global)\fR
311 .ad
312 .sp .6
313 .RS 4n
314 \fBmax-shm-memory\fR
315 .RE
316
317 .sp
318 .ne 2
319 .na
320 \fB(global)\fR
321 .ad
322 .sp .6
323 .RS 4n
324 \fBscheduling-class\fR
325 .RE
326
327 .sp
328 .ne 2
329 .na
330 .B (global)
331 .ad
332 .sp .6
333 .RS 4n
334 .B fs-allowed
335 .RE
336
337 .sp
338 .ne 2
339 .na
340 \fB\fBfs\fR\fR
341 .ad
342 .sp .6
343 .RS 4n
344 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
345 .RE
346
347 .sp
348 .ne 2
349 .na
350 \fB\fBnet\fR\fR
351 .ad
352 .sp .6
353 .RS 4n
354 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
355 .RE
356
357 .sp
358 .ne 2
359 .na
360 \fB\fBdevice\fR\fR
361 .ad
362 .sp .6
363 .RS 4n
364 \fBmatch\fR
365 .RE
366
367 .sp
368 .ne 2
369 .na
370 \fB\fBrctl\fR\fR
371 .ad
372 .sp .6
373 .RS 4n
374 \fBname\fR, \fBvalue\fR
375 .RE
376
377 .sp
378 .ne 2
379 .na
380 \fB\fBattr\fR\fR
381 .ad
382 .sp .6
383 .RS 4n
384 \fBname\fR, \fBtype\fR, \fBvalue\fR
385 .RE
386
387 .sp
388 .ne 2
389 .na
390 \fB\fBdataset\fR\fR
391 .ad
392 .sp .6
393 .RS 4n
394 \fBname\fR
395 .RE
396
397 .sp
398 .ne 2
399 .na
400 \fB\fBdedicated-cpu\fR\fR
401 .ad
402 .sp .6
403 .RS 4n
404 \fBncpus\fR, \fBimportance\fR
405 .RE
406
407 .sp
408 .ne 2
409 .na
410 \fB\fBcapped-memory\fR\fR
411 .ad
412 .sp .6
413 .RS 4n
414 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
415 .RE
416
417 .sp
418 .ne 2
419 .na
420 \fB\fBcapped-cpu\fR\fR
421 .ad
422 .sp .6
423 .RS 4n
424 \fBncpus\fR
425 .RE
426
427 .sp
428 .LP
429 As for the property values which are paired with these names, they are either
430 simple, complex, or lists. The type allowed is property-specific. Simple values
431 are strings, optionally enclosed within quotation marks. Complex values have
432 the syntax:
433 .sp
434 .in +2
435 .nf
436 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
437 .fi
438 .in -2
439 .sp
440
441 .sp
442 .LP
443 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
444 within a given property. Lists have the syntax:
445 .sp
446 .in +2
447 .nf
448 [<\fIvalue\fR>,...]
449 .fi
450 .in -2
451 .sp
452
453 .sp
454 .LP
455 where each <\fIvalue\fR> is either simple or complex. A list of a single value
456 (either simple or complex) is equivalent to specifying that value without the
457 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
458 (denoted by "[]").
459 .sp
460 .LP
461 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
462 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
463 .sp
464 .LP
465 The property types are described as follows:
466 .sp
467 .ne 2
468 .na
469 \fBglobal: \fBzonename\fR\fR
470 .ad
471 .sp .6
472 .RS 4n
473 The name of the zone.
474 .RE
475
476 .sp
477 .ne 2
478 .na
479 \fBglobal: \fBzonepath\fR\fR
480 .ad
481 .sp .6
482 .RS 4n
483 Path to zone's file system.
484 .RE
485
486 .sp
487 .ne 2
488 .na
489 \fBglobal: \fBautoboot\fR\fR
490 .ad
491 .sp .6
492 .RS 4n
493 Boolean indicating that a zone should be booted automatically at system boot.
494 Note that if the zones service is disabled, the zone will not autoboot,
495 regardless of the setting of this property. You enable the zones service with a
496 \fBsvcadm\fR command, such as:
497 .sp
498 .in +2
499 .nf
500 # \fBsvcadm enable svc:/system/zones:default\fR
501 .fi
502 .in -2
503 .sp
504
505 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
506 \fBsvcadm\fR(1M).
507 .RE
508
509 .sp
510 .ne 2
511 .na
512 \fBglobal: \fBbootargs\fR\fR
513 .ad
514 .sp .6
515 .RS 4n
516 Arguments (options) to be passed to the zone bootup, unless options are
517 supplied to the "\fBzoneadm boot\fR" command, in which case those take
518 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
519 .RE
520
521 .sp
522 .ne 2
523 .na
524 \fBglobal: \fBpool\fR\fR
525 .ad
526 .sp .6
527 .RS 4n
528 Name of the resource pool that this zone must be bound to when booted. This
529 property is incompatible with the \fBdedicated-cpu\fR resource.
530 .RE
531
532 .sp
533 .ne 2
534 .na
535 \fBglobal: \fBlimitpriv\fR\fR
536 .ad
537 .sp .6
538 .RS 4n
539 The maximum set of privileges any process in this zone can obtain. The property
540 should consist of a comma-separated privilege set specification as described in
541 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
542 preceding their names with a dash (-) or an exclamation point (!). The special
543 privilege string "zone" is not supported in this context. If the special string
544 "default" occurs as the first token in the property, it expands into a safe set
545 of privileges that preserve the resource and security isolation described in
546 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
547 safe privileges.
548 .sp
549 The system administrator must take extreme care when configuring privileges for
550 a zone. Some privileges cannot be excluded through this mechanism as they are
551 required in order to boot a zone. In addition, there are certain privileges
552 which cannot be given to a zone as doing so would allow processes inside a zone
553 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
554 invalid privilege has been added or removed from a zone's privilege set when an
555 attempt is made to either "boot" or "ready" the zone.
556 .sp
557 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
558 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
559 specify privileges as they are displayed by \fBppriv\fR. In
560 \fBprivileges\fR(5), privileges are listed in the form
561 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
562 would specify it in this property, is listed in \fBprivileges\fR(5) as
563 \fBPRIV_SYS_TIME\fR.
564 .RE
565
566 .sp
567 .ne 2
568 .na
569 \fBglobal: \fBbrand\fR\fR
570 .ad
571 .sp .6
572 .RS 4n
573 The zone's brand type.
574 .RE
575
576 .sp
577 .ne 2
578 .na
579 \fBglobal: \fBip-type\fR\fR
580 .ad
581 .sp .6
582 .RS 4n
583 A zone can either share the IP instance with the global zone, which is the
584 default, or have its own exclusive instance of IP.
585 .sp
586 This property takes the values \fBshared\fR and \fBexclusive\fR.
587 .RE
588
589 .sp
590 .ne 2
591 .na
592 \fBglobal: \fBhostid\fR\fR
593 .ad
594 .sp .6
595 .RS 4n
596 A zone can emulate a 32-bit host identifier to ease system consolidation. A
597 zone's \fBhostid\fR property is empty by default, meaning that the zone does
598 not emulate a host identifier. Zone host identifiers must be hexadecimal values
599 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
600 uppercase and lowercase hexadecimal digits are acceptable.
601 .RE
602
603 .sp
604 .ne 2
605 .na
606 \fB\fBfs\fR: dir, special, raw, type, options\fR
607 .ad
608 .sp .6
609 .RS 4n
610 Values needed to determine how, where, and so forth to mount file systems. See
611 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
612 .RE
613
614 .sp
615 .ne 2
616 .na
617 \fB\fBnet\fR: address, physical, defrouter\fR
618 .ad
619 .sp .6
620 .RS 4n
621 The network address and physical interface name of the network interface. The
622 network address is one of:
623 .RS +4
624 .TP
625 .ie t \(bu
626 .el o
627 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
628 .RE
629 .RS +4
630 .TP
631 .ie t \(bu
632 .el o
633 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
634 .RE
635 .RS +4
636 .TP
637 .ie t \(bu
638 .el o
639 a host name which resolves to an IPv4 address.
640 .RE
641 Note that host names that resolve to IPv6 addresses are not supported.
642 .sp
643 The physical interface name is the network interface name.
644 .sp
645 The default router is specified similarly to the network address except that it
646 must not be followed by a \fB/\fR (slash) and a network prefix length.
647 .sp
648 A zone can be configured to be either exclusive-IP or shared-IP. For a
649 shared-IP zone, you must set both the physical and address properties; setting
650 the default router is optional. The interface specified in the physical
651 property must be plumbed in the global zone prior to booting the non-global
652 zone. However, if the interface is not used by the global zone, it should be
653 configured \fBdown\fR in the global zone, and the default router for the
654 interface should be specified here.
655 .sp
656 For an exclusive-IP zone, the physical property must be set and the address and
657 default router properties cannot be set.
658 .RE
659
660 .sp
661 .ne 2
662 .na
663 \fB\fBdevice\fR: match\fR
664 .ad
665 .sp .6
666 .RS 4n
667 Device name to match.
668 .RE
669
670 .sp
671 .ne 2
672 .na
673 \fB\fBrctl\fR: name, value\fR
674 .ad
675 .sp .6
676 .RS 4n
677 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
678 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
679 is to use the global property name associated with a specific rctl.
680 .RE
681
682 .sp
683 .ne 2
684 .na
685 \fB\fBattr\fR: name, type, value\fR
686 .ad
687 .sp .6
688 .RS 4n
689 The name, type and value of a generic attribute. The \fBtype\fR must be one of
690 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
691 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
692 .RE
693
694 .sp
695 .ne 2
696 .na
697 \fB\fBdataset\fR: name\fR
698 .ad
699 .sp .6
700 .RS 4n
701 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
702 \fBzfs\fR(1M).
703 .RE
704
705 .sp
706 .ne 2
707 .na
708 \fBglobal: \fBcpu-shares\fR\fR
709 .ad
710 .sp .6
711 .RS 4n
712 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
713 property is incompatible with the \fBdedicated-cpu\fR resource. This property
714 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
715 .RE
716
717 .sp
718 .ne 2
719 .na
720 \fBglobal: \fBmax-lwps\fR\fR
721 .ad
722 .sp .6
723 .RS 4n
724 The maximum number of LWPs simultaneously available to this zone. This property
725 is the preferred way to set the \fBzone.max-lwps\fR rctl.
726 .RE
727
728 .sp
729 .ne 2
730 .na
731 \fBglobal: \fBmax-msg-ids\fR\fR
732 .ad
733 .sp .6
734 .RS 4n
735 The maximum number of message queue IDs allowed for this zone. This property is
736 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
737 .RE
738
739 .sp
740 .ne 2
741 .na
742 \fBglobal: \fBmax-sem-ids\fR\fR
743 .ad
744 .sp .6
745 .RS 4n
746 The maximum number of semaphore IDs allowed for this zone. This property is the
747 preferred way to set the \fBzone.max-sem-ids\fR rctl.
748 .RE
749
750 .sp
751 .ne 2
752 .na
753 \fBglobal: \fBmax-shm-ids\fR\fR
754 .ad
755 .sp .6
756 .RS 4n
757 The maximum number of shared memory IDs allowed for this zone. This property is
758 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
759 .RE
760
761 .sp
762 .ne 2
763 .na
764 \fBglobal: \fBmax-shm-memory\fR\fR
765 .ad
766 .sp .6
767 .RS 4n
768 The maximum amount of shared memory allowed for this zone. This property is the
769 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
770 can be applied to the value for this number (for example, 1M is one megabyte).
771 .RE
772
773 .sp
774 .ne 2
775 .na
776 \fBglobal: \fBscheduling-class\fR\fR
777 .ad
778 .sp .6
779 .RS 4n
780 Specifies the scheduling class used for processes running in a zone. When this
781 property is not specified, the scheduling class is established as follows:
782 .RS +4
783 .TP
784 .ie t \(bu
785 .el o
786 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
787 class FSS is used.
788 .RE
789 .RS +4
790 .TP
791 .ie t \(bu
792 .el o
793 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
794 property references a pool that has a default scheduling class, that class is
795 used.
796 .RE
797 .RS +4
798 .TP
799 .ie t \(bu
800 .el o
801 Under any other conditions, the system default scheduling class is used.
802 .RE
803 .RE
804
805
806
807 .sp
808 .ne 2
809 .na
810 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
811 .ad
812 .sp .6
813 .RS 4n
814 The number of CPUs that should be assigned for this zone's exclusive use. The
815 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
816 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
817 property can specify a single value or a range (for example, 1-4) of
818 processors. The \fBimportance\fR property is optional; if set, it will specify
819 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
820 used, there must be enough free processors to allocate to this zone when it
821 boots or the zone will not boot. The processors assigned to this zone will not
822 be available for the use of the global zone or other zones. This resource is
823 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
824 single instance of this resource can be added to the zone.
825 .RE
826
827 .sp
828 .ne 2
829 .na
830 \fB\fBcapped-memory\fR: physical, swap, locked\fR
831 .ad
832 .sp .6
833 .RS 4n
834 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
835 be applied to the value for each of these numbers (for example, 1M is one
836 megabyte). Each of these properties is optional but at least one property must
837 be set when adding this resource. Only a single instance of this resource can
838 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
839 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
840 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
841 rctl. The \fBlocked\fR property is the preferred way to set the
842 \fBzone.max-locked-memory\fR rctl.
843 .RE
844
845 .sp
846 .ne 2
847 .na
848 \fB\fBcapped-cpu\fR: ncpus\fR
849 .ad
850 .sp .6
851 .RS 4n
852 Sets a limit on the amount of CPU time that can be used by a zone. The unit
853 used translates to the percentage of a single CPU that can be used by all user
854 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
855 mixed number (whole number and fraction, for example, \fB1.25\fR). An
856 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
857 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
858 have their own caps, the minimum value takes precedence.
859 .sp
860 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
861 control and is related to the \fBzone.cpu-cap\fR resource control. See
862 \fBresource_controls\fR(5).
863 .RE
864
865 .sp
866 .ne 2
867 .mk
868 .na
869 \fBglobal: \fBfs-allowed\fR\fR
870 .ad
871 .sp .6
872 .RS 4n
873 A comma-separated list of additional filesystems that may be mounted within
874 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
875 filesystems can be mounted. If the first entry in the list is "-" then
876 that disables all of the default filesystems. If any filesystems are listed
877 after "-" then only those filesystems can be mounted.
878
879 This property does not apply to filesystems mounted into the zone via "add fs"
880 or "add dataset".
881
882 WARNING: allowing filesystem mounts other than the default may allow the zone
883 administrator to compromise the system with a malicious filesystem image, and
884 is not supported.
885 .RE
886
887 .sp
888 .LP
889 The following table summarizes resources, property-names, and types:
890 .sp
891 .in +2
892 .nf
893 resource property-name type
894 (global) zonename simple
895 (global) zonepath simple
896 (global) autoboot simple
897 (global) bootargs simple
898 (global) pool simple
899 (global) limitpriv simple
900 (global) brand simple
901 (global) ip-type simple
902 (global) hostid simple
903 (global) cpu-shares simple
904 (global) max-lwps simple
905 (global) max-msg-ids simple
906 (global) max-sem-ids simple
907 (global) max-shm-ids simple
908 (global) max-shm-memory simple
909 (global) scheduling-class simple
910 fs dir simple
911 special simple
912 raw simple
913 type simple
914 options list of simple
915 net address simple
916 physical simple
917 device match simple
918 rctl name simple
919 value list of complex
920 attr name simple
921 type simple
922 value simple
923 dataset name simple
924 dedicated-cpu ncpus simple or range
925 importance simple
926
927 capped-memory physical simple with scale
928 swap simple with scale
929 locked simple with scale
930
931 capped-cpu ncpus simple
932 .fi
933 .in -2
934 .sp
935
936 .sp
937 .LP
938 To further specify things, the breakdown of the complex property "value" of the
939 "rctl" resource type, it consists of three name/value pairs, the names being
940 "priv", "limit" and "action", each of which takes a simple value. The "name"
941 property of an "attr" resource is syntactically restricted in a fashion similar
942 but not identical to zone names: it must begin with an alphanumeric, and can
943 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
944 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
945 use by the system. Finally, the "autoboot" global property must have a value of
946 "true" or "false".
947 .SS "Using Kernel Statistics to Monitor CPU Caps"
948 .sp
949 .LP
950 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
951 maintains information for all capped projects and zones. You can access this
952 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
953 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
954 kernel statistics for all active CPU caps:
955 .sp
956 .in +2
957 .nf
958 # \fBkstat caps::'/cpucaps/'\fR
959 .fi
960 .in -2
961 .sp
962
963 .sp
964 .LP
965 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
966 that zone and for projects in that zone. See \fBEXAMPLES\fR.
967 .sp
968 .LP
969 The following are cap-related arguments for use with \fBkstat\fR(1M):
970 .sp
971 .ne 2
972 .na
973 \fB\fBcaps\fR\fR
974 .ad
975 .sp .6
976 .RS 4n
977 The \fBkstat\fR module.
978 .RE
979
980 .sp
981 .ne 2
982 .na
983 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
984 .ad
985 .sp .6
986 .RS 4n
987 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
988 .RE
989
990 .sp
991 .ne 2
992 .na
993 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
994 .ad
995 .sp .6
996 .RS 4n
997 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
998 project or zone identifier.
999 .RE
1000
1001 .sp
1002 .LP
1003 The following fields are displayed in response to a \fBkstat\fR(1M) command
1004 requesting statistics for all CPU caps.
1005 .sp
1006 .ne 2
1007 .na
1008 \fB\fBmodule\fR\fR
1009 .ad
1010 .sp .6
1011 .RS 4n
1012 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1013 .RE
1014
1015 .sp
1016 .ne 2
1017 .na
1018 \fB\fBname\fR\fR
1019 .ad
1020 .sp .6
1021 .RS 4n
1022 As described above, \fBcpucaps_project_\fR\fIid\fR or
1023 \fBcpucaps_zone_\fR\fIid\fR
1024 .RE
1025
1026 .sp
1027 .ne 2
1028 .na
1029 \fB\fBabove_sec\fR\fR
1030 .ad
1031 .sp .6
1032 .RS 4n
1033 Total time, in seconds, spent above the cap.
1034 .RE
1035
1036 .sp
1037 .ne 2
1038 .na
1039 \fB\fBbelow_sec\fR\fR
1040 .ad
1041 .sp .6
1042 .RS 4n
1043 Total time, in seconds, spent below the cap.
1044 .RE
1045
1046 .sp
1047 .ne 2
1048 .na
1049 \fB\fBmaxusage\fR\fR
1050 .ad
1051 .sp .6
1052 .RS 4n
1053 Maximum observed CPU usage.
1054 .RE
1055
1056 .sp
1057 .ne 2
1058 .na
1059 \fB\fBnwait\fR\fR
1060 .ad
1061 .sp .6
1062 .RS 4n
1063 Number of threads on cap wait queue.
1064 .RE
1065
1066 .sp
1067 .ne 2
1068 .na
1069 \fB\fBusage\fR\fR
1070 .ad
1071 .sp .6
1072 .RS 4n
1073 Current aggregated CPU usage for all threads belonging to a capped project or
1074 zone, in terms of a percentage of a single CPU.
1075 .RE
1076
1077 .sp
1078 .ne 2
1079 .na
1080 \fB\fBvalue\fR\fR
1081 .ad
1082 .sp .6
1083 .RS 4n
1084 The cap value, in terms of a percentage of a single CPU.
1085 .RE
1086
1087 .sp
1088 .ne 2
1089 .na
1090 \fB\fBzonename\fR\fR
1091 .ad
1092 .sp .6
1093 .RS 4n
1094 Name of the zone for which statistics are displayed.
1095 .RE
1096
1097 .sp
1098 .LP
1099 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1100 .SH OPTIONS
1101 .sp
1102 .LP
1103 The following options are supported:
1104 .sp
1105 .ne 2
1106 .na
1107 \fB\fB-f\fR \fIcommand_file\fR\fR
1108 .ad
1109 .sp .6
1110 .RS 4n
1111 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1112 file of \fBzonecfg\fR subcommands, one per line.
1113 .RE
1114
1115 .sp
1116 .ne 2
1117 .na
1118 \fB\fB-z\fR \fIzonename\fR\fR
1119 .ad
1120 .sp .6
1121 .RS 4n
1122 Specify the name of a zone. Zone names are case sensitive. Zone names must
1123 begin with an alphanumeric character and can contain alphanumeric characters,
1124 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1125 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1126 cannot be used.
1127 .RE
1128
1129 .SH SUBCOMMANDS
1130 .sp
1131 .LP
1132 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1133 resource, at which point the scope changes to that resource. The \fBend\fR and
1134 \fBcancel\fR subcommands are used to complete the resource specification, at
1135 which time the scope is reverted back to global. Certain subcommands, such as
1136 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1137 .sp
1138 .LP
1139 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1140 .sp
1141 .in +2
1142 .nf
1143 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1144 .fi
1145 .in -2
1146 .sp
1147
1148 .sp
1149 .LP
1150 Subcommands which can result in destructive actions or loss of work have an
1151 \fB-F\fR option to force the action. If input is from a terminal device, the
1152 user is prompted when appropriate if such a command is given without the
1153 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1154 option, the action is disallowed, with a diagnostic message written to standard
1155 error.
1156 .sp
1157 .LP
1158 The following subcommands are supported:
1159 .sp
1160 .ne 2
1161 .na
1162 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1163 .ad
1164 .br
1165 .na
1166 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1167 .ad
1168 .sp .6
1169 .RS 4n
1170 In the global scope, begin the specification for a given resource type. The
1171 scope is changed to that resource type.
1172 .sp
1173 In the resource scope, add a property of the given name with the given value.
1174 The syntax for property values varies with different property types. In
1175 general, it is a simple value or a list of simple values enclosed in square
1176 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1177 .RE
1178
1179 .sp
1180 .ne 2
1181 .na
1182 \fB\fBcancel\fR\fR
1183 .ad
1184 .sp .6
1185 .RS 4n
1186 End the resource specification and reset scope to global. Abandons any
1187 partially specified resources. \fBcancel\fR is only applicable in the resource
1188 scope.
1189 .RE
1190
1191 .sp
1192 .ne 2
1193 .na
1194 \fB\fBclear\fR \fIproperty-name\fR\fR
1195 .ad
1196 .sp .6
1197 .RS 4n
1198 Clear the value for the property.
1199 .RE
1200
1201 .sp
1202 .ne 2
1203 .na
1204 \fB\fBcommit\fR\fR
1205 .ad
1206 .sp .6
1207 .RS 4n
1208 Commit the current configuration from memory to stable storage. The
1209 configuration must be committed to be used by \fBzoneadm\fR. Until the
1210 in-memory configuration is committed, you can remove changes with the
1211 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1212 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1213 correct to be committed, this operation automatically does a verify.
1214 .RE
1215
1216 .sp
1217 .ne 2
1218 .na
1219 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1220 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1221 .ad
1222 .sp .6
1223 .RS 4n
1224 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1225 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1226 storage.
1227 .sp
1228 If you are overwriting an existing configuration, specify the \fB-F\fR option
1229 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1230 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1231 a configured zone.
1232 .sp
1233 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1234 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1235 zone that has been moved on to this new host. Once the detached zone is
1236 configured, it should be installed using the "\fBzoneadm attach\fR" command
1237 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1238 \fBattach\fR process, not during zone configuration.
1239 .sp
1240 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1241 \fBcreate\fR applies the Sun default settings.
1242 .RE
1243
1244 .sp
1245 .ne 2
1246 .na
1247 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1248 .ad
1249 .sp .6
1250 .RS 4n
1251 Delete the specified configuration from memory and stable storage. This action
1252 is instantaneous, no commit is necessary. A deleted configuration cannot be
1253 reverted.
1254 .sp
1255 Specify the \fB-F\fR option to force the action.
1256 .RE
1257
1258 .sp
1259 .ne 2
1260 .na
1261 \fB\fBend\fR\fR
1262 .ad
1263 .sp .6
1264 .RS 4n
1265 End the resource specification. This subcommand is only applicable in the
1266 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1267 completely specified. If so, it is added to the in-memory configuration (see
1268 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1269 global. If the specification is incomplete, it issues an appropriate error
1270 message.
1271 .RE
1272
1273 .sp
1274 .ne 2
1275 .na
1276 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1277 .ad
1278 .sp .6
1279 .RS 4n
1280 Print configuration to standard output. Use the \fB-f\fR option to print the
1281 configuration to \fIoutput-file\fR. This option produces output in a form
1282 suitable for use in a command file.
1283 .RE
1284
1285 .sp
1286 .ne 2
1287 .na
1288 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1289 .ad
1290 .sp .6
1291 .RS 4n
1292 Print general help or help about given topic.
1293 .RE
1294
1295 .sp
1296 .ne 2
1297 .na
1298 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1299 .ad
1300 .br
1301 .na
1302 \fB\fBinfo [\fR\fIresource-type\fR
1303 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1304 .ad
1305 .sp .6
1306 .RS 4n
1307 Display information about the current configuration. If \fIresource-type\fR is
1308 specified, displays only information about resources of the relevant type. If
1309 any \fIproperty-name\fR value pairs are specified, displays only information
1310 about resources meeting the given criteria. In the resource scope, any
1311 arguments are ignored, and \fBinfo\fR displays information about the resource
1312 which is currently being added or modified.
1313 .RE
1314
1315 .sp
1316 .ne 2
1317 .na
1318 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1319 -value\fR\fB}\fR(global scope)\fR
1320 .ad
1321 .sp .6
1322 .RS 4n
1323 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1324 0 or more of whatever is inside the square braces. If you want only to remove a
1325 single instance of the resource, you must specify enough property name-value
1326 pairs for the resource to be uniquely identified. If no property name-value
1327 pairs are specified, all instances will be removed. If there is more than one
1328 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1329 option.
1330 .RE
1331
1332 .sp
1333 .ne 2
1334 .na
1335 \fB\fBselect\fR \fIresource-type\fR
1336 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1337 .ad
1338 .sp .6
1339 .RS 4n
1340 Select the resource of the given type which matches the given
1341 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1342 subcommand is applicable only in the global scope. The scope is changed to that
1343 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1344 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1345 for the resource to be uniquely identified.
1346 .RE
1347
1348 .sp
1349 .ne 2
1350 .na
1351 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1352 .ad
1353 .sp .6
1354 .RS 4n
1355 Set a given property name to the given value. Some properties (for example,
1356 \fBzonename\fR and \fBzonepath\fR) are global while others are
1357 resource-specific. This subcommand is applicable in both the global and
1358 resource scopes.
1359 .RE
1360
1361 .sp
1362 .ne 2
1363 .na
1364 \fB\fBverify\fR\fR
1365 .ad
1366 .sp .6
1367 .RS 4n
1368 Verify the current configuration for correctness:
1369 .RS +4
1370 .TP
1371 .ie t \(bu
1372 .el o
1373 All resources have all of their required properties specified.
1374 .RE
1375 .RS +4
1376 .TP
1377 .ie t \(bu
1378 .el o
1379 A \fBzonepath\fR is specified.
1380 .RE
1381 .RE
1382
1383 .sp
1384 .ne 2
1385 .na
1386 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1387 .ad
1388 .sp .6
1389 .RS 4n
1390 Revert the configuration back to the last committed state. The \fB-F\fR option
1391 can be used to force the action.
1392 .RE
1393
1394 .sp
1395 .ne 2
1396 .na
1397 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1398 .ad
1399 .sp .6
1400 .RS 4n
1401 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1402 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1403 option can be used to force the action.
1404 .RE
1405
1406 .SH EXAMPLES
1407 .LP
1408 \fBExample 1 \fRCreating the Environment for a New Zone
1409 .sp
1410 .LP
1411 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1412 \fB/usr/local\fR is loopback mounted from the global zone into
1413 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1414 three logical network interfaces are added, and a limit on the number of
1415 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1416 resource type. The example also shows how to select a given resource for
1417 modification.
1418
1419 .sp
1420 .in +2
1421 .nf
1422 example# \fBzonecfg -z myzone3\fR
1423 my-zone3: No such zone configured
1424 Use 'create' to begin configuring a new zone.
1425 zonecfg:myzone3> \fBcreate\fR
1426 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1427 zonecfg:myzone3> \fBset autoboot=true\fR
1428 zonecfg:myzone3> \fBadd fs\fR
1429 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1430 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1431 zonecfg:myzone3:fs> \fBset type=lofs\fR
1432 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1433 zonecfg:myzone3:fs> \fBend\fR
1434 zonecfg:myzone3> \fBadd fs\fR
1435 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1436 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1437 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1438 zonecfg:myzone3:fs> \fBset type=ufs\fR
1439 zonecfg:myzone3:fs> \fBend\fR
1440 zonecfg:myzone3> \fBadd net\fR
1441 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1442 zonecfg:myzone3:net> \fBset physical=eri0\fR
1443 zonecfg:myzone3:net> \fBend\fR
1444 zonecfg:myzone3> \fBadd net\fR
1445 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1446 zonecfg:myzone3:net> \fBset physical=eri0\fR
1447 zonecfg:myzone3:net> \fBend\fR
1448 zonecfg:myzone3> \fBadd net\fR
1449 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1450 zonecfg:myzone3:net> \fBset physical=eri0\fR
1451 zonecfg:myzone3:net> \fBend\fR
1452 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1453 zonecfg:my-zone3> \fBadd capped-memory\fR
1454 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1455 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1456 zonecfg:my-zone3:capped-memory> \fBend\fR
1457 zonecfg:myzone3> \fBexit\fR
1458 .fi
1459 .in -2
1460 .sp
1461
1462 .LP
1463 \fBExample 2 \fRCreating a Non-Native Zone
1464 .sp
1465 .LP
1466 The following example creates a new Linux zone:
1467
1468 .sp
1469 .in +2
1470 .nf
1471 example# \fBzonecfg -z lxzone\fR
1472 lxzone: No such zone configured
1473 Use 'create' to begin configuring a new zone
1474 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1475 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1476 zonecfg:lxzone> \fBset autoboot=true\fR
1477 zonecfg:lxzone> \fBexit\fR
1478 .fi
1479 .in -2
1480 .sp
1481
1482 .LP
1483 \fBExample 3 \fRCreating an Exclusive-IP Zone
1484 .sp
1485 .LP
1486 The following example creates a zone that is granted exclusive access to
1487 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1488 other zones configured on the system.
1489
1490 .sp
1491 .LP
1492 The IP addresses and routing is configured inside the new zone using
1493 \fBsysidtool\fR(1M).
1494
1495 .sp
1496 .in +2
1497 .nf
1498 example# \fBzonecfg -z excl\fR
1499 excl: No such zone configured
1500 Use 'create' to begin configuring a new zone
1501 zonecfg:excl> \fBcreate\fR
1502 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1503 zonecfg:excl> \fBset ip-type=exclusive\fR
1504 zonecfg:excl> \fBadd net\fR
1505 zonecfg:excl:net> \fBset physical=bge1\fR
1506 zonecfg:excl:net> \fBend\fR
1507 zonecfg:excl> \fBadd net\fR
1508 zonecfg:excl:net> \fBset physical=bge33000\fR
1509 zonecfg:excl:net> \fBend\fR
1510 zonecfg:excl> \fBexit\fR
1511 .fi
1512 .in -2
1513 .sp
1514
1515 .LP
1516 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1517 .sp
1518 .LP
1519 The following example shows how to associate an existing zone with an existing
1520 resource pool:
1521
1522 .sp
1523 .in +2
1524 .nf
1525 example# \fBzonecfg -z myzone\fR
1526 zonecfg:myzone> \fBset pool=mypool\fR
1527 zonecfg:myzone> \fBexit\fR
1528 .fi
1529 .in -2
1530 .sp
1531
1532 .sp
1533 .LP
1534 For more information about resource pools, see \fBpooladm\fR(1M) and
1535 \fBpoolcfg\fR(1M).
1536
1537 .LP
1538 \fBExample 5 \fRChanging the Name of a Zone
1539 .sp
1540 .LP
1541 The following example shows how to change the name of an existing zone:
1542
1543 .sp
1544 .in +2
1545 .nf
1546 example# \fBzonecfg -z myzone\fR
1547 zonecfg:myzone> \fBset zonename=myzone2\fR
1548 zonecfg:myzone2> \fBexit\fR
1549 .fi
1550 .in -2
1551 .sp
1552
1553 .LP
1554 \fBExample 6 \fRChanging the Privilege Set of a Zone
1555 .sp
1556 .LP
1557 The following example shows how to change the set of privileges an existing
1558 zone's processes will be limited to the next time the zone is booted. In this
1559 particular case, the privilege set will be the standard safe set of privileges
1560 a zone normally has along with the privilege to change the system date and
1561 time:
1562
1563 .sp
1564 .in +2
1565 .nf
1566 example# \fBzonecfg -z myzone\fR
1567 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1568 zonecfg:myzone2> \fBexit\fR
1569 .fi
1570 .in -2
1571 .sp
1572
1573 .LP
1574 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1575 .sp
1576 .LP
1577 The following command sets the \fBzone.cpu-shares\fR property for the global
1578 zone:
1579
1580 .sp
1581 .in +2
1582 .nf
1583 example# \fBzonecfg -z global\fR
1584 zonecfg:global> \fBset cpu-shares=5\fR
1585 zonecfg:global> \fBexit\fR
1586 .fi
1587 .in -2
1588 .sp
1589
1590 .LP
1591 \fBExample 8 \fRUsing Pattern Matching
1592 .sp
1593 .LP
1594 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1595 In the zone \fBflexlm\fR, enter:
1596
1597 .sp
1598 .in +2
1599 .nf
1600 zonecfg:flexlm> \fBadd device\fR
1601 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1602 zonecfg:flexlm:device> \fBend\fR
1603 .fi
1604 .in -2
1605 .sp
1606
1607 .sp
1608 .LP
1609 In the global zone, enter:
1610
1611 .sp
1612 .in +2
1613 .nf
1614 global# \fBls /dev/cua\fR
1615 a a000 a001 a002 a003 a004 a005 a006 a007 b
1616 .fi
1617 .in -2
1618 .sp
1619
1620 .sp
1621 .LP
1622 In the zone \fBflexlm\fR, enter:
1623
1624 .sp
1625 .in +2
1626 .nf
1627 flexlm# \fBls /dev/cua\fR
1628 a002 a003 a004 a005
1629 .fi
1630 .in -2
1631 .sp
1632
1633 .LP
1634 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1635 .sp
1636 .LP
1637 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1638 zone to three CPUs.
1639
1640 .sp
1641 .in +2
1642 .nf
1643 zonecfg:myzone> \fBadd capped-cpu\fR
1644 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1645 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1646 .fi
1647 .in -2
1648 .sp
1649
1650 .sp
1651 .LP
1652 The preceding sequence, which uses the capped-cpu property, is equivalent to
1653 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1654 control.
1655
1656 .sp
1657 .in +2
1658 .nf
1659 zonecfg:myzone> \fBadd rctl\fR
1660 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1661 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1662 zonecfg:myzone:rctl> \fBend\fR
1663 .fi
1664 .in -2
1665 .sp
1666
1667 .LP
1668 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1669 .sp
1670 .LP
1671 The following command displays information about all CPU caps.
1672
1673 .sp
1674 .in +2
1675 .nf
1676 # \fBkstat -n /cpucaps/\fR
1677 module: caps instance: 0
1678 name: cpucaps_project_0 class: project_caps
1679 above_sec 0
1680 below_sec 2157
1681 crtime 821.048183159
1682 maxusage 2
1683 nwait 0
1684 snaptime 235885.637253027
1685 usage 0
1686 value 18446743151372347932
1687 zonename global
1688
1689 module: caps instance: 0
1690 name: cpucaps_project_1 class: project_caps
1691 above_sec 0
1692 below_sec 0
1693 crtime 225339.192787265
1694 maxusage 5
1695 nwait 0
1696 snaptime 235885.637591677
1697 usage 5
1698 value 18446743151372347932
1699 zonename global
1700
1701 module: caps instance: 0
1702 name: cpucaps_project_201 class: project_caps
1703 above_sec 0
1704 below_sec 235105
1705 crtime 780.37961782
1706 maxusage 100
1707 nwait 0
1708 snaptime 235885.637789687
1709 usage 43
1710 value 100
1711 zonename global
1712
1713 module: caps instance: 0
1714 name: cpucaps_project_202 class: project_caps
1715 above_sec 0
1716 below_sec 235094
1717 crtime 791.72983782
1718 maxusage 100
1719 nwait 0
1720 snaptime 235885.637967512
1721 usage 48
1722 value 100
1723 zonename global
1724
1725 module: caps instance: 0
1726 name: cpucaps_project_203 class: project_caps
1727 above_sec 0
1728 below_sec 235034
1729 crtime 852.104401481
1730 maxusage 75
1731 nwait 0
1732 snaptime 235885.638144304
1733 usage 47
1734 value 100
1735 zonename global
1736
1737 module: caps instance: 0
1738 name: cpucaps_project_86710 class: project_caps
1739 above_sec 22
1740 below_sec 235166
1741 crtime 698.441717859
1742 maxusage 101
1743 nwait 0
1744 snaptime 235885.638319871
1745 usage 54
1746 value 100
1747 zonename global
1748
1749 module: caps instance: 0
1750 name: cpucaps_zone_0 class: zone_caps
1751 above_sec 100733
1752 below_sec 134332
1753 crtime 821.048177123
1754 maxusage 207
1755 nwait 2
1756 snaptime 235885.638497731
1757 usage 199
1758 value 200
1759 zonename global
1760
1761 module: caps instance: 1
1762 name: cpucaps_project_0 class: project_caps
1763 above_sec 0
1764 below_sec 0
1765 crtime 225360.256448422
1766 maxusage 7
1767 nwait 0
1768 snaptime 235885.638714404
1769 usage 7
1770 value 18446743151372347932
1771 zonename test_001
1772
1773 module: caps instance: 1
1774 name: cpucaps_zone_1 class: zone_caps
1775 above_sec 2
1776 below_sec 10524
1777 crtime 225360.256440278
1778 maxusage 106
1779 nwait 0
1780 snaptime 235885.638896443
1781 usage 7
1782 value 100
1783 zonename test_001
1784 .fi
1785 .in -2
1786 .sp
1787
1788 .LP
1789 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1790 .sp
1791 .LP
1792 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1793 for a specific zone or project, as below. The first command produces a display
1794 for a specific project, the second for the same project within zone 1.
1795
1796 .sp
1797 .in +2
1798 .nf
1799 # \fBkstat -c project_caps\fR
1800
1801 # \fBkstat -c project_caps -i 1\fR
1802 .fi
1803 .in -2
1804 .sp
1805
1806 .SH EXIT STATUS
1807 .sp
1808 .LP
1809 The following exit values are returned:
1810 .sp
1811 .ne 2
1812 .na
1813 \fB\fB0\fR\fR
1814 .ad
1815 .sp .6
1816 .RS 4n
1817 Successful completion.
1818 .RE
1819
1820 .sp
1821 .ne 2
1822 .na
1823 \fB\fB1\fR\fR
1824 .ad
1825 .sp .6
1826 .RS 4n
1827 An error occurred.
1828 .RE
1829
1830 .sp
1831 .ne 2
1832 .na
1833 \fB\fB2\fR\fR
1834 .ad
1835 .sp .6
1836 .RS 4n
1837 Invalid usage.
1838 .RE
1839
1840 .SH ATTRIBUTES
1841 .sp
1842 .LP
1843 See \fBattributes\fR(5) for descriptions of the following attributes:
1844 .sp
1845
1846 .sp
1847 .TS
1848 box;
1849 c | c
1850 l | l .
1851 ATTRIBUTE TYPE ATTRIBUTE VALUE
1852 _
1853 Interface Stability Volatile
1854 .TE
1855
1856 .SH SEE ALSO
1857 .sp
1858 .LP
1859 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1860 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1861 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1862 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriv_str_to_set\fR(3C),
1863 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1864 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1865 \fBzones\fR(5)
1866 .sp
1867 .LP
1868 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1869 Solaris Zones\fR
1870 .SH NOTES
1871 .sp
1872 .LP
1873 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.