88 device
89
90 Device.
91
92
93 fs
94
95 file-system
96
97
98 net
99
100 Network interface.
101
102
103 rctl
104
105 Resource control.
106
107
108 Properties
109 Each resource type has one or more properties. There are also some
110 global properties, that is, properties of the configuration as a whole,
111 rather than of some particular resource.
112
113
114 The following properties are supported:
115
116 (global)
117
118 zonename
119
120
121 (global)
122
123 zonepath
124
125
126 (global)
127
221 dataset
222
223 name
224
225
226 dedicated-cpu
227
228 ncpus, importance
229
230
231 capped-memory
232
233 physical, swap, locked
234
235
236 capped-cpu
237
238 ncpus
239
240
241
242 As for the property values which are paired with these names, they are
243 either simple, complex, or lists. The type allowed is property-
244 specific. Simple values are strings, optionally enclosed within
245 quotation marks. Complex values have the syntax:
246
247 (<name>=<value>,<name>=<value>,...)
248
249
250
251
252 where each <value> is simple, and the <name> strings are unique within
253 a given property. Lists have the syntax:
254
255 [<value>,...]
256
257
258
259
260 where each <value> is either simple or complex. A list of a single
515 locked property is the preferred way to set the zone.max-locked-
516 memory rctl.
517
518
519 capped-cpu: ncpus
520
521 Sets a limit on the amount of CPU time that can be used by a zone.
522 The unit used translates to the percentage of a single CPU that can
523 be used by all user threads in a zone, expressed as a fraction (for
524 example, .75) or a mixed number (whole number and fraction, for
525 example, 1.25). An ncpu value of 1 means 100% of a CPU, a value of
526 1.25 means 125%, .75 mean 75%, and so forth. When projects within a
527 capped zone have their own caps, the minimum value takes
528 precedence.
529
530 The capped-cpu property is an alias for zone.cpu-cap resource
531 control and is related to the zone.cpu-cap resource control. See
532 resource_controls(5).
533
534
535 global: fs-allowed
536
537 A comma-separated list of additional filesystems that may be
538 mounted within the zone; for example "ufs,pcfs". By default, only
539 hsfs(7fs) and network filesystems can be mounted. If the first
540 entry in the list is "-" then that disables all of the default
541 filesystems. If any filesystems are listed after "-" then only
542 those filesystems can be mounted.
543
544 This property does not apply to filesystems mounted into the zone
545 via "add fs" or "add dataset".
546
547 WARNING: allowing filesystem mounts other than the default may
548 allow the zone administrator to compromise the system with a
549 malicious filesystem image, and is not supported.
550
551
552
553 The following table summarizes resources, property-names, and types:
554
574 raw simple
575 type simple
576 options list of simple
577 net address simple
578 physical simple
579 device match simple
580 rctl name simple
581 value list of complex
582 attr name simple
583 type simple
584 value simple
585 dataset name simple
586 dedicated-cpu ncpus simple or range
587 importance simple
588
589 capped-memory physical simple with scale
590 swap simple with scale
591 locked simple with scale
592
593 capped-cpu ncpus simple
594
595
596
597
598 To further specify things, the breakdown of the complex property
599 "value" of the "rctl" resource type, it consists of three name/value
600 pairs, the names being "priv", "limit" and "action", each of which
601 takes a simple value. The "name" property of an "attr" resource is
602 syntactically restricted in a fashion similar but not identical to zone
603 names: it must begin with an alphanumeric, and can contain
604 alphanumerics plus the hyphen (-), underscore (_), and dot (.)
605 characters. Attribute names beginning with "zone" are reserved for use
606 by the system. Finally, the "autoboot" global property must have a
607 value of "true" or "false".
608
609 Using Kernel Statistics to Monitor CPU Caps
610 Using the kernel statistics (kstat(3KSTAT)) module caps, the system
611 maintains information for all capped projects and zones. You can access
612 this information by reading kernel statistics (kstat(3KSTAT)),
613 specifying caps as the kstat module name. The following command
1257 Invalid usage.
1258
1259
1260 ATTRIBUTES
1261 See attributes(5) for descriptions of the following attributes:
1262
1263
1264
1265
1266 +--------------------+-----------------+
1267 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
1268 +--------------------+-----------------+
1269 |Interface Stability | Volatile |
1270 +--------------------+-----------------+
1271
1272 SEE ALSO
1273 ppriv(1), prctl(1), zlogin(1), kstat(1M), mount(1M), pooladm(1M),
1274 poolcfg(1M), poold(1M), rcapd(1M), rctladm(1M), svcadm(1M),
1275 sysidtool(1M), zfs(1M), zoneadm(1M), priv_str_to_set(3C),
1276 kstat(3KSTAT), vfstab(4), attributes(5), brands(5), fnmatch(5), lx(5),
1277 privileges(5), resource_controls(5), zones(5)
1278
1279
1280 System Administration Guide: Solaris Containers-Resource Management,
1281 and Solaris Zones
1282
1283 NOTES
1284 All character data used by zonecfg must be in US-ASCII encoding.
1285
1286
1287
1288 February 28, 2014 ZONECFG(1M)
|
88 device
89
90 Device.
91
92
93 fs
94
95 file-system
96
97
98 net
99
100 Network interface.
101
102
103 rctl
104
105 Resource control.
106
107
108 security-flags
109
110 Process security flag settings.
111
112
113 Properties
114 Each resource type has one or more properties. There are also some
115 global properties, that is, properties of the configuration as a whole,
116 rather than of some particular resource.
117
118
119 The following properties are supported:
120
121 (global)
122
123 zonename
124
125
126 (global)
127
128 zonepath
129
130
131 (global)
132
226 dataset
227
228 name
229
230
231 dedicated-cpu
232
233 ncpus, importance
234
235
236 capped-memory
237
238 physical, swap, locked
239
240
241 capped-cpu
242
243 ncpus
244
245
246 security-flags
247
248 lower, default, upper.
249
250
251
252 As for the property values which are paired with these names, they are
253 either simple, complex, or lists. The type allowed is property-
254 specific. Simple values are strings, optionally enclosed within
255 quotation marks. Complex values have the syntax:
256
257 (<name>=<value>,<name>=<value>,...)
258
259
260
261
262 where each <value> is simple, and the <name> strings are unique within
263 a given property. Lists have the syntax:
264
265 [<value>,...]
266
267
268
269
270 where each <value> is either simple or complex. A list of a single
525 locked property is the preferred way to set the zone.max-locked-
526 memory rctl.
527
528
529 capped-cpu: ncpus
530
531 Sets a limit on the amount of CPU time that can be used by a zone.
532 The unit used translates to the percentage of a single CPU that can
533 be used by all user threads in a zone, expressed as a fraction (for
534 example, .75) or a mixed number (whole number and fraction, for
535 example, 1.25). An ncpu value of 1 means 100% of a CPU, a value of
536 1.25 means 125%, .75 mean 75%, and so forth. When projects within a
537 capped zone have their own caps, the minimum value takes
538 precedence.
539
540 The capped-cpu property is an alias for zone.cpu-cap resource
541 control and is related to the zone.cpu-cap resource control. See
542 resource_controls(5).
543
544
545 security-flags: lower, default, upper
546
547 Set the process security flags associated with the zone. The lower
548 and upper fields set the limits, the default field is set of flags
549 all zone processes inherit.
550
551
552 global: fs-allowed
553
554 A comma-separated list of additional filesystems that may be
555 mounted within the zone; for example "ufs,pcfs". By default, only
556 hsfs(7fs) and network filesystems can be mounted. If the first
557 entry in the list is "-" then that disables all of the default
558 filesystems. If any filesystems are listed after "-" then only
559 those filesystems can be mounted.
560
561 This property does not apply to filesystems mounted into the zone
562 via "add fs" or "add dataset".
563
564 WARNING: allowing filesystem mounts other than the default may
565 allow the zone administrator to compromise the system with a
566 malicious filesystem image, and is not supported.
567
568
569
570 The following table summarizes resources, property-names, and types:
571
591 raw simple
592 type simple
593 options list of simple
594 net address simple
595 physical simple
596 device match simple
597 rctl name simple
598 value list of complex
599 attr name simple
600 type simple
601 value simple
602 dataset name simple
603 dedicated-cpu ncpus simple or range
604 importance simple
605
606 capped-memory physical simple with scale
607 swap simple with scale
608 locked simple with scale
609
610 capped-cpu ncpus simple
611 security-flags lower simple
612 default simple
613 upper simple
614
615
616
617
618 To further specify things, the breakdown of the complex property
619 "value" of the "rctl" resource type, it consists of three name/value
620 pairs, the names being "priv", "limit" and "action", each of which
621 takes a simple value. The "name" property of an "attr" resource is
622 syntactically restricted in a fashion similar but not identical to zone
623 names: it must begin with an alphanumeric, and can contain
624 alphanumerics plus the hyphen (-), underscore (_), and dot (.)
625 characters. Attribute names beginning with "zone" are reserved for use
626 by the system. Finally, the "autoboot" global property must have a
627 value of "true" or "false".
628
629 Using Kernel Statistics to Monitor CPU Caps
630 Using the kernel statistics (kstat(3KSTAT)) module caps, the system
631 maintains information for all capped projects and zones. You can access
632 this information by reading kernel statistics (kstat(3KSTAT)),
633 specifying caps as the kstat module name. The following command
1277 Invalid usage.
1278
1279
1280 ATTRIBUTES
1281 See attributes(5) for descriptions of the following attributes:
1282
1283
1284
1285
1286 +--------------------+-----------------+
1287 | ATTRIBUTE TYPE | ATTRIBUTE VALUE |
1288 +--------------------+-----------------+
1289 |Interface Stability | Volatile |
1290 +--------------------+-----------------+
1291
1292 SEE ALSO
1293 ppriv(1), prctl(1), zlogin(1), kstat(1M), mount(1M), pooladm(1M),
1294 poolcfg(1M), poold(1M), rcapd(1M), rctladm(1M), svcadm(1M),
1295 sysidtool(1M), zfs(1M), zoneadm(1M), priv_str_to_set(3C),
1296 kstat(3KSTAT), vfstab(4), attributes(5), brands(5), fnmatch(5), lx(5),
1297 privileges(5), resource_controls(5), security-flags(5), zones(5)
1298
1299
1300 System Administration Guide: Solaris Containers-Resource Management,
1301 and Solaris Zones
1302
1303 NOTES
1304 All character data used by zonecfg must be in US-ASCII encoding.
1305
1306
1307
1308 June 6, 2016 ZONECFG(1M)
|