Solaris Containers - Description

Description

Each zone has its own node name, virtual network interfaces, and storage assigned to it; there is no requirement for a zone to have any minimum amount of dedicated hardware other than the disk storage necessary for its unique configuration. Specifically, it does not require a dedicated CPU, memory, physical network interface or HBA, although any of these can be allocated specifically to one zone.

Each zone has a security boundary surrounding it which prevents a process associated with one zone from interacting with or observing processes in other zones. Each zone can be configured with its own separate user list. The system automatically manages user ID conflicts; that is, two zones on a system could have a user ID 10000 defined, and each would be mapped to its own unique global identifier.

A zone can be assigned to a resource pool (processor set plus scheduling class) to guarantee certain usage, or can be given shares via fair-share scheduling. A zone can be in one of the following states:

• Configured: configuration was completed and committed
• Incomplete: Transition state during install or uninstall operation
• Installed: the packages have been successfully installed
• Ready: the virtual platform has been established
• Running: the zone booted successfully and is now running
• Shutting down: the zone is in the process of shutting down - this is a temporary state, leading to "Down"
• Down: the zone has completed the shut down process and is down - this is a temporary state, leading to "Installed"

Some programs cannot be executed from within a non-global zone; typically this is because the application requires privileges that cannot be granted within a container. As a zone does not have its own separate kernel (in contrast to a hardware virtual machine), applications that require direct manipulation of kernel features, such as the ability to directly read or alter kernel memory space, may not work inside of a container.