1 '\" te
2 .\" Copyright (c) 2004, 2009 Sun Microsystems, Inc. All Rights Reserved.
3 .\" Copyright 2015 Joyent, Inc.
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
6 .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH ZONECFG 1M "Nov 4, 2015"
8 .SH NAME
9 zonecfg \- set up zone configuration
10 .SH SYNOPSIS
11 .LP
12 .nf
13 \fBzonecfg\fR \fB-z\fR \fIzonename\fR
14 .fi
15
16 .LP
17 .nf
18 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fIsubcommand\fR
19 .fi
20
21 .LP
22 .nf
23 \fBzonecfg\fR \fB-z\fR \fIzonename\fR \fB-f\fR \fIcommand_file\fR
24 .fi
25
26 .LP
27 .nf
28 \fBzonecfg\fR help
29 .fi
30
31 .SH DESCRIPTION
32 .LP
33 The \fBzonecfg\fR utility creates and modifies the configuration of a zone.
34 Zone configuration consists of a number of resources and properties.
35 .sp
36 .LP
37 To simplify the user interface, \fBzonecfg\fR uses the concept of a scope. The
38 default scope is global.
39 .sp
40 .LP
41 The following synopsis of the \fBzonecfg\fR command is for interactive usage:
42 .sp
43 .in +2
44 .nf
45 zonecfg \fB-z\fR \fIzonename subcommand\fR
46 .fi
47 .in -2
48 .sp
49
50 .sp
51 .LP
52 Parameters changed through \fBzonecfg\fR do not affect a running zone. The zone
53 must be rebooted for the changes to take effect.
54 .sp
55 .LP
56 In addition to creating and modifying a zone, the \fBzonecfg\fR utility can
57 also be used to persistently specify the resource management settings for the
58 global zone.
59 .sp
60 .LP
61 In the following text, "rctl" is used as an abbreviation for "resource
62 control". See \fBresource_controls\fR(5).
63 .sp
64 .LP
65 Every zone is configured with an associated brand. The brand determines the
66 user-level environment used within the zone, as well as various behaviors for
67 the zone when it is installed, boots, or is shutdown. Once a zone has been
68 installed the brand cannot be changed. The default brand is determined by the
69 installed distribution in the global zone. Some brands do not support all of
70 the \fBzonecfg\fR properties and resources. See the brand-specific man page for
71 more details on each brand. For an overview of brands, see the \fBbrands\fR(5)
72 man page.
73 .SS "Resources"
74 .LP
75 The following resource types are supported:
76 .sp
77 .ne 2
78 .na
79 \fB\fBattr\fR\fR
80 .ad
81 .sp .6
82 .RS 4n
83 Generic attribute.
84 .RE
85
86 .sp
87 .ne 2
88 .na
89 \fB\fBcapped-cpu\fR\fR
90 .ad
91 .sp .6
92 .RS 4n
93 Limits for CPU usage.
94 .RE
95
96 .sp
97 .ne 2
98 .na
99 \fB\fBcapped-memory\fR\fR
100 .ad
101 .sp .6
102 .RS 4n
103 Limits for physical, swap, and locked memory.
104 .RE
105
106 .sp
107 .ne 2
108 .na
109 \fB\fBdataset\fR\fR
110 .ad
111 .sp .6
112 .RS 4n
113 \fBZFS\fR dataset.
114 .RE
115
116 .sp
117 .ne 2
118 .na
119 \fB\fBdedicated-cpu\fR\fR
120 .ad
121 .sp .6
122 .RS 4n
123 Subset of the system's processors dedicated to this zone while it is running.
124 .RE
125
126 .sp
127 .ne 2
128 .na
129 \fB\fBdevice\fR\fR
130 .ad
131 .sp .6
132 .RS 4n
133 Device.
134 .RE
135
136 .sp
137 .ne 2
138 .na
139 \fB\fBfs\fR\fR
140 .ad
141 .sp .6
142 .RS 4n
143 file-system
144 .RE
145
146 .sp
147 .ne 2
148 .na
149 \fB\fBnet\fR\fR
150 .ad
151 .sp .6
152 .RS 4n
153 Network interface.
154 .RE
155
156 .sp
157 .ne 2
158 .na
159 \fB\fBrctl\fR\fR
160 .ad
161 .sp .6
162 .RS 4n
163 Resource control.
164 .RE
165
166 .SS "Properties"
167 .LP
168 Each resource type has one or more properties. There are also some global
169 properties, that is, properties of the configuration as a whole, rather than of
170 some particular resource.
171 .sp
172 .LP
173 The following properties are supported:
174 .sp
175 .ne 2
176 .na
177 \fB(global)\fR
178 .ad
179 .sp .6
180 .RS 4n
181 \fBzonename\fR
182 .RE
183
184 .sp
185 .ne 2
186 .na
187 \fB(global)\fR
188 .ad
189 .sp .6
190 .RS 4n
191 \fBzonepath\fR
192 .RE
193
194 .sp
195 .ne 2
196 .na
197 \fB(global)\fR
198 .ad
199 .sp .6
200 .RS 4n
201 \fBautoboot\fR
202 .RE
203
204 .sp
205 .ne 2
206 .na
207 \fB(global)\fR
208 .ad
209 .sp .6
210 .RS 4n
211 \fBbootargs\fR
212 .RE
213
214 .sp
215 .ne 2
216 .na
217 \fB(global)\fR
218 .ad
219 .sp .6
220 .RS 4n
221 \fBpool\fR
222 .RE
223
224 .sp
225 .ne 2
226 .na
227 \fB(global)\fR
228 .ad
229 .sp .6
230 .RS 4n
231 \fBlimitpriv\fR
232 .RE
233
234 .sp
235 .ne 2
236 .na
237 \fB(global)\fR
238 .ad
239 .sp .6
240 .RS 4n
241 \fBbrand\fR
242 .RE
243
244 .sp
245 .ne 2
246 .na
247 \fB(global)\fR
248 .ad
249 .sp .6
250 .RS 4n
251 \fBcpu-shares\fR
252 .RE
253
254 .sp
255 .ne 2
256 .na
257 \fB(global)\fR
258 .ad
259 .sp .6
260 .RS 4n
261 \fBhostid\fR
262 .RE
263
264 .sp
265 .ne 2
266 .na
267 \fB(global)\fR
268 .ad
269 .sp .6
270 .RS 4n
271 \fBmax-lwps\fR
272 .RE
273
274 .sp
275 .ne 2
276 .na
277 \fB(global)\fR
278 .ad
279 .sp .6
280 .RS 4n
281 \fBmax-msg-ids\fR
282 .RE
283
284 .sp
285 .ne 2
286 .na
287 \fB(global)\fR
288 .ad
289 .sp .6
290 .RS 4n
291 \fBmax-sem-ids\fR
292 .RE
293
294 .sp
295 .ne 2
296 .na
297 \fB(global)\fR
298 .ad
299 .sp .6
300 .RS 4n
301 \fBmax-shm-ids\fR
302 .RE
303
304 .sp
305 .ne 2
306 .na
307 \fB(global)\fR
308 .ad
309 .sp .6
310 .RS 4n
311 \fBmax-shm-memory\fR
312 .RE
313
314 .sp
315 .ne 2
316 .na
317 \fB(global)\fR
318 .ad
319 .sp .6
320 .RS 4n
321 \fBscheduling-class\fR
322 .RE
323
324 .sp
325 .ne 2
326 .na
327 .B (global)
328 .ad
329 .sp .6
330 .RS 4n
331 .B fs-allowed
332 .RE
333
334 .sp
335 .ne 2
336 .na
337 \fB\fBfs\fR\fR
338 .ad
339 .sp .6
340 .RS 4n
341 \fBdir\fR, \fBspecial\fR, \fBraw\fR, \fBtype\fR, \fBoptions\fR
342 .RE
343
344 .sp
345 .ne 2
346 .na
347 \fB\fBnet\fR\fR
348 .ad
349 .sp .6
350 .RS 4n
351 \fBaddress\fR, \fBphysical\fR, \fBdefrouter\fR
352 .RE
353
354 .sp
355 .ne 2
356 .na
357 \fB\fBdevice\fR\fR
358 .ad
359 .sp .6
360 .RS 4n
361 \fBmatch\fR
362 .RE
363
364 .sp
365 .ne 2
366 .na
367 \fB\fBrctl\fR\fR
368 .ad
369 .sp .6
370 .RS 4n
371 \fBname\fR, \fBvalue\fR
372 .RE
373
374 .sp
375 .ne 2
376 .na
377 \fB\fBattr\fR\fR
378 .ad
379 .sp .6
380 .RS 4n
381 \fBname\fR, \fBtype\fR, \fBvalue\fR
382 .RE
383
384 .sp
385 .ne 2
386 .na
387 \fB\fBdataset\fR\fR
388 .ad
389 .sp .6
390 .RS 4n
391 \fBname\fR
392 .RE
393
394 .sp
395 .ne 2
396 .na
397 \fB\fBdedicated-cpu\fR\fR
398 .ad
399 .sp .6
400 .RS 4n
401 \fBncpus\fR, \fBimportance\fR
402 .RE
403
404 .sp
405 .ne 2
406 .na
407 \fB\fBcapped-memory\fR\fR
408 .ad
409 .sp .6
410 .RS 4n
411 \fBphysical\fR, \fBswap\fR, \fBlocked\fR
412 .RE
413
414 .sp
415 .ne 2
416 .na
417 \fB\fBcapped-cpu\fR\fR
418 .ad
419 .sp .6
420 .RS 4n
421 \fBncpus\fR
422 .RE
423
424 .sp
425 .LP
426 As for the property values which are paired with these names, they are either
427 simple, complex, or lists. The type allowed is property-specific. Simple values
428 are strings, optionally enclosed within quotation marks. Complex values have
429 the syntax:
430 .sp
431 .in +2
432 .nf
433 (<\fIname\fR>=<\fIvalue\fR>,<\fIname\fR>=<\fIvalue\fR>,...)
434 .fi
435 .in -2
436 .sp
437
438 .sp
439 .LP
440 where each <\fIvalue\fR> is simple, and the <\fIname\fR> strings are unique
441 within a given property. Lists have the syntax:
442 .sp
443 .in +2
444 .nf
445 [<\fIvalue\fR>,...]
446 .fi
447 .in -2
448 .sp
449
450 .sp
451 .LP
452 where each <\fIvalue\fR> is either simple or complex. A list of a single value
453 (either simple or complex) is equivalent to specifying that value without the
454 list syntax. That is, "foo" is equivalent to "[foo]". A list can be empty
455 (denoted by "[]").
456 .sp
457 .LP
458 In interpreting property values, \fBzonecfg\fR accepts regular expressions as
459 specified in \fBfnmatch\fR(5). See \fBEXAMPLES\fR.
460 .sp
461 .LP
462 The property types are described as follows:
463 .sp
464 .ne 2
465 .na
466 \fBglobal: \fBzonename\fR\fR
467 .ad
468 .sp .6
469 .RS 4n
470 The name of the zone.
471 .RE
472
473 .sp
474 .ne 2
475 .na
476 \fBglobal: \fBzonepath\fR\fR
477 .ad
478 .sp .6
479 .RS 4n
480 Path to zone's file system.
481 .RE
482
483 .sp
484 .ne 2
485 .na
486 \fBglobal: \fBautoboot\fR\fR
487 .ad
488 .sp .6
489 .RS 4n
490 Boolean indicating that a zone should be booted automatically at system boot.
491 Note that if the zones service is disabled, the zone will not autoboot,
492 regardless of the setting of this property. You enable the zones service with a
493 \fBsvcadm\fR command, such as:
494 .sp
495 .in +2
496 .nf
497 # \fBsvcadm enable svc:/system/zones:default\fR
498 .fi
499 .in -2
500 .sp
501
502 Replace \fBenable\fR with \fBdisable\fR to disable the zones service. See
503 \fBsvcadm\fR(1M).
504 .RE
505
506 .sp
507 .ne 2
508 .na
509 \fBglobal: \fBbootargs\fR\fR
510 .ad
511 .sp .6
512 .RS 4n
513 Arguments (options) to be passed to the zone bootup, unless options are
514 supplied to the "\fBzoneadm boot\fR" command, in which case those take
515 precedence. The valid arguments are described in \fBzoneadm\fR(1M).
516 .RE
517
518 .sp
519 .ne 2
520 .na
521 \fBglobal: \fBpool\fR\fR
522 .ad
523 .sp .6
524 .RS 4n
525 Name of the resource pool that this zone must be bound to when booted. This
526 property is incompatible with the \fBdedicated-cpu\fR resource.
527 .RE
528
529 .sp
530 .ne 2
531 .na
532 \fBglobal: \fBlimitpriv\fR\fR
533 .ad
534 .sp .6
535 .RS 4n
536 The maximum set of privileges any process in this zone can obtain. The property
537 should consist of a comma-separated privilege set specification as described in
538 \fBpriv_str_to_set\fR(3C). Privileges can be excluded from the resulting set by
539 preceding their names with a dash (-) or an exclamation point (!). The special
540 privilege string "zone" is not supported in this context. If the special string
541 "default" occurs as the first token in the property, it expands into a safe set
542 of privileges that preserve the resource and security isolation described in
543 \fBzones\fR(5). A missing or empty property is equivalent to this same set of
544 safe privileges.
545 .sp
546 The system administrator must take extreme care when configuring privileges for
547 a zone. Some privileges cannot be excluded through this mechanism as they are
548 required in order to boot a zone. In addition, there are certain privileges
549 which cannot be given to a zone as doing so would allow processes inside a zone
550 to unduly affect processes in other zones. \fBzoneadm\fR(1M) indicates when an
551 invalid privilege has been added or removed from a zone's privilege set when an
552 attempt is made to either "boot" or "ready" the zone.
553 .sp
554 See \fBprivileges\fR(5) for a description of privileges. The command "\fBppriv
555 -l\fR" (see \fBppriv\fR(1)) produces a list of all Solaris privileges. You can
556 specify privileges as they are displayed by \fBppriv\fR. In
557 \fBprivileges\fR(5), privileges are listed in the form
558 PRIV_\fIprivilege_name\fR. For example, the privilege \fIsys_time\fR, as you
559 would specify it in this property, is listed in \fBprivileges\fR(5) as
560 \fBPRIV_SYS_TIME\fR.
561 .RE
562
563 .sp
564 .ne 2
565 .na
566 \fBglobal: \fBbrand\fR\fR
567 .ad
568 .sp .6
569 .RS 4n
570 The zone's brand type.
571 .RE
572
573 .sp
574 .ne 2
575 .na
576 \fBglobal: \fBip-type\fR\fR
577 .ad
578 .sp .6
579 .RS 4n
580 A zone can either share the IP instance with the global zone, which is the
581 default, or have its own exclusive instance of IP.
582 .sp
583 This property takes the values \fBshared\fR and \fBexclusive\fR.
584 .RE
585
586 .sp
587 .ne 2
588 .na
589 \fBglobal: \fBhostid\fR\fR
590 .ad
591 .sp .6
592 .RS 4n
593 A zone can emulate a 32-bit host identifier to ease system consolidation. A
594 zone's \fBhostid\fR property is empty by default, meaning that the zone does
595 not emulate a host identifier. Zone host identifiers must be hexadecimal values
596 between 0 and FFFFFFFE. A \fB0x\fR or \fB0X\fR prefix is optional. Both
597 uppercase and lowercase hexadecimal digits are acceptable.
598 .RE
599
600 .sp
601 .ne 2
602 .na
603 \fB\fBfs\fR: dir, special, raw, type, options\fR
604 .ad
605 .sp .6
606 .RS 4n
607 Values needed to determine how, where, and so forth to mount file systems. See
608 \fBmount\fR(1M), \fBmount\fR(2), \fBfsck\fR(1M), and \fBvfstab\fR(4).
609 .RE
610
611 .sp
612 .ne 2
613 .na
614 \fB\fBnet\fR: address, physical, defrouter\fR
615 .ad
616 .sp .6
617 .RS 4n
618 The network address and physical interface name of the network interface. The
619 network address is one of:
620 .RS +4
621 .TP
622 .ie t \(bu
623 .el o
624 a valid IPv4 address, optionally followed by "\fB/\fR" and a prefix length;
625 .RE
626 .RS +4
627 .TP
628 .ie t \(bu
629 .el o
630 a valid IPv6 address, which must be followed by "\fB/\fR" and a prefix length;
631 .RE
632 .RS +4
633 .TP
634 .ie t \(bu
635 .el o
636 a host name which resolves to an IPv4 address.
637 .RE
638 Note that host names that resolve to IPv6 addresses are not supported.
639 .sp
640 The physical interface name is the network interface name.
641 .sp
642 The default router is specified similarly to the network address except that it
643 must not be followed by a \fB/\fR (slash) and a network prefix length.
644 .sp
645 A zone can be configured to be either exclusive-IP or shared-IP. For a
646 shared-IP zone, you must set both the physical and address properties; setting
647 the default router is optional. The interface specified in the physical
648 property must be plumbed in the global zone prior to booting the non-global
649 zone. However, if the interface is not used by the global zone, it should be
650 configured \fBdown\fR in the global zone, and the default router for the
651 interface should be specified here.
652 .sp
653 For an exclusive-IP zone, the physical property must be set and the address and
654 default router properties cannot be set.
655 .RE
656
657 .sp
658 .ne 2
659 .na
660 \fB\fBdevice\fR: match\fR
661 .ad
662 .sp .6
663 .RS 4n
664 Device name to match.
665 .RE
666
667 .sp
668 .ne 2
669 .na
670 \fB\fBrctl\fR: name, value\fR
671 .ad
672 .sp .6
673 .RS 4n
674 The name and \fIpriv\fR/\fIlimit\fR/\fIaction\fR triple of a resource control.
675 See \fBprctl\fR(1) and \fBrctladm\fR(1M). The preferred way to set rctl values
676 is to use the global property name associated with a specific rctl.
677 .RE
678
679 .sp
680 .ne 2
681 .na
682 \fB\fBattr\fR: name, type, value\fR
683 .ad
684 .sp .6
685 .RS 4n
686 The name, type and value of a generic attribute. The \fBtype\fR must be one of
687 \fBint\fR, \fBuint\fR, \fBboolean\fR or \fBstring\fR, and the value must be of
688 that type. \fBuint\fR means unsigned , that is, a non-negative integer.
689 .RE
690
691 .sp
692 .ne 2
693 .na
694 \fB\fBdataset\fR: name\fR
695 .ad
696 .sp .6
697 .RS 4n
698 The name of a \fBZFS\fR dataset to be accessed from within the zone. See
699 \fBzfs\fR(1M).
700 .RE
701
702 .sp
703 .ne 2
704 .na
705 \fBglobal: \fBcpu-shares\fR\fR
706 .ad
707 .sp .6
708 .RS 4n
709 The number of Fair Share Scheduler (FSS) shares to allocate to this zone. This
710 property is incompatible with the \fBdedicated-cpu\fR resource. This property
711 is the preferred way to set the \fBzone.cpu-shares\fR rctl.
712 .RE
713
714 .sp
715 .ne 2
716 .na
717 \fBglobal: \fBmax-lwps\fR\fR
718 .ad
719 .sp .6
720 .RS 4n
721 The maximum number of LWPs simultaneously available to this zone. This property
722 is the preferred way to set the \fBzone.max-lwps\fR rctl.
723 .RE
724
725 .sp
726 .ne 2
727 .na
728 \fBglobal: \fBmax-msg-ids\fR\fR
729 .ad
730 .sp .6
731 .RS 4n
732 The maximum number of message queue IDs allowed for this zone. This property is
733 the preferred way to set the \fBzone.max-msg-ids\fR rctl.
734 .RE
735
736 .sp
737 .ne 2
738 .na
739 \fBglobal: \fBmax-sem-ids\fR\fR
740 .ad
741 .sp .6
742 .RS 4n
743 The maximum number of semaphore IDs allowed for this zone. This property is the
744 preferred way to set the \fBzone.max-sem-ids\fR rctl.
745 .RE
746
747 .sp
748 .ne 2
749 .na
750 \fBglobal: \fBmax-shm-ids\fR\fR
751 .ad
752 .sp .6
753 .RS 4n
754 The maximum number of shared memory IDs allowed for this zone. This property is
755 the preferred way to set the \fBzone.max-shm-ids\fR rctl.
756 .RE
757
758 .sp
759 .ne 2
760 .na
761 \fBglobal: \fBmax-shm-memory\fR\fR
762 .ad
763 .sp .6
764 .RS 4n
765 The maximum amount of shared memory allowed for this zone. This property is the
766 preferred way to set the \fBzone.max-shm-memory\fR rctl. A scale (K, M, G, T)
767 can be applied to the value for this number (for example, 1M is one megabyte).
768 .RE
769
770 .sp
771 .ne 2
772 .na
773 \fBglobal: \fBscheduling-class\fR\fR
774 .ad
775 .sp .6
776 .RS 4n
777 Specifies the scheduling class used for processes running in a zone. When this
778 property is not specified, the scheduling class is established as follows:
779 .RS +4
780 .TP
781 .ie t \(bu
782 .el o
783 If the \fBcpu-shares\fR property or equivalent rctl is set, the scheduling
784 class \fBFSS\fR is used.
785 .RE
786 .RS +4
787 .TP
788 .ie t \(bu
789 .el o
790 If neither \fBcpu-shares\fR nor the equivalent rctl is set and the zone's pool
791 property references a pool that has a default scheduling class, that class is
792 used.
793 .RE
794 .RS +4
795 .TP
796 .ie t \(bu
797 .el o
798 Under any other conditions, the system default scheduling class is used.
799 .RE
800 .sp
801 If the \fBFX\fR scheduling class is specified, then the optional
802 \fBfixed-hi-pri\fR attribute can be set to \fBtrue\fR. This causes all of the
803 processes in the zone to run at the highest \fBFX\fR priority. By default
804 processes under \fBFX\fR run at the lowest priority. See \fBpriocntl\fR(2)
805 for details on each scheduling class.
806 .RE
807
808
809 .sp
810 .ne 2
811 .na
812 \fB\fBdedicated-cpu\fR: ncpus, importance\fR
813 .ad
814 .sp .6
815 .RS 4n
816 The number of CPUs that should be assigned for this zone's exclusive use. The
817 zone will create a pool and processor set when it boots. See \fBpooladm\fR(1M)
818 and \fBpoolcfg\fR(1M) for more information on resource pools. The \fBncpu\fR
819 property can specify a single value or a range (for example, 1-4) of
820 processors. The \fBimportance\fR property is optional; if set, it will specify
821 the \fBpset.importance\fR value for use by \fBpoold\fR(1M). If this resource is
822 used, there must be enough free processors to allocate to this zone when it
823 boots or the zone will not boot. The processors assigned to this zone will not
824 be available for the use of the global zone or other zones. This resource is
825 incompatible with both the \fBpool\fR and \fBcpu-shares\fR properties. Only a
826 single instance of this resource can be added to the zone.
827 .RE
828
829 .sp
830 .ne 2
831 .na
832 \fB\fBcapped-memory\fR: physical, swap, locked\fR
833 .ad
834 .sp .6
835 .RS 4n
836 The caps on the memory that can be used by this zone. A scale (K, M, G, T) can
837 be applied to the value for each of these numbers (for example, 1M is one
838 megabyte). Each of these properties is optional but at least one property must
839 be set when adding this resource. Only a single instance of this resource can
840 be added to the zone. The \fBphysical\fR property sets the \fBmax-rss\fR for
841 this zone. This will be enforced by \fBrcapd\fR(1M) running in the global zone.
842 The \fBswap\fR property is the preferred way to set the \fBzone.max-swap\fR
843 rctl. The \fBlocked\fR property is the preferred way to set the
844 \fBzone.max-locked-memory\fR rctl.
845 .RE
846
847 .sp
848 .ne 2
849 .na
850 \fB\fBcapped-cpu\fR: ncpus\fR
851 .ad
852 .sp .6
853 .RS 4n
854 Sets a limit on the amount of CPU time that can be used by a zone. The unit
855 used translates to the percentage of a single CPU that can be used by all user
856 threads in a zone, expressed as a fraction (for example, \fB\&.75\fR) or a
857 mixed number (whole number and fraction, for example, \fB1.25\fR). An
858 \fBncpu\fR value of \fB1\fR means 100% of a CPU, a value of \fB1.25\fR means
859 125%, \fB\&.75\fR mean 75%, and so forth. When projects within a capped zone
860 have their own caps, the minimum value takes precedence.
861 .sp
862 The \fBcapped-cpu\fR property is an alias for \fBzone.cpu-cap\fR resource
863 control and is related to the \fBzone.cpu-cap\fR resource control. See
864 \fBresource_controls\fR(5).
865 .RE
866
867 .sp
868 .ne 2
869 .na
870 \fBglobal: \fBfs-allowed\fR\fR
871 .ad
872 .sp .6
873 .RS 4n
874 A comma-separated list of additional filesystems that may be mounted within
875 the zone; for example "ufs,pcfs". By default, only hsfs(7fs) and network
876 filesystems can be mounted. If the first entry in the list is "-" then
877 that disables all of the default filesystems. If any filesystems are listed
878 after "-" then only those filesystems can be mounted.
879
880 This property does not apply to filesystems mounted into the zone via "add fs"
881 or "add dataset".
882
883 WARNING: allowing filesystem mounts other than the default may allow the zone
884 administrator to compromise the system with a malicious filesystem image, and
885 is not supported.
886 .RE
887
888 .sp
889 .LP
890 The following table summarizes resources, property-names, and types:
891 .sp
892 .in +2
893 .nf
894 resource property-name type
895 (global) zonename simple
896 (global) zonepath simple
897 (global) autoboot simple
898 (global) bootargs simple
899 (global) pool simple
900 (global) limitpriv simple
901 (global) brand simple
902 (global) ip-type simple
903 (global) hostid simple
904 (global) cpu-shares simple
905 (global) max-lwps simple
906 (global) max-msg-ids simple
907 (global) max-sem-ids simple
908 (global) max-shm-ids simple
909 (global) max-shm-memory simple
910 (global) scheduling-class simple
911 fs dir simple
912 special simple
913 raw simple
914 type simple
915 options list of simple
916 net address simple
917 physical simple
918 device match simple
919 rctl name simple
920 value list of complex
921 attr name simple
922 type simple
923 value simple
924 dataset name simple
925 dedicated-cpu ncpus simple or range
926 importance simple
927
928 capped-memory physical simple with scale
929 swap simple with scale
930 locked simple with scale
931
932 capped-cpu ncpus simple
933 .fi
934 .in -2
935 .sp
936
937 .sp
938 .LP
939 To further specify things, the breakdown of the complex property "value" of the
940 "rctl" resource type, it consists of three name/value pairs, the names being
941 "priv", "limit" and "action", each of which takes a simple value. The "name"
942 property of an "attr" resource is syntactically restricted in a fashion similar
943 but not identical to zone names: it must begin with an alphanumeric, and can
944 contain alphanumerics plus the hyphen (\fB-\fR), underscore (\fB_\fR), and dot
945 (\fB\&.\fR) characters. Attribute names beginning with "zone" are reserved for
946 use by the system. Finally, the "autoboot" global property must have a value of
947 "true" or "false".
948 .SS "Using Kernel Statistics to Monitor CPU Caps"
949 .LP
950 Using the kernel statistics (\fBkstat\fR(3KSTAT)) module \fBcaps\fR, the system
951 maintains information for all capped projects and zones. You can access this
952 information by reading kernel statistics (\fBkstat\fR(3KSTAT)), specifying
953 \fBcaps\fR as the \fBkstat\fR module name. The following command displays
954 kernel statistics for all active CPU caps:
955 .sp
956 .in +2
957 .nf
958 # \fBkstat caps::'/cpucaps/'\fR
959 .fi
960 .in -2
961 .sp
962
963 .sp
964 .LP
965 A \fBkstat\fR(1M) command running in a zone displays only CPU caps relevant for
966 that zone and for projects in that zone. See \fBEXAMPLES\fR.
967 .sp
968 .LP
969 The following are cap-related arguments for use with \fBkstat\fR(1M):
970 .sp
971 .ne 2
972 .na
973 \fB\fBcaps\fR\fR
974 .ad
975 .sp .6
976 .RS 4n
977 The \fBkstat\fR module.
978 .RE
979
980 .sp
981 .ne 2
982 .na
983 \fB\fBproject_caps\fR or \fBzone_caps\fR\fR
984 .ad
985 .sp .6
986 .RS 4n
987 \fBkstat\fR class, for use with the \fBkstat\fR \fB-c\fR option.
988 .RE
989
990 .sp
991 .ne 2
992 .na
993 \fB\fBcpucaps_project_\fR\fIid\fR or \fBcpucaps_zone_\fR\fIid\fR\fR
994 .ad
995 .sp .6
996 .RS 4n
997 \fBkstat\fR name, for use with the \fBkstat\fR \fB-n\fR option. \fIid\fR is the
998 project or zone identifier.
999 .RE
1000
1001 .sp
1002 .LP
1003 The following fields are displayed in response to a \fBkstat\fR(1M) command
1004 requesting statistics for all CPU caps.
1005 .sp
1006 .ne 2
1007 .na
1008 \fB\fBmodule\fR\fR
1009 .ad
1010 .sp .6
1011 .RS 4n
1012 In this usage of \fBkstat\fR, this field will have the value \fBcaps\fR.
1013 .RE
1014
1015 .sp
1016 .ne 2
1017 .na
1018 \fB\fBname\fR\fR
1019 .ad
1020 .sp .6
1021 .RS 4n
1022 As described above, \fBcpucaps_project_\fR\fIid\fR or
1023 \fBcpucaps_zone_\fR\fIid\fR
1024 .RE
1025
1026 .sp
1027 .ne 2
1028 .na
1029 \fB\fBabove_sec\fR\fR
1030 .ad
1031 .sp .6
1032 .RS 4n
1033 Total time, in seconds, spent above the cap.
1034 .RE
1035
1036 .sp
1037 .ne 2
1038 .na
1039 \fB\fBbelow_sec\fR\fR
1040 .ad
1041 .sp .6
1042 .RS 4n
1043 Total time, in seconds, spent below the cap.
1044 .RE
1045
1046 .sp
1047 .ne 2
1048 .na
1049 \fB\fBmaxusage\fR\fR
1050 .ad
1051 .sp .6
1052 .RS 4n
1053 Maximum observed CPU usage.
1054 .RE
1055
1056 .sp
1057 .ne 2
1058 .na
1059 \fB\fBnwait\fR\fR
1060 .ad
1061 .sp .6
1062 .RS 4n
1063 Number of threads on cap wait queue.
1064 .RE
1065
1066 .sp
1067 .ne 2
1068 .na
1069 \fB\fBusage\fR\fR
1070 .ad
1071 .sp .6
1072 .RS 4n
1073 Current aggregated CPU usage for all threads belonging to a capped project or
1074 zone, in terms of a percentage of a single CPU.
1075 .RE
1076
1077 .sp
1078 .ne 2
1079 .na
1080 \fB\fBvalue\fR\fR
1081 .ad
1082 .sp .6
1083 .RS 4n
1084 The cap value, in terms of a percentage of a single CPU.
1085 .RE
1086
1087 .sp
1088 .ne 2
1089 .na
1090 \fB\fBzonename\fR\fR
1091 .ad
1092 .sp .6
1093 .RS 4n
1094 Name of the zone for which statistics are displayed.
1095 .RE
1096
1097 .sp
1098 .LP
1099 See \fBEXAMPLES\fR for sample output from a \fBkstat\fR command.
1100 .SH OPTIONS
1101 .LP
1102 The following options are supported:
1103 .sp
1104 .ne 2
1105 .na
1106 \fB\fB-f\fR \fIcommand_file\fR\fR
1107 .ad
1108 .sp .6
1109 .RS 4n
1110 Specify the name of \fBzonecfg\fR command file. \fIcommand_file\fR is a text
1111 file of \fBzonecfg\fR subcommands, one per line.
1112 .RE
1113
1114 .sp
1115 .ne 2
1116 .na
1117 \fB\fB-z\fR \fIzonename\fR\fR
1118 .ad
1119 .sp .6
1120 .RS 4n
1121 Specify the name of a zone. Zone names are case sensitive. Zone names must
1122 begin with an alphanumeric character and can contain alphanumeric characters,
1123 the underscore (\fB_\fR) the hyphen (\fB-\fR), and the dot (\fB\&.\fR). The
1124 name \fBglobal\fR and all names beginning with \fBSUNW\fR are reserved and
1125 cannot be used.
1126 .RE
1127
1128 .SH SUBCOMMANDS
1129 .LP
1130 You can use the \fBadd\fR and \fBselect\fR subcommands to select a specific
1131 resource, at which point the scope changes to that resource. The \fBend\fR and
1132 \fBcancel\fR subcommands are used to complete the resource specification, at
1133 which time the scope is reverted back to global. Certain subcommands, such as
1134 \fBadd\fR, \fBremove\fR and \fBset\fR, have different semantics in each scope.
1135 .sp
1136 .LP
1137 \fBzonecfg\fR supports a semicolon-separated list of subcommands. For example:
1138 .sp
1139 .in +2
1140 .nf
1141 # \fBzonecfg -z myzone "add net; set physical=myvnic; end"\fR
1142 .fi
1143 .in -2
1144 .sp
1145
1146 .sp
1147 .LP
1148 Subcommands which can result in destructive actions or loss of work have an
1149 \fB-F\fR option to force the action. If input is from a terminal device, the
1150 user is prompted when appropriate if such a command is given without the
1151 \fB-F\fR option otherwise, if such a command is given without the \fB-F\fR
1152 option, the action is disallowed, with a diagnostic message written to standard
1153 error.
1154 .sp
1155 .LP
1156 The following subcommands are supported:
1157 .sp
1158 .ne 2
1159 .na
1160 \fB\fBadd\fR \fIresource-type\fR (global scope)\fR
1161 .ad
1162 .br
1163 .na
1164 \fB\fBadd\fR \fIproperty-name property-value\fR (resource scope)\fR
1165 .ad
1166 .sp .6
1167 .RS 4n
1168 In the global scope, begin the specification for a given resource type. The
1169 scope is changed to that resource type.
1170 .sp
1171 In the resource scope, add a property of the given name with the given value.
1172 The syntax for property values varies with different property types. In
1173 general, it is a simple value or a list of simple values enclosed in square
1174 brackets, separated by commas (\fB[foo,bar,baz]\fR). See \fBPROPERTIES\fR.
1175 .RE
1176
1177 .sp
1178 .ne 2
1179 .na
1180 \fB\fBcancel\fR\fR
1181 .ad
1182 .sp .6
1183 .RS 4n
1184 End the resource specification and reset scope to global. Abandons any
1185 partially specified resources. \fBcancel\fR is only applicable in the resource
1186 scope.
1187 .RE
1188
1189 .sp
1190 .ne 2
1191 .na
1192 \fB\fBclear\fR \fIproperty-name\fR\fR
1193 .ad
1194 .sp .6
1195 .RS 4n
1196 Clear the value for the property.
1197 .RE
1198
1199 .sp
1200 .ne 2
1201 .na
1202 \fB\fBcommit\fR\fR
1203 .ad
1204 .sp .6
1205 .RS 4n
1206 Commit the current configuration from memory to stable storage. The
1207 configuration must be committed to be used by \fBzoneadm\fR. Until the
1208 in-memory configuration is committed, you can remove changes with the
1209 \fBrevert\fR subcommand. The \fBcommit\fR operation is attempted automatically
1210 upon completion of a \fBzonecfg\fR session. Since a configuration must be
1211 correct to be committed, this operation automatically does a verify.
1212 .RE
1213
1214 .sp
1215 .ne 2
1216 .na
1217 \fB\fBcreate [\fR\fB-F\fR\fB] [\fR \fB-a\fR \fIpath\fR |\fB-b\fR \fB|\fR
1218 \fB-t\fR \fItemplate\fR\fB]\fR\fR
1219 .ad
1220 .sp .6
1221 .RS 4n
1222 Create an in-memory configuration for the specified zone. Use \fBcreate\fR to
1223 begin to configure a new zone. See \fBcommit\fR for saving this to stable
1224 storage.
1225 .sp
1226 If you are overwriting an existing configuration, specify the \fB-F\fR option
1227 to force the action. Specify the \fB-t\fR \fItemplate\fR option to create a
1228 configuration identical to \fItemplate\fR, where \fItemplate\fR is the name of
1229 a configured zone.
1230 .sp
1231 Use the \fB-a\fR \fIpath\fR option to facilitate configuring a detached zone on
1232 a new host. The \fIpath\fR parameter is the zonepath location of a detached
1233 zone that has been moved on to this new host. Once the detached zone is
1234 configured, it should be installed using the "\fBzoneadm attach\fR" command
1235 (see \fBzoneadm\fR(1M)). All validation of the new zone happens during the
1236 \fBattach\fR process, not during zone configuration.
1237 .sp
1238 Use the \fB-b\fR option to create a blank configuration. Without arguments,
1239 \fBcreate\fR applies the Sun default settings.
1240 .RE
1241
1242 .sp
1243 .ne 2
1244 .na
1245 \fB\fBdelete [\fR\fB-F\fR\fB]\fR\fR
1246 .ad
1247 .sp .6
1248 .RS 4n
1249 Delete the specified configuration from memory and stable storage. This action
1250 is instantaneous, no commit is necessary. A deleted configuration cannot be
1251 reverted.
1252 .sp
1253 Specify the \fB-F\fR option to force the action.
1254 .RE
1255
1256 .sp
1257 .ne 2
1258 .na
1259 \fB\fBend\fR\fR
1260 .ad
1261 .sp .6
1262 .RS 4n
1263 End the resource specification. This subcommand is only applicable in the
1264 resource scope. \fBzonecfg\fR checks to make sure the current resource is
1265 completely specified. If so, it is added to the in-memory configuration (see
1266 \fBcommit\fR for saving this to stable storage) and the scope reverts to
1267 global. If the specification is incomplete, it issues an appropriate error
1268 message.
1269 .RE
1270
1271 .sp
1272 .ne 2
1273 .na
1274 \fB\fBexport [\fR\fB-f\fR \fIoutput-file\fR\fB]\fR\fR
1275 .ad
1276 .sp .6
1277 .RS 4n
1278 Print configuration to standard output. Use the \fB-f\fR option to print the
1279 configuration to \fIoutput-file\fR. This option produces output in a form
1280 suitable for use in a command file.
1281 .RE
1282
1283 .sp
1284 .ne 2
1285 .na
1286 \fB\fBhelp [usage] [\fIsubcommand\fR] [syntax] [\fR\fIcommand-name\fR\fB]\fR\fR
1287 .ad
1288 .sp .6
1289 .RS 4n
1290 Print general help or help about given topic.
1291 .RE
1292
1293 .sp
1294 .ne 2
1295 .na
1296 \fB\fBinfo zonename | zonepath | autoboot | brand | pool | limitpriv\fR\fR
1297 .ad
1298 .br
1299 .na
1300 \fB\fBinfo [\fR\fIresource-type\fR
1301 \fB[\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB]*]\fR\fR
1302 .ad
1303 .sp .6
1304 .RS 4n
1305 Display information about the current configuration. If \fIresource-type\fR is
1306 specified, displays only information about resources of the relevant type. If
1307 any \fIproperty-name\fR value pairs are specified, displays only information
1308 about resources meeting the given criteria. In the resource scope, any
1309 arguments are ignored, and \fBinfo\fR displays information about the resource
1310 which is currently being added or modified.
1311 .RE
1312
1313 .sp
1314 .ne 2
1315 .na
1316 \fB\fBremove\fR \fIresource-type\fR\fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty
1317 -value\fR\fB}\fR(global scope)\fR
1318 .ad
1319 .sp .6
1320 .RS 4n
1321 In the global scope, removes the specified resource. The \fB[]\fR syntax means
1322 0 or more of whatever is inside the square braces. If you want only to remove a
1323 single instance of the resource, you must specify enough property name-value
1324 pairs for the resource to be uniquely identified. If no property name-value
1325 pairs are specified, all instances will be removed. If there is more than one
1326 pair is specified, a confirmation is required, unless you use the \fB-F\fR
1327 option.
1328 .RE
1329
1330 .sp
1331 .ne 2
1332 .na
1333 \fB\fBselect\fR \fIresource-type\fR
1334 \fB{\fR\fIproperty-name\fR\fB=\fR\fIproperty-value\fR\fB}\fR\fR
1335 .ad
1336 .sp .6
1337 .RS 4n
1338 Select the resource of the given type which matches the given
1339 \fIproperty-name\fR \fIproperty-value\fR pair criteria, for modification. This
1340 subcommand is applicable only in the global scope. The scope is changed to that
1341 resource type. The \fB{}\fR syntax means 1 or more of whatever is inside the
1342 curly braces. You must specify enough \fIproperty -name property-value\fR pairs
1343 for the resource to be uniquely identified.
1344 .RE
1345
1346 .sp
1347 .ne 2
1348 .na
1349 \fB\fBset\fR \fIproperty-name\fR\fB=\fR\fIproperty\fR\fB-\fR\fIvalue\fR\fR
1350 .ad
1351 .sp .6
1352 .RS 4n
1353 Set a given property name to the given value. Some properties (for example,
1354 \fBzonename\fR and \fBzonepath\fR) are global while others are
1355 resource-specific. This subcommand is applicable in both the global and
1356 resource scopes.
1357 .RE
1358
1359 .sp
1360 .ne 2
1361 .na
1362 \fB\fBverify\fR\fR
1363 .ad
1364 .sp .6
1365 .RS 4n
1366 Verify the current configuration for correctness:
1367 .RS +4
1368 .TP
1369 .ie t \(bu
1370 .el o
1371 All resources have all of their required properties specified.
1372 .RE
1373 .RS +4
1374 .TP
1375 .ie t \(bu
1376 .el o
1377 A \fBzonepath\fR is specified.
1378 .RE
1379 .RE
1380
1381 .sp
1382 .ne 2
1383 .na
1384 \fB\fBrevert\fR \fB[\fR\fB-F\fR\fB]\fR\fR
1385 .ad
1386 .sp .6
1387 .RS 4n
1388 Revert the configuration back to the last committed state. The \fB-F\fR option
1389 can be used to force the action.
1390 .RE
1391
1392 .sp
1393 .ne 2
1394 .na
1395 \fB\fBexit [\fR\fB-F\fR\fB]\fR\fR
1396 .ad
1397 .sp .6
1398 .RS 4n
1399 Exit the \fBzonecfg\fR session. A commit is automatically attempted if needed.
1400 You can also use an \fBEOF\fR character to exit \fBzonecfg\fR. The \fB-F\fR
1401 option can be used to force the action.
1402 .RE
1403
1404 .SH EXAMPLES
1405 .LP
1406 \fBExample 1 \fRCreating the Environment for a New Zone
1407 .sp
1408 .LP
1409 In the following example, \fBzonecfg\fR creates the environment for a new zone.
1410 \fB/usr/local\fR is loopback mounted from the global zone into
1411 \fB/opt/local\fR. \fB/opt/sfw\fR is loopback mounted from the global zone,
1412 three logical network interfaces are added, and a limit on the number of
1413 fair-share scheduler (FSS) CPU shares for a zone is set using the \fBrctl\fR
1414 resource type. The example also shows how to select a given resource for
1415 modification.
1416
1417 .sp
1418 .in +2
1419 .nf
1420 example# \fBzonecfg -z myzone3\fR
1421 my-zone3: No such zone configured
1422 Use 'create' to begin configuring a new zone.
1423 zonecfg:myzone3> \fBcreate\fR
1424 zonecfg:myzone3> \fBset zonepath=/export/home/my-zone3\fR
1425 zonecfg:myzone3> \fBset autoboot=true\fR
1426 zonecfg:myzone3> \fBadd fs\fR
1427 zonecfg:myzone3:fs> \fBset dir=/usr/local\fR
1428 zonecfg:myzone3:fs> \fBset special=/opt/local\fR
1429 zonecfg:myzone3:fs> \fBset type=lofs\fR
1430 zonecfg:myzone3:fs> \fBadd options [ro,nodevices]\fR
1431 zonecfg:myzone3:fs> \fBend\fR
1432 zonecfg:myzone3> \fBadd fs\fR
1433 zonecfg:myzone3:fs> \fBset dir=/mnt\fR
1434 zonecfg:myzone3:fs> \fBset special=/dev/dsk/c0t0d0s7\fR
1435 zonecfg:myzone3:fs> \fBset raw=/dev/rdsk/c0t0d0s7\fR
1436 zonecfg:myzone3:fs> \fBset type=ufs\fR
1437 zonecfg:myzone3:fs> \fBend\fR
1438 zonecfg:myzone3> \fBadd net\fR
1439 zonecfg:myzone3:net> \fBset address=192.168.0.1/24\fR
1440 zonecfg:myzone3:net> \fBset physical=eri0\fR
1441 zonecfg:myzone3:net> \fBend\fR
1442 zonecfg:myzone3> \fBadd net\fR
1443 zonecfg:myzone3:net> \fBset address=192.168.1.2/24\fR
1444 zonecfg:myzone3:net> \fBset physical=eri0\fR
1445 zonecfg:myzone3:net> \fBend\fR
1446 zonecfg:myzone3> \fBadd net\fR
1447 zonecfg:myzone3:net> \fBset address=192.168.2.3/24\fR
1448 zonecfg:myzone3:net> \fBset physical=eri0\fR
1449 zonecfg:myzone3:net> \fBend\fR
1450 zonecfg:my-zone3> \fBset cpu-shares=5\fR
1451 zonecfg:my-zone3> \fBadd capped-memory\fR
1452 zonecfg:my-zone3:capped-memory> \fBset physical=50m\fR
1453 zonecfg:my-zone3:capped-memory> \fBset swap=100m\fR
1454 zonecfg:my-zone3:capped-memory> \fBend\fR
1455 zonecfg:myzone3> \fBexit\fR
1456 .fi
1457 .in -2
1458 .sp
1459
1460 .LP
1461 \fBExample 2 \fRCreating a Non-Native Zone
1462 .sp
1463 .LP
1464 The following example creates a new Linux zone:
1465
1466 .sp
1467 .in +2
1468 .nf
1469 example# \fBzonecfg -z lxzone\fR
1470 lxzone: No such zone configured
1471 Use 'create' to begin configuring a new zone
1472 zonecfg:lxzone> \fBcreate -t SUNWlx\fR
1473 zonecfg:lxzone> \fBset zonepath=/export/zones/lxzone\fR
1474 zonecfg:lxzone> \fBset autoboot=true\fR
1475 zonecfg:lxzone> \fBexit\fR
1476 .fi
1477 .in -2
1478 .sp
1479
1480 .LP
1481 \fBExample 3 \fRCreating an Exclusive-IP Zone
1482 .sp
1483 .LP
1484 The following example creates a zone that is granted exclusive access to
1485 \fBbge1\fR and \fBbge33000\fR and that is isolated at the IP layer from the
1486 other zones configured on the system.
1487
1488 .sp
1489 .LP
1490 The IP addresses and routing is configured inside the new zone using
1491 \fBsysidtool\fR(1M).
1492
1493 .sp
1494 .in +2
1495 .nf
1496 example# \fBzonecfg -z excl\fR
1497 excl: No such zone configured
1498 Use 'create' to begin configuring a new zone
1499 zonecfg:excl> \fBcreate\fR
1500 zonecfg:excl> \fBset zonepath=/export/zones/excl\fR
1501 zonecfg:excl> \fBset ip-type=exclusive\fR
1502 zonecfg:excl> \fBadd net\fR
1503 zonecfg:excl:net> \fBset physical=bge1\fR
1504 zonecfg:excl:net> \fBend\fR
1505 zonecfg:excl> \fBadd net\fR
1506 zonecfg:excl:net> \fBset physical=bge33000\fR
1507 zonecfg:excl:net> \fBend\fR
1508 zonecfg:excl> \fBexit\fR
1509 .fi
1510 .in -2
1511 .sp
1512
1513 .LP
1514 \fBExample 4 \fRAssociating a Zone with a Resource Pool
1515 .sp
1516 .LP
1517 The following example shows how to associate an existing zone with an existing
1518 resource pool:
1519
1520 .sp
1521 .in +2
1522 .nf
1523 example# \fBzonecfg -z myzone\fR
1524 zonecfg:myzone> \fBset pool=mypool\fR
1525 zonecfg:myzone> \fBexit\fR
1526 .fi
1527 .in -2
1528 .sp
1529
1530 .sp
1531 .LP
1532 For more information about resource pools, see \fBpooladm\fR(1M) and
1533 \fBpoolcfg\fR(1M).
1534
1535 .LP
1536 \fBExample 5 \fRChanging the Name of a Zone
1537 .sp
1538 .LP
1539 The following example shows how to change the name of an existing zone:
1540
1541 .sp
1542 .in +2
1543 .nf
1544 example# \fBzonecfg -z myzone\fR
1545 zonecfg:myzone> \fBset zonename=myzone2\fR
1546 zonecfg:myzone2> \fBexit\fR
1547 .fi
1548 .in -2
1549 .sp
1550
1551 .LP
1552 \fBExample 6 \fRChanging the Privilege Set of a Zone
1553 .sp
1554 .LP
1555 The following example shows how to change the set of privileges an existing
1556 zone's processes will be limited to the next time the zone is booted. In this
1557 particular case, the privilege set will be the standard safe set of privileges
1558 a zone normally has along with the privilege to change the system date and
1559 time:
1560
1561 .sp
1562 .in +2
1563 .nf
1564 example# \fBzonecfg -z myzone\fR
1565 zonecfg:myzone> \fBset limitpriv="default,sys_time"\fR
1566 zonecfg:myzone2> \fBexit\fR
1567 .fi
1568 .in -2
1569 .sp
1570
1571 .LP
1572 \fBExample 7 \fRSetting the \fBzone.cpu-shares\fR Property for the Global Zone
1573 .sp
1574 .LP
1575 The following command sets the \fBzone.cpu-shares\fR property for the global
1576 zone:
1577
1578 .sp
1579 .in +2
1580 .nf
1581 example# \fBzonecfg -z global\fR
1582 zonecfg:global> \fBset cpu-shares=5\fR
1583 zonecfg:global> \fBexit\fR
1584 .fi
1585 .in -2
1586 .sp
1587
1588 .LP
1589 \fBExample 8 \fRUsing Pattern Matching
1590 .sp
1591 .LP
1592 The following commands illustrate \fBzonecfg\fR support for pattern matching.
1593 In the zone \fBflexlm\fR, enter:
1594
1595 .sp
1596 .in +2
1597 .nf
1598 zonecfg:flexlm> \fBadd device\fR
1599 zonecfg:flexlm:device> \fBset match="/dev/cua/a00[2-5]"\fR
1600 zonecfg:flexlm:device> \fBend\fR
1601 .fi
1602 .in -2
1603 .sp
1604
1605 .sp
1606 .LP
1607 In the global zone, enter:
1608
1609 .sp
1610 .in +2
1611 .nf
1612 global# \fBls /dev/cua\fR
1613 a a000 a001 a002 a003 a004 a005 a006 a007 b
1614 .fi
1615 .in -2
1616 .sp
1617
1618 .sp
1619 .LP
1620 In the zone \fBflexlm\fR, enter:
1621
1622 .sp
1623 .in +2
1624 .nf
1625 flexlm# \fBls /dev/cua\fR
1626 a002 a003 a004 a005
1627 .fi
1628 .in -2
1629 .sp
1630
1631 .LP
1632 \fBExample 9 \fRSetting a Cap for a Zone to Three CPUs
1633 .sp
1634 .LP
1635 The following sequence uses the \fBzonecfg\fR command to set the CPU cap for a
1636 zone to three CPUs.
1637
1638 .sp
1639 .in +2
1640 .nf
1641 zonecfg:myzone> \fBadd capped-cpu\fR
1642 zonecfg:myzone>capped-cpu> \fBset ncpus=3\fR
1643 zonecfg:myzone>capped-cpu>capped-cpu> \fBend\fR
1644 .fi
1645 .in -2
1646 .sp
1647
1648 .sp
1649 .LP
1650 The preceding sequence, which uses the capped-cpu property, is equivalent to
1651 the following sequence, which makes use of the \fBzone.cpu-cap\fR resource
1652 control.
1653
1654 .sp
1655 .in +2
1656 .nf
1657 zonecfg:myzone> \fBadd rctl\fR
1658 zonecfg:myzone:rctl> \fBset name=zone.cpu-cap\fR
1659 zonecfg:myzone:rctl> \fBadd value (priv=privileged,limit=300,action=none)\fR
1660 zonecfg:myzone:rctl> \fBend\fR
1661 .fi
1662 .in -2
1663 .sp
1664
1665 .LP
1666 \fBExample 10 \fRUsing \fBkstat\fR to Monitor CPU Caps
1667 .sp
1668 .LP
1669 The following command displays information about all CPU caps.
1670
1671 .sp
1672 .in +2
1673 .nf
1674 # \fBkstat -n /cpucaps/\fR
1675 module: caps instance: 0
1676 name: cpucaps_project_0 class: project_caps
1677 above_sec 0
1678 below_sec 2157
1679 crtime 821.048183159
1680 maxusage 2
1681 nwait 0
1682 snaptime 235885.637253027
1683 usage 0
1684 value 18446743151372347932
1685 zonename global
1686
1687 module: caps instance: 0
1688 name: cpucaps_project_1 class: project_caps
1689 above_sec 0
1690 below_sec 0
1691 crtime 225339.192787265
1692 maxusage 5
1693 nwait 0
1694 snaptime 235885.637591677
1695 usage 5
1696 value 18446743151372347932
1697 zonename global
1698
1699 module: caps instance: 0
1700 name: cpucaps_project_201 class: project_caps
1701 above_sec 0
1702 below_sec 235105
1703 crtime 780.37961782
1704 maxusage 100
1705 nwait 0
1706 snaptime 235885.637789687
1707 usage 43
1708 value 100
1709 zonename global
1710
1711 module: caps instance: 0
1712 name: cpucaps_project_202 class: project_caps
1713 above_sec 0
1714 below_sec 235094
1715 crtime 791.72983782
1716 maxusage 100
1717 nwait 0
1718 snaptime 235885.637967512
1719 usage 48
1720 value 100
1721 zonename global
1722
1723 module: caps instance: 0
1724 name: cpucaps_project_203 class: project_caps
1725 above_sec 0
1726 below_sec 235034
1727 crtime 852.104401481
1728 maxusage 75
1729 nwait 0
1730 snaptime 235885.638144304
1731 usage 47
1732 value 100
1733 zonename global
1734
1735 module: caps instance: 0
1736 name: cpucaps_project_86710 class: project_caps
1737 above_sec 22
1738 below_sec 235166
1739 crtime 698.441717859
1740 maxusage 101
1741 nwait 0
1742 snaptime 235885.638319871
1743 usage 54
1744 value 100
1745 zonename global
1746
1747 module: caps instance: 0
1748 name: cpucaps_zone_0 class: zone_caps
1749 above_sec 100733
1750 below_sec 134332
1751 crtime 821.048177123
1752 maxusage 207
1753 nwait 2
1754 snaptime 235885.638497731
1755 usage 199
1756 value 200
1757 zonename global
1758
1759 module: caps instance: 1
1760 name: cpucaps_project_0 class: project_caps
1761 above_sec 0
1762 below_sec 0
1763 crtime 225360.256448422
1764 maxusage 7
1765 nwait 0
1766 snaptime 235885.638714404
1767 usage 7
1768 value 18446743151372347932
1769 zonename test_001
1770
1771 module: caps instance: 1
1772 name: cpucaps_zone_1 class: zone_caps
1773 above_sec 2
1774 below_sec 10524
1775 crtime 225360.256440278
1776 maxusage 106
1777 nwait 0
1778 snaptime 235885.638896443
1779 usage 7
1780 value 100
1781 zonename test_001
1782 .fi
1783 .in -2
1784 .sp
1785
1786 .LP
1787 \fBExample 11 \fRDisplaying CPU Caps for a Specific Zone or Project
1788 .sp
1789 .LP
1790 Using the \fBkstat\fR \fB-c\fR and \fB-i\fR options, you can display CPU caps
1791 for a specific zone or project, as below. The first command produces a display
1792 for a specific project, the second for the same project within zone 1.
1793
1794 .sp
1795 .in +2
1796 .nf
1797 # \fBkstat -c project_caps\fR
1798
1799 # \fBkstat -c project_caps -i 1\fR
1800 .fi
1801 .in -2
1802 .sp
1803
1804 .SH EXIT STATUS
1805 .LP
1806 The following exit values are returned:
1807 .sp
1808 .ne 2
1809 .na
1810 \fB\fB0\fR\fR
1811 .ad
1812 .sp .6
1813 .RS 4n
1814 Successful completion.
1815 .RE
1816
1817 .sp
1818 .ne 2
1819 .na
1820 \fB\fB1\fR\fR
1821 .ad
1822 .sp .6
1823 .RS 4n
1824 An error occurred.
1825 .RE
1826
1827 .sp
1828 .ne 2
1829 .na
1830 \fB\fB2\fR\fR
1831 .ad
1832 .sp .6
1833 .RS 4n
1834 Invalid usage.
1835 .RE
1836
1837 .SH ATTRIBUTES
1838 .LP
1839 See \fBattributes\fR(5) for descriptions of the following attributes:
1840 .sp
1841
1842 .sp
1843 .TS
1844 box;
1845 c | c
1846 l | l .
1847 ATTRIBUTE TYPE ATTRIBUTE VALUE
1848 _
1849 Interface Stability Volatile
1850 .TE
1851
1852 .SH SEE ALSO
1853 .LP
1854 \fBppriv\fR(1), \fBprctl\fR(1), \fBzlogin\fR(1), \fBkstat\fR(1M),
1855 \fBmount\fR(1M), \fBpooladm\fR(1M), \fBpoolcfg\fR(1M), \fBpoold\fR(1M),
1856 \fBrcapd\fR(1M), \fBrctladm\fR(1M), \fBsvcadm\fR(1M), \fBsysidtool\fR(1M),
1857 \fBzfs\fR(1M), \fBzoneadm\fR(1M), \fBpriocntl\fR(2), \fBpriv_str_to_set\fR(3C),
1858 \fBkstat\fR(3KSTAT), \fBvfstab\fR(4), \fBattributes\fR(5), \fBbrands\fR(5),
1859 \fBfnmatch\fR(5), \fBlx\fR(5), \fBprivileges\fR(5), \fBresource_controls\fR(5),
1860 \fBzones\fR(5)
1861 .sp
1862 .LP
1863 \fISystem Administration Guide: Solaris Containers-Resource Management, and
1864 Solaris Zones\fR
1865 .SH NOTES
1866 .LP
1867 All character data used by \fBzonecfg\fR must be in US-ASCII encoding.