Resources Included in the Configuration by Default
Configured Devices in lx Branded Zones
The devices supported by each zone are documented in the man pages and
other documentation for that brand. The lx zone does not allow the
addition of any unsupported or unrecognized devices. The framework detects any attempt to
add an unsupported device. An error message is issued that indicates the zone
configuration cannot be verified.
Note that access to an audio device running in the global zone
can be added through the attr resource property as shown in Step 12 of
How to Configure, Verify, and Commit the lx Branded Zone.
File Systems Defined in lx Branded Zones
The file systems that are required for a branded zone are defined in
the brand. You can add additional Solaris file systems to an lx branded
zone by using the fs resource property as shown in Step 9 of
How to Configure, Verify, and Commit the lx Branded Zone.
Note - Adding local Linux file systems is not supported. You can NFS mount file
systems from a Linux server.
Privileges Defined in lx Branded Zones
Processes are restricted to a subset of privileges. Privilege restriction prevents a zone from
performing operations that might affect other zones. The set of privileges limits the
capabilities of privileged users within the zone.
Default, required default, optional, and prohibited privileges are defined by each brand. You
can also add or remove certain privileges by using the limitpriv property
as shown in Step 8 of How to Configure, Verify, and Commit the lx Branded Zone. The table Table 26-1 lists all
of the Solaris privileges and the status of each privilege with respect to
zones.
For more information about privileges, see the ppriv(1) man page and System Administration Guide: Security Services.