Virtualization and Namespace Isolation in the Solaris Operating System (PSARC/2002/174) John Beck, David Comay, Ozgur L., Daniel Price, and Andy T. Solaris Kernel Technology Andrew G. and Blaise S. Solaris Network and Security Technologies Revision 1.6 (OpenSolaris) September 7, 2006 ii Contents 1 Introduction 1 1.1 Zone Basics . 2 1.2 Zone Principles . 3 1.3 Terminology and Conventions . 5 1.4 Outline . 6 2 Related Work 7 3 Zone Runtime 9 3.1 Zone State Model . 9 3.2 Zone Names and Numeric IDs . 10 3.3 Zone Runtime Support . 10 3.3.1 zoneadmd(1M) ............................... 10 3.3.2 zsched . 12 3.4 Listing Zone Information . 12 4 Zone Administration 13 4.1 Zone Configuration . 13 4.1.1 Configuration Data . 14 4.2 Zone Installation . 15 4.3 Virtual Platform Administration . 16 4.3.1 Readying Zones . 16 4.3.2 Booting Zones . 16 4.3.3 Halting Zones . 17 4.3.4 Rebooting Zones . 17 4.3.5 Automatic Zone Booting . 18 4.4 Zone Login . 18 4.4.1 Zone Console Login . 18 4.4.2 Interactive and Non-Interactive Modes . 19 4.4.3 Failsafe Mode . 20 4.4.4 Remote Login . 20 4.5 Monitoring and Controlling Zone Processes . 21 iii 5 Administration within Zones 23 5.1 Node Name . 23 5.2 Name Service Usage within a Zone . 23 5.3 Default Locale and Timezone . 24 5.4 Initial Zone Configuration . 24 5.5 System Log Daemon . 24 5.6 Commands . 25 5.7 Internals of Booting Zones . 25 5.7.1 zinit . 25 6 Packaging and Installation 27 6.1 File Access . 28 6.2 Zone models . 28 6.2.1 Whole Root model . 29 6.2.2 Sparse Root model . 29 6.3 Package refactoring . 29 7 Security 31 7.1 Credential Handling . 31 7.2 Fine-Grained Privileges . 32 7.2.1 Safe Privileges . 32 7.2.2 Zone Privilege Limits . 32 7.2.3 Privilege Escalation . 35 7.3 Role-Based Access Control . 36 7.4 Chroot Interactions . 36 7.5 Audit . 37 8 Process Model 39 8.1 Signals and Process Control . 39 8.2 Global Zone Visibility and Access . 40 8.3 /proc ....................................... 40 8.4 Core Files . 41 9 File Systems 43 9.1 Configuration . 43 9.1.1 Zonecfg File System Configuration . 43 9.2 Size Restrictions . 44 9.3 File System-Specific Issues . 44 9.4 File System Traversal Issues . 46 iv 10 Networking 49 10.1 Partitioning . 49 10.2 Interfaces . 50 10.3IPv6........................................ 52 10.3.1 Address Auto-configuration . 52 10.3.2 Address Selection . 52 10.4 IPQoS . 53 10.5 IPsec . 53 10.6 Raw IP Socket Access . 53 10.7 DLPI Access . 54 10.8 Routing . 54 10.9 IP Multipathing . 54 10.10Mobile IP . 54 10.11NCA . 55 10.12DHCP . 55 10.13TCP Connection Teardown . 55 10.14Tuning . 55 10.15Unbundled Software . 56 10.15.1 SunScreen . 56 10.15.2 IP-Filter . 56 11 Devices 57 11.1 Device Categories . 57 11.1.1 Unsafe Devices . 58 11.1.2 Fully-Virtual Devices . 58 11.1.3 Sharable-Virtual Devices . 59 11.1.4 Exclusive-Use Devices . 59 11.2 /dev and /devices Namespace . 59 11.3 Device Management: Zone Configuration . 60 11.4 Device Management: Zone Runtime . 61 11.4.1 Read-Only mount of /dev ........................ 62 11.5 Device Privilege Enforcement . 62 11.5.1 DDI Impact . 63 11.5.2 File System Permissions . 63 11.5.3 The Trouble with Ioctls . 63 11.5.4 Illegal dev_t’s............................... 64 11.6 Device Driver Administration . 64 11.7 Zone Console Design . 64 11.8 Pseudo-Terminals . 65 11.9 ftpd . 66 v 12 Resource Management and Observability 69 12.1 Solaris Resource Management Interactions . 70 12.1.1 Accounting . 70 12.1.2 Projects, Resource Controls and the Fair Share Scheduler . 70 12.1.3 Resource Pools . 71 12.2 kstats ....................................... 71 13 Inter-Process Communication 73 13.1 Pipes, STREAMS, and Sockets . 73 13.2 Doors . 73 13.3 Loopback Transport Providers . 74 13.4 System V IPC . 74 13.5 POSIX IPC . 75 13.6 Event Channels . 75 14 Interoperability and Integration Issues 77 14.1 Project Dependencies . 77 14.2 Other Related Solaris Projects . 78 14.2.1 Solaris FMA . ..