Solaris Zones · Schema
Oracle Solaris Zone Configuration
Represents a complete Solaris zone configuration including global properties, resource assignments, and networking for non-global zones managed through zonecfg(8) and the RAD zonemgr module.
ContainersKernel ZonesOperating SystemsOracleRADResource ManagementSolarisStatsStoreVirtualizationZones
Properties
| Name | Type | Description |
|---|---|---|
| name | string | Unique name identifying the zone on the system |
| uuid | string | Universally unique identifier assigned to the zone |
| brand | string | Zone brand determining the runtime environment and kernel behavior |
| zonepath | string | File system path for the zone root directory |
| autoboot | boolean | Whether the zone should automatically boot when the global zone boots |
| autoshutdown | string | Action to take when the global zone is shut down |
| bootargs | string | Boot arguments passed to the zone at boot time |
| file-mac-profile | string | File MAC policy profile for mandatory access control |
| hostid | string | Emulated host identifier for the zone |
| ip-type | string | IP stack type for the zone |
| limitpriv | string | Comma-separated list of privileges for the zone |
| scheduling-class | string | Default scheduling class for processes in the zone |
| max-lwps | integer | Maximum number of lightweight processes allowed in the zone |
| max-processes | integer | Maximum number of processes allowed in the zone |
| max-shm-memory | string | Maximum shared memory allowed for the zone |
| max-shm-ids | integer | Maximum number of shared memory identifiers |
| max-msg-ids | integer | Maximum number of message queue identifiers |
| max-sem-ids | integer | Maximum number of semaphore identifiers |
| state | string | Current runtime state of the zone (read-only, not a configuration property) |
| id | integer | Kernel-assigned zone ID when the zone is running (read-only) |
| anet | array | Automatic network interface resources providing network connectivity |
| capped-cpu | object | |
| capped-memory | object | |
| dedicated-cpu | object | |
| virtual-cpu | object | |
| device | array | Device resources made available to the zone |
| fs | array | File system mount resources |
| net | array | Network interface resources for shared-IP zones |
| dataset | array | ZFS dataset resources delegated to the zone |
| rctl | array | Resource control entries for the zone |
| attr | array | Generic attribute key-value pairs |
| admin | array | Administrative access entries for zone delegation |
| rootzpool | object | |
| zpool | array | Additional ZFS pools available to the zone |
| smf-dependency | array | SMF service dependencies required before zone boot |
| verified-boot | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://docs.oracle.com/schemas/solaris/zone-configuration.json",
"title": "Oracle Solaris Zone Configuration",
"description": "Represents a complete Solaris zone configuration including global properties, resource assignments, and networking for non-global zones managed through zonecfg(8) and the RAD zonemgr module.",
"type": "object",
"required": ["name", "brand", "zonepath"],
"properties": {
"name": {
"type": "string",
"description": "Unique name identifying the zone on the system",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z][a-zA-Z0-9._-]*$"
},
"uuid": {
"type": "string",
"format": "uuid",
"description": "Universally unique identifier assigned to the zone"
},
"brand": {
"type": "string",
"description": "Zone brand determining the runtime environment and kernel behavior",
"enum": ["solaris", "solaris10", "solaris-kz", "labeled"]
},
"zonepath": {
"type": "string",
"description": "File system path for the zone root directory",
"examples": ["/system/zones/testzone1"]
},
"autoboot": {
"type": "boolean",
"description": "Whether the zone should automatically boot when the global zone boots",
"default": false
},
"autoshutdown": {
"type": "string",
"description": "Action to take when the global zone is shut down",
"enum": ["shutdown", "suspend"],
"default": "shutdown"
},
"bootargs": {
"type": "string",
"description": "Boot arguments passed to the zone at boot time"
},
"file-mac-profile": {
"type": "string",
"description": "File MAC policy profile for mandatory access control"
},
"hostid": {
"type": "string",
"description": "Emulated host identifier for the zone",
"pattern": "^[0-9a-fA-F]{1,8}$"
},
"ip-type": {
"type": "string",
"description": "IP stack type for the zone",
"enum": ["exclusive", "shared"],
"default": "exclusive"
},
"limitpriv": {
"type": "string",
"description": "Comma-separated list of privileges for the zone",
"examples": ["default,dtrace_user,dtrace_proc"]
},
"scheduling-class": {
"type": "string",
"description": "Default scheduling class for processes in the zone",
"examples": ["FSS", "TS"]
},
"max-lwps": {
"type": "integer",
"description": "Maximum number of lightweight processes allowed in the zone",
"minimum": 0
},
"max-processes": {
"type": "integer",
"description": "Maximum number of processes allowed in the zone",
"minimum": 0
},
"max-shm-memory": {
"type": "string",
"description": "Maximum shared memory allowed for the zone",
"examples": ["256m", "1g"]
},
"max-shm-ids": {
"type": "integer",
"description": "Maximum number of shared memory identifiers",
"minimum": 0
},
"max-msg-ids": {
"type": "integer",
"description": "Maximum number of message queue identifiers",
"minimum": 0
},
"max-sem-ids": {
"type": "integer",
"description": "Maximum number of semaphore identifiers",
"minimum": 0
},
"state": {
"type": "string",
"description": "Current runtime state of the zone (read-only, not a configuration property)",
"enum": ["configured", "incomplete", "installed", "ready", "running", "shutting_down", "down"],
"readOnly": true
},
"id": {
"type": "integer",
"description": "Kernel-assigned zone ID when the zone is running (read-only)",
"readOnly": true
},
"anet": {
"type": "array",
"description": "Automatic network interface resources providing network connectivity",
"items": {
"$ref": "#/$defs/AnetResource"
}
},
"capped-cpu": {
"$ref": "#/$defs/CappedCpuResource"
},
"capped-memory": {
"$ref": "#/$defs/CappedMemoryResource"
},
"dedicated-cpu": {
"$ref": "#/$defs/DedicatedCpuResource"
},
"virtual-cpu": {
"$ref": "#/$defs/VirtualCpuResource"
},
"device": {
"type": "array",
"description": "Device resources made available to the zone",
"items": {
"$ref": "#/$defs/DeviceResource"
}
},
"fs": {
"type": "array",
"description": "File system mount resources",
"items": {
"$ref": "#/$defs/FsResource"
}
},
"net": {
"type": "array",
"description": "Network interface resources for shared-IP zones",
"items": {
"$ref": "#/$defs/NetResource"
}
},
"dataset": {
"type": "array",
"description": "ZFS dataset resources delegated to the zone",
"items": {
"$ref": "#/$defs/DatasetResource"
}
},
"rctl": {
"type": "array",
"description": "Resource control entries for the zone",
"items": {
"$ref": "#/$defs/RctlResource"
}
},
"attr": {
"type": "array",
"description": "Generic attribute key-value pairs",
"items": {
"$ref": "#/$defs/AttrResource"
}
},
"admin": {
"type": "array",
"description": "Administrative access entries for zone delegation",
"items": {
"$ref": "#/$defs/AdminResource"
}
},
"rootzpool": {
"$ref": "#/$defs/RootzpoolResource"
},
"zpool": {
"type": "array",
"description": "Additional ZFS pools available to the zone",
"items": {
"$ref": "#/$defs/ZpoolResource"
}
},
"smf-dependency": {
"type": "array",
"description": "SMF service dependencies required before zone boot",
"items": {
"$ref": "#/$defs/SmfDependencyResource"
}
},
"verified-boot": {
"$ref": "#/$defs/VerifiedBootResource"
}
},
"$defs": {
"AnetResource": {
"type": "object",
"description": "Automatic network interface providing exclusive-IP networking for the zone",
"properties": {
"linkname": {
"type": "string",
"description": "Name of the network link inside the zone",
"examples": ["net0"]
},
"lower-link": {
"type": "string",
"description": "Physical link over which the VNIC is created",
"examples": ["auto", "net0"]
},
"mac-address": {
"type": "string",
"description": "MAC address for the virtual NIC",
"examples": ["auto", "random", "02:08:20:12:34:56"]
},
"vlan-id": {
"type": "integer",
"description": "VLAN identifier for tagged traffic",
"minimum": 0,
"maximum": 4094
},
"mtu": {
"type": "integer",
"description": "Maximum transmission unit size",
"minimum": 576,
"maximum": 9000
},
"defrouter": {
"type": "string",
"description": "Default router IP address",
"examples": ["10.0.0.1"]
},
"allowed-address": {
"type": "string",
"description": "IP address or CIDR permitted on this interface",
"examples": ["10.0.0.100/24"]
},
"configure-allowed-address": {
"type": "boolean",
"description": "Whether to automatically configure the allowed address on the interface",
"default": true
},
"link-protection": {
"type": "string",
"description": "Link protection mode to prevent spoofing",
"examples": ["mac-nospoof,ip-nospoof"]
},
"auto-mac-address": {
"type": "string",
"description": "Automatic MAC address assignment policy"
},
"mac-prefix": {
"type": "string",
"description": "MAC address prefix for auto-assigned addresses"
},
"mac-slot": {
"type": "integer",
"description": "MAC address slot number"
},
"vsi-typeid": {
"type": "integer",
"description": "VSI type identifier"
},
"vsi-typeidversion": {
"type": "integer",
"description": "VSI type identifier version"
},
"id": {
"type": "integer",
"description": "Resource identifier"
}
}
},
"CappedCpuResource": {
"type": "object",
"description": "CPU cap limiting the total CPU time available to the zone",
"properties": {
"ncpus": {
"type": "number",
"description": "CPU cap expressed as a decimal number of CPUs (e.g., 1.5 = 150% of one CPU)",
"minimum": 0,
"examples": [1.0, 2.5]
}
},
"required": ["ncpus"]
},
"CappedMemoryResource": {
"type": "object",
"description": "Memory caps limiting physical and swap memory available to the zone",
"properties": {
"physical": {
"type": "string",
"description": "Physical memory cap",
"examples": ["2G", "512M"]
},
"swap": {
"type": "string",
"description": "Swap memory cap",
"examples": ["4G", "1G"]
},
"locked": {
"type": "string",
"description": "Locked memory cap",
"examples": ["512M"]
}
}
},
"DedicatedCpuResource": {
"type": "object",
"description": "Dedicated CPU resource guaranteeing exclusive CPU access",
"properties": {
"ncpus": {
"type": "string",
"description": "Number or range of CPUs dedicated to the zone",
"examples": ["2", "1-4"]
},
"importance": {
"type": "integer",
"description": "Relative importance for CPU allocation when oversubscribed",
"minimum": 1
}
},
"required": ["ncpus"]
},
"VirtualCpuResource": {
"type": "object",
"description": "Virtual CPU resource for kernel zones (solaris-kz brand only)",
"properties": {
"ncpus": {
"type": "string",
"description": "Number or range of virtual CPUs",
"examples": ["4", "2-8"]
}
},
"required": ["ncpus"]
},
"DeviceResource": {
"type": "object",
"description": "Device resource allowing access to a host device from within the zone",
"properties": {
"match": {
"type": "string",
"description": "Device path pattern to match",
"examples": ["/dev/zvol/dsk/rpool/zvol1"]
},
"allow-partition": {
"type": "boolean",
"description": "Whether to allow access to device partitions"
},
"allow-raw-io": {
"type": "boolean",
"description": "Whether to allow raw I/O access to the device"
},
"storage": {
"type": "string",
"description": "Storage URI for the device"
},
"id": {
"type": "integer",
"description": "Resource identifier"
}
},
"required": ["match"]
},
"FsResource": {
"type": "object",
"description": "File system mount providing host file system access within the zone",
"required": ["dir", "special", "type"],
"properties": {
"dir": {
"type": "string",
"description": "Mount point directory inside the zone",
"examples": ["/opt/shared"]
},
"special": {
"type": "string",
"description": "Source file system path or device on the host",
"examples": ["/export/shared"]
},
"type": {
"type": "string",
"description": "File system type",
"enum": ["lofs", "hsfs", "nfs", "tmpfs", "ufs", "zfs"]
},
"options": {
"type": "array",
"items": {
"type": "string"
},
"description": "Mount options",
"examples": [["ro", "nosuid"]]
},
"raw": {
"type": "string",
"description": "Raw device path for fsck operations"
}
}
},
"NetResource": {
"type": "object",
"description": "Network interface resource for shared-IP zones",
"properties": {
"address": {
"type": "string",
"description": "IP address for the network interface",
"examples": ["10.0.0.100/24"]
},
"physical": {
"type": "string",
"description": "Physical network interface name",
"examples": ["net0"]
},
"defrouter": {
"type": "string",
"description": "Default router IP address"
}
},
"required": ["address", "physical"]
},
"DatasetResource": {
"type": "object",
"description": "ZFS dataset delegated to the zone for direct management",
"properties": {
"name": {
"type": "string",
"description": "ZFS dataset name",
"examples": ["rpool/export/zones/testzone1/data"]
},
"alias": {
"type": "string",
"description": "Alias name for the dataset inside the zone"
}
},
"required": ["name"]
},
"RctlResource": {
"type": "object",
"description": "Resource control entry limiting system resource usage within the zone",
"properties": {
"name": {
"type": "string",
"description": "Resource control name",
"examples": ["zone.max-lwps", "zone.max-shm-memory", "zone.cpu-shares"]
},
"value": {
"type": "string",
"description": "Resource control value in the form (priv=X,limit=Y,action=Z)",
"examples": ["(priv=privileged,limit=1000,action=deny)"]
}
},
"required": ["name", "value"]
},
"AttrResource": {
"type": "object",
"description": "Generic attribute resource for custom zone configuration properties",
"properties": {
"name": {
"type": "string",
"description": "Attribute name"
},
"type": {
"type": "string",
"description": "Attribute data type",
"enum": ["string", "int", "uint", "boolean"]
},
"value": {
"type": "string",
"description": "Attribute value"
}
},
"required": ["name", "type", "value"]
},
"AdminResource": {
"type": "object",
"description": "Administrative access entry defining who can manage the zone",
"properties": {
"user": {
"type": "string",
"description": "User or role name granted administrative access",
"examples": ["zoneadm"]
},
"auths": {
"type": "string",
"description": "Comma-separated list of authorizations granted",
"examples": ["login,manage,config"]
}
},
"required": ["user", "auths"]
},
"RootzpoolResource": {
"type": "object",
"description": "Root ZFS pool configuration for the zone (solaris and solaris10 brands only)",
"properties": {
"storage": {
"type": "string",
"description": "Storage URI for the root zpool"
}
}
},
"ZpoolResource": {
"type": "object",
"description": "Additional ZFS pool available within the zone",
"properties": {
"name": {
"type": "string",
"description": "Name of the ZFS pool"
},
"storage": {
"type": "string",
"description": "Storage URI for the pool"
}
},
"required": ["name"]
},
"SmfDependencyResource": {
"type": "object",
"description": "SMF service dependency that must be satisfied before zone boot",
"properties": {
"fmri": {
"type": "string",
"description": "Fault Management Resource Identifier of the SMF service",
"examples": ["svc:/network/physical:default"]
},
"grouping": {
"type": "string",
"description": "Dependency grouping type",
"enum": ["require_all", "require_any", "optional_all", "exclude_all"]
}
},
"required": ["fmri"]
},
"VerifiedBootResource": {
"type": "object",
"description": "Verified boot settings for kernel zone security (solaris-kz brand only)",
"properties": {
"firmware": {
"type": "string",
"description": "Firmware image path for verified boot"
}
}
}
}
}