How to identify a Solaris non-global zone

It wouldn’t take much for an experienced Solaris Admin to figure out the server they have logged into is a Solaris Container aka Non-Global Zone, or “zone” for short.

For those of us who don’t have years of experience and expertise in Solaris Administration under our belts, here is a list of things I have come across which would help you identify if the server you are logging into is a container. Like always, not all of these will apply to your situation or server configuration so, your mileage will vary.

The zonename command shows the hostname instead of printing “global”

non-global-zone# zonename
non-global-zone

You can no longer use SVM commands

non-global-zone# metastat -p
metastat: zonename: Volume administration unavailable within non-global zones

Show other non-global zones if you are not using IPMP

non-global-zone# arp -a | grep SPLA
ce0 non-global-zone 255.255.255.255 SPLA 00:xx:xx:xx:xx:xx
ce0 other-non-global-zone.fqdn 255.255.255.255 SPLA 00:xx:xx:xx:xx:xx
ce0 theglobalzone.fqdn 255.255.255.255 SPLA 00:xx:xx:xx:xx:xx

If only using lofs devices, format returns nothing

non-global-zone# format
Searching for disks…done
No disks found!

lsof no longer works, see lsof FAQ

non-global-zone# lsof
lsof: can’t stat(/devices): No such file or directory

Sparse root zone does not have CLUSTER info

non-global-zone# ls -la /var/sadm/system/admin/CLUSTER
/var/sadm/system/admin/CLUSTER: No such file or directory

A Solaris zone has a zsched process as apposed to a “sched”

non-global-zone# ps -ef | grep zsched

A Solaris zone will not show any global processes when running a ps with a “-Z” option

non-global-zone# ps -ef -Z | grep global
non-global-zone root 25463 29042 0 03:53:04 pts/60 0:00 grep global

Loopback file systems are displayed instead of actual devices under the “Filesystem” column. Compare df output with /etc/vfstab entries. Chances are they will not match if you are using lofs devices.

non-global-zone# df -h

ifconfig shows a virtual loopback and nic interface

non-global-zone# ifconfig -a
lo0:2: flags=2001000849 mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
ce0:2: flags=1000843 mtu 1500 index 2
inet xxx.xxx.xxx.xxx netmask ffffff00 broadcast xxx.xxx.xxx.xxx

mknod no longer works because it cant write to /dev/

non-global-zone# mknod /dev/testing c 4 64
mknod: Not owner

zonecfg can only be run from the global zone

non-global-zone# zonecfg -z test
zonecfg can only be run from the global zone.

zoneadm will only print you the non-global zone

non-global-zone# zoneadm list
pivishk

zlogin can only be run from the global zone

non-global-zone# zlogin other-non-global-zone
zlogin: ‘zlogin’ may only be used from the global zone

prstat does not show you “global” zone usage, just hostname when using “-Z” option

non-global-zone# prstat -Z

Missing /etc/ethers

non-global-zone# ls -la /etc/ethers
/etc/ethers: No such file or directory

dispadmin does not work

non-global-zone# dispadmin -d
dispadmin: Operation not supported in non-global zones

non-global-zone# prtdiag
prtdiag can only be run in the global zone

dumpadm no longer works

non-global-zone# dumpadm
dumpadm: failed to open /dev/dump: No such file or directory

Again, this is not a complete list nor an end all be all list of things that do not work in a Solaris non-global zone. However, what this list does do is aid in identification of a Solaris 10 zone.

If you’ve discovered other things that do not work in a Solaris 10 zone but do in a global zone, please add a comment.