Labeled Zone Manager 2.0
By Glenn Faden on Oct 17, 2009
There is a new and improved version of txzonemgr, called Labeled Zone Manager 2.0 in the latest version of the OpenSolaris developer repository. There are about a dozen new features which should make it easier for both beginners and experienced users to configure their Trusted Extensions systems. I've updated the beginner's instructions to take advantage of some of the automation. For example, if you have not previously created any zones, you will be asked if you want to create the public zone automatically. If you click OK, the zone is configured, labeled, installed, and booted without any user intervention. The command layout is now more efficient to simplify the navigation of the menu hierarchy.
The old interface to select a zone's label has been replaced; we now use the same label builder dialog that is integrated into the Trusted Path menus. So any label_encodings file will work without any performance issues. Among the other new features are:
- Adding or removing network access to/from specified hosts or networks for each zone
- Adding or removing specified hosts or networks to/from the list of trusted hosts and networks
- Configuring multilevel ports and label ranges for each zone
- Support for the exclusive IP stacks and VNICs with labeled zones (Crossbow)
- Preliminary code to support Encrypted ZFS datasets for each zone
Collectively the new features are a replacement for the functionality that was previously provided by the Computers and Networks tool in the Solaris Management Console. For a step-by-step walk through of the new features refer to the test plan.