Currently if you create a zone, and install another package in the
global zone, it is installed in the non-global zones. I propose a
feature that you can lock each non-global zone then the new packages
would not be installed in the non-global zones. Of course this only
effects packages that are installed in non inherited directories. If
the package makes changes in an inherited directory I realize that the
change would be visible.

Each zone would have to be unlocked or the lock would have to be
ignored if patch the system.

The interface would be

#zoneadm –z zonename lock

With the zone locked no changes in the global zone effects the
non-global zones.

#zoneadm –z zonename unlock

Now packages installed after being unlocked would be installed in the
non-global zone at the same time as happens now.
zones-discuss mailing list

Reply via email to