Previous Topic: Install on a Solaris Branded Zone

Next Topic: Starting and Stopping CA Access Control in a Zone

Implementation GuideInstalling and Customizing a UNIX EndpointSolaris 10 Zones ImplementationInstall on a Solaris Branded ZoneUse ioctl for Communication

Use ioctl for Communication

If you want to install CA Access Control in Solaris branded zones, you must use an ioctl instead of a syscall to communicate with the kernel module.

To modify CA Access Control to use ioctl for communication

  1. Stop CA Access Control in the global zone and all non-global zones.

    Stop the last zone with secons -sk to disable event interception and prepare the kernel module for unloading.

  2. Unload the CA Access Control kernel module in the global zone (SEOS_load -u).

    Note: The SEOS_load -u command ensures that CA Access Control is not running on any non-global zone before unloading it.

  3. In each zone where CA Access Control is installed (global, non-global, and branded zones), set the seos.ini entry SEOS_use_ioctl = 1 (by default, this is set to 0).
  4. Load the kernel module in the global zone (SEOS_load).

    This installs a pseudo device to let CA Access Control communicate with its kernel module via ioctl, and identifies zones that require a reboot so that they can utilize the ioctl.

  5. Reboot each non-global and brand zone, identified as requiring a reboot, where CA Access Control is installed.