Previous Topic: Install on a Solaris Branded ZoneNext Topic: Starting and Stopping CA ControlMinder in a Zone


Use ioctl for Communication

If you want to install CA ControlMinder in Solaris branded zones, you must use an ioctl instead of a syscall to communicate with the kernel module.

Follow these steps:

  1. Stop CA ControlMinder in the global zone and all non-global zones.

    Stop the last zone to disable event interception and prepare the kernel module for unloading.

    zlogin -z zone_name /opt/CA/AccessControl/bin/secons -sk
    
  2. Unload the CA ControlMinder kernel module in the global zone:
    SEOS_load -u
    

    Note: The SEOS_load -u command ensures that CA ControlMinder is not running on any non-global zone before unloading it.

  3. In each zone where CA ControlMinder is installed (global, non-global, and branded zones), set the seos.ini entry to 1 (by default, this is set to 0).
    SEOS_use_ioctl = 1
    
  4. Load the kernel module in the global zone.
    SEOS_load
    

    This installs a pseudo device to let CA ControlMinder communicate with its kernel module via ioctl, and identifies zones that require a reboot so that they can utilize the ioctl.

  5. Reboot each non-global and brand zone where CA ControlMinder is installed.