Previous Topic: Install on a Solaris Branded ZoneNext Topic: Starting and Stopping CA ControlMinder in a Zone

Implementation GuideInstalling and Customizing a UNIX EndpointHow to Install on Solaris ZonesInstall Using Solaris Native PackagingUse ioctl for Communication

Use ioctl for Communication

If you want to install CA ControlMinder in Solaris branded zones, you must use an ioctl instead of a syscall to communicate with the kernel module.

Follow these steps:

  1. Stop CA ControlMinder in the global zone and all non-global zones.

    Stop the last zone to disable event interception and prepare the kernel module for unloading.

    zlogin -z zone_name /opt/CA/AccessControl/bin/secons -sk
  2. Unload the CA ControlMinder kernel module in the global zone: 
    SEOS_load -u

    Note: The SEOS_load -u command ensures that CA ControlMinder is not running on any non-global zone before unloading it.

  3. In each zone where CA ControlMinder is installed (global, non-global, and branded zones), set the seos.ini entry to 1 (by default, this is set to 0). 
    SEOS_use_ioctl = 1
  4. Load the kernel module in the global zone. 
    SEOS_load

    This installs a pseudo device to let CA ControlMinder communicate with its kernel module via ioctl, and identifies zones that require a reboot so that they can utilize the ioctl.

  5. Reboot each non-global and brand zone where CA ControlMinder is installed.