Oracle Containers = system-resource-controls + Solaris Zones
Very similar to chroot.
For SPARC and x86.
With Solaris 11, new zones use IPS for "installation".
If zonepaths "live on a ZFS data set" (I guess are inside of an existing ZFS
 filesystem?) then new FSs will be created automatically in with that data set
 and will allow cloning and snapshots.

http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-092-s11-zones-intro-524494.html
Set up local zone tutoria:  http://unixlessons.com/ under UNIX LESSONS / S.A.
Global zone includes all non-global zone processes.
Non-global zones should not be called local zones.
Extreme ambiguity because often 'zone' means specifically non-global zone; and
 other times it means any (global or non-).
The zone name of every global zone is 'global'.  (Run 'zonename')
Only thing required distinctively for a zone is enough disk space for the
 unique configuration (>= 50 MB, recommend 100-140 MB).
Resources can be allocated by resource pool guarantee or fair-share scheduling.
STATES:  Configured, Incomplete, Installed, Ready, Running, Shutting d, Down
    NORMAL STATE = Running (by 'zoneadm -z <zone> boot').
    Everything but no user process = Ready.
SPARSE ZONE:   Most FS content shared with global zone.
    Sharing done by loopback file system.  Use 'inherit-pkg-dir' resource to
    specify what.  (Read-only in non-global zones).
    I guess when new packages are installed all zones get copies by default?
WHOLE ROOT ZONE:  Own copy of OS files (packages).
BRANDED ZONE:  Tactics to relax constraints that kernels be very close.
    On x86 hardware, one benefit is using ABI to run Linux binaries.
Most popular software that can not run inside a zone is Solaris NFS server.
Non-global zones have no openboot prompt.
CHEAT SHEET:  http://www.datadisk.co.uk/html_docs/sun/solaris_zones_cs.html
NON-GLOBAL ZONE INSTANCE FILES/DIRS
    /etc/globalzone   Preset only in zones.  Specifies global zone.
    /etc/zones/index  Just a record of instancing it looks like.
GLOBAL ZONE INSTANCE FILES/DIRS
    (no /etc/globalzone)
    /etc/zones/index  List of all members.
    /etc/zones/zoneMemberName.xml  For each zone member
    /etc/zones/SUNW*.xml  Looks like describes dir branch sharing/uniqueness
PROGRAMS
    Most of the zone-aware programs take a '-z <zone>' switch.
    Some zone-aware programs take '-Z' to mean ALL zones (or all non-globals)
    Non zone-only commands that are zone-smart:
        pkgadd, pkginfo, ps, ipcs, pgrep, ptree, df, prstat
    At least some times, non-global zones don't have viz into other zones.
    Some programs (at least 'ps') can not be narrowed in global zone.  I.e.,
     from global zone, "ps -e" == "ps -z global -e".
    zone*
        zonecfg.  I think always get an interactive 'zonecfg' shell.
            Must restart a zone for zonecfg parameters to take effect.
        zonename
        zoneadm

    pkgadd -d . <package>   # Normal adds package to all zones.  Run from any.
    pkgadd -G -d . <package>  # Only work on 'global' zone
                              # Can run from any zone???
    pkgadd -Z -d . <package>  # Only work on current zone  (what if global?)
    zsched:  One runs in each non-global zone (and maybe 1 ea in global??)
    zoneadmd: Global zone runs one for each non-global zone
    zlogin  Can only run from the global zone by a super-user.
        Can run it in console mode when in Installed state.
        I think have to log in to one to set final runtime settings.
TO INSTALL
    Takes time for it to copy /var/sadm/pkg branch from global zone to zone.
    You get a zlogin console session.
    While that is up, start it up with zonecfg.
    Then in console do a Solaris initialization like doing an OS install.
Resource Management
    http://www.princeton.edu/~unix/Solaris/troubleshoot/resmgmt.html
    Can apply limits to processes, users, tasks, projects.
     Projects and tasks persist across forks.
     /etc/projects
    Programs:  projects, newtask, projadd, projmon, projdel, rctladm*, prctl*,
      ipcs, rcapadm, prstat, priocntl, poolbind.
    * ones can be used for on-the-fly adjustments.
    Theshold privilege levels: basic, privileged, system.
    All users are assigned to a project (there is a default).  useradd and
     usermod gain a -x switch.
    Tasks created when a project is joined AND
        login, cron, newtask, setproject, su
Resource Management w/ Zones
    A poold dynamically arbitrates for CPU.
    Can set quantity of CPU to a range OR dedicated.  Capped-cpu too.
    Scheduling Class
    Capped-memory limits for physical, swap, locked memory.
    Can physicall share NICs with IP aliases or allocate dedicated IPs.
Default inherit-pkg-dir's:
     /lib, /platform, /sbin, /usr.  RO in non-global zones through loopback
      devices.
    (Some?) Non-inherit-pkg dirs will be copied.
Non-global zone fs roots at following location in global FS:
    /export/zones/<ZONENAME>/  (Just by convention) == "zonepath"
    http://docs.oracle.com/cd/E19044-01/sol.containers/817-1592/images/lofs-mount.gif

REVERSE ENGINEERING FM ZONES
Network devices are either like x with no zone stated, or x#:#.
I.e. it looks like a convention that zones all use a specific IP alias number.
    tcust01
        /etc/globalzone = 'dcust01g'
    tcust02
        /etc/globalzone = 'dcust01g'
    dacq02

Can use OPS, WebMin, Xone, Zone Manager, Zonestat (obsol) to manage resources.

At least with Solaris 11, by default new zonees get an 'anet' interface with
    linkname: net0
    lower-link: auto
    mac-addr: random
    link-protection: mac-nospoof