- ZFS on disk encryption: zfs create -o encryption=on [ With pam_zfs_key PAM module for per-user key management]
- Immutable Zones: zonecfg -z myzone set file-mac-profile=fixed-configuration
- New package system - with cryptographically signed packages [ pkg(5) ] and multiple signature support
- Root as a role by default & authentication with user password with authentication cacheing [pam_tty_tickets ]
- Network virtualisation dladm(1M) & bandwidth control flowadm(1M)
- Automatic VNICs for Zones - one line zone creation: zonecfg -z myzone 'create ; set zonepath=/zones/myzone'
- IPfilter SMF integration - per service firewall rules
- New basic privileges: file_read/file_write/net_access
- Default root shell is bash (I'd personally prefer zsh but bash is good enough)
- 'man -k' works by default
- sudo with Solaris Audit support and priv_exec removal for NOEXEC
Wednesday, November 30, 2011
Solaris 11 features
Subscribe to:
Posts (Atom)