PSARC 2002/174, Virtualization and Namespace Isolation in the Solaris
Operating System, introduced a Project Private system call,
zone_enter(2), which is used by a privileged process to perform a
one-way "move" from the global zone into a non-global zone.

A number of consumers external to the project (including external ISVs)
have expressed interest in using this system call in order to execute
programs inside a non-global zone directly from a process running in
the global zone.  For this reason, we propose to raise the commitment
level of zone_enter(2) from Project Private to Contracted Project
Private.

While the interface might be raised further in a subsequent case to
make it more widely available, at this point we would like it to be a
contracted interface since there are certain security concerns with
using zone_enter() correctly, in particular with ensuring the system
call is made only after the calling environment has been cleaned up
(for example, by closing all appropriate file descriptors).

The requested release binding is Patch.

			Interfaces Exported
			-------------------

Interface		Old Classification	New Classification
---------		------------------	------------------
zone_enter(2)		Project Private		Contracted Project Private