I’ve stumbled over some ARC case enabling labelled zones in OpenSolaris (from Trusted Extensions) to access the X11 server in the global zone “natively” using Unix domain sockets instead of TCP/IP or other jokes. It seems that mounting the X11 socket with the loopback filesystem driver into your zone does the job quite well and simple.
Obviously it helps when you’re messing with multiple native zones for some reason (I don’t know, like a seperate zone to develop and test software), but I was more thinking about BrandZ. Things like Google Earth or maybe Unreal Tournament for Linux. I’d figure the overhead of TCP would screw up framerates a lot. Right now I’ve only tried Google Earth, I’ve yet to look for a demo of a Linux port of some commercial game (at least one that’s not worth a whole CD-R).
Anyway, that’s how it goes during runtime. Might want to tweak your vfstab accordingly if you want it to be permanent:
pfexec mkdir /pathtoyourzone/root/tmp/.X11-unix
pfexec mount -F lofs /tmp/.X11-unix /pathtoyourzone/root/tmp/.X11-unix
xhost +
Sadly, you need to disable access restrictions on X11 to make it work. Since listening on TCP/IP is disabled by default, it’s no biggie. If you do have your X server listen on it tho, you may want to tighten up your firewall rules accordingly to why you’re doing it.
Update: Games fly right out of the window. I’ve tried to get Enemy Territory: Quake Wars to run. The game fails to start properly because quite a few OpenGL features are missing. The reason they’re missing is that the GL client library, both Mesa and NVidia ones, can’t do Direct Rendering.
In the case of the Mesa client library, I can still somewhat understand. But in the case of the NVidia one (the Linux version matching the version number of the Solaris one, expecting ioctls to be the same), I’m not sure. I’ve ended up forwarding the /dev/nv* device nodes to the zone, did nothing. Then I’ve installed a native zone for a change, to ensure it’s the expected client library (i.e. the Solaris one), forwarded the NVidia nodes plus things like /dev/fb*, /dev/fbs/*, /dev/mem and god knows what, practically putting everything I’d expect it to consume on a platter, still it doesn’t want to enable Direct Rendering.
So commercial games in BrandZ is currently a no-go. I guess the only way to make this work is a megashim running in the global zone. What I mean by that is a ld-linux.so.2 mapping calls in the way BrandZ does, but without the zones and tweaked to run standalone.
Google Earth still works fine, tho. 
on Nov 28th, 2009 at 13:26
I do builds in a chroot environment, not quite going the whole Zone hog.I loopback mount /dev, /devices and the X11 pipes in /tmp among other things from the outside environment. This works for me to get accelerated OpenGL with the Nvidia driver. I have built and tested a whole lot of 3D games and other things like Celestia, Free-CAD from within the chroot jail.
Though of course a chroot is a far cry from a Zone.