Don't mess with the the ZFS cloned BE (boot environments) of the zones using zfs commands. There is very little documentation out there, so here is what we've found with ZFS, zones, and IPS upgrades.
If you have a zone that went through a pkg image-update, you'll notice there are a couple of new cloned ROOT file systems for your zones:
root@vps1:/# zfs get -r mounted,origin,mountpoint zones/tail NAME PROPERTY VALUE SOURCE zones/tail mounted yes - zones/tail origin - - zones/tail mountpoint /zones/tail default zones/tail/ROOT mounted no - zones/tail/ROOT origin - - zones/tail/ROOT mountpoint legacy local zones/tail/ROOT/zbe mounted no - zones/tail/ROOT/zbe origin - - zones/tail/ROOT/zbe mountpoint legacy local zones/tail/ROOT/zbe@zbe-1 mounted - - zones/tail/ROOT/zbe@zbe-1 origin - - zones/tail/ROOT/zbe@zbe-1 mountpoint - - zones/tail/ROOT/zbe-1 mounted yes - zones/tail/ROOT/zbe-1 origin zones/tail/ROOT/zbe@zbe-1 - zones/tail/ROOT/zbe-1 mountpoint legacy local root@vps1:/#
Everything below zones/tail/ROOT have a zoned ZFS property. They behave a bit differently, and make it so the zone's can use ZFS root securely. That's good, but what is going on with all of that cloned file systems, the zbe and zbe-1?
zbe is the ROOT fs before the upgrade. zbe-1 is the new ROOT, after the upgrade. zbe-1 is just the clone of the zbe, as indicated with the origin property above, this is great because clones use less disk space.
zbe-1 is the one being used now. In case the global zone was to be reverted back to an original environment, the zone tail will then use zbe as the ROOT fs. This is done automatically when beadm command is used (in the global zone) to manipulate the boot environments. You should not go around destroying the zbe fs in an attempt to clean up disk space. It is tied to the BE of the global zone.
If you have a OpenSolaris VPS with us, and you want to create a snapshot of your zone, we recommend you create a snapshot of the mounted zfs file system above (in this case, you can do: zfs snapshot zones/tail/ROOT/zbe-1@backup). If you create a snapshot of zbe, and you need to restore it, we will not restore it, unless we restore the global zone to that be.