<?xml version='1.0' encoding='UTF-8' ?>
<!--
CDDL HEADER START
The contents of this file are subject to the terms of the
Common Development and Distribution License (the "License").
You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
or http://www.opensolaris.org/os/licensing.
See the License for the specific language governing permissions
and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each
file and include the License file at usr/src/OPENSOLARIS.LICENSE.
If applicable, add the following below this CDDL HEADER, with the
fields enclosed by brackets "[]" replaced with your own identifying
information: Portions Copyright [yyyy] [name of copyright owner]
CDDL HEADER END
Copyright 2007 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
ident "%Z%%M% %I% %E% SMI"
DO NOT EDIT THIS FILE.
-->
<!--
verify_cfg
Identifies the program to be invoked by zonecfg to verify that the
zone's configuration is legal, and that all the configured devices,
attributes, etc. are legal for this brand.
The program is called with a single argument: the path to a file
containing a temporary config.xml file the zone. It should return 0
on success and non-0 on failure. Any detailed error messages should be
displayed to stderr.
It has no attributes.
-->
<!ELEMENT verify_cfg (#PCDATA) >
<!ATTLIST verify_cfg>
<!--
verify_adm
Identifies the program invoked by zoneadm to perform brand-specific
checks as to the viability of a zone on this specific machine.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
The program should return 0 on success and non-0 on failure. Any
detailed error messages should be displayed to stderr.
It has no attributes.
-->
<!ELEMENT verify_adm (#PCDATA) >
<!ATTLIST verify_adm>
<!--
install
Identifies the program to invoke when installing a zone. The following
replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT install (#PCDATA) >
<!ATTLIST install>
<!--
installopts
Identifies the command-line options supported by the brand's
installation program, allowing zoneadm to parse the install line
properly.
It has no attributes.
-->
<!ELEMENT installopts (#PCDATA) >
<!ATTLIST installopts>
<!--
boot
This is a program which gets run by zoneadmd when a zone is booted.
The program will be invoked as the last step in the zone booting
process before the the first process is spawned inside the zone.
If this programs succeeds it should not generate any output.
If this program returns an error, any output generated by the
program will be sent to the zoneadmd message log.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT boot (#PCDATA) >
<!ATTLIST boot>
<!--
halt
This is a program which gets run by zoneadmd when a zone is being
halted. This callback is provided to allow a brand to cleanup any
special configuration that was setup during boot.
This program will also be invoked by zoneadmd if any part of the zone
booting process fail, even if the booting process failed before the
brand boot program was invoked. It is also possible that if the zone
fails to halt after invoking this program, future attempts to halt the
zone will invoke this program again. So this program should be
designed to clean up any resources allocated to a zone but it should
also be able to gracefully handle the case where resources that it
expects to release are not actually allocated (or have been already
released.)
If this programs succeeds it should not generate any output. If this
program returns an error, any output generated by the program will be
sent to the zoneadmd message log.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT halt (#PCDATA) >
<!ATTLIST halt>
<!--
modname
Path to the kernel module that implements the kernel-level
functionality of the brand.
It has no attributes.
-->
<!ELEMENT modname (#PCDATA) >
<!ATTLIST modname>
<!--
initname
Path to the initial executable that should be launched when booting a
branded zone.
It has no attributes.
-->
<!ELEMENT initname (#PCDATA) >
<!ATTLIST initname>
<!--
login_cmd
Path to the initial login binary that should be executed when
attempting to zlogin into a branded zone.
The following replacements are performed:
%Z Name of the current zone
%u User login name
It has no attributes.
-->
<!ELEMENT login_cmd (#PCDATA) >
<!ATTLIST login_cmd>
<!--
user_cmd
Path to the binary that will translate a user name to a passwd(4) entry.
The following replacements are performed:
%u User login name
It has no attributes. The passwd(4) entry is used to determine $LOGNAME,
$HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
-->
<!ELEMENT user_cmd (#PCDATA) >
<!ATTLIST user_cmd>
<!--
postattach
Path to a script that will perform any necessary post-processing on
a zone after it has been attached. The additional argument could be '-F'
if this is a forced attach.
If this program exits with a non-zero exit status, the attach operation
will fail.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT postattach (#PCDATA) >
<!ATTLIST postattach>
<!--
postclone
Path to a script that will perform any necessary post-processing on
a zone after it has been freshly copied.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT postclone (#PCDATA) >
<!ATTLIST postclone>
<!--
postinstall
Path to a script that will perform any necessary post-processing on
a zone after it has been freshly installed. This hook will run after the
install hook completes and the zone is in the installed state. The
additional arguments are the same as what is passed to the install hook.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT postinstall (#PCDATA) >
<!ATTLIST postinstall>
<!--
predetach
Path to a script that will perform any necessary pre-processing on
a zone before it is detached. The additional argument could be '-n'
if this is a dry-run detach.
It is possible that if the zone fails to detach after invoking this
program, future attempts to detach the zone will invoke this program again.
So this program should be designed to gracefully handle the case where
it is run multiple times on the same zone. If this program exits with
a non-zero exit status, the detach operation will fail.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT predetach (#PCDATA) >
<!ATTLIST predetach>
<!--
preuninstall
Path to a script that will perform any necessary pre-processing on
a zone before it is uninstalled. The additional argument could be '-F'
if this is a forced uninstall.
It is possible that if the zone fails to uninstall after invoking this
program, future attempts to uninstall the zone will invoke this program
again. So this program should be designed to gracefully handle the case
where it is run multiple times on the same zone. If this program exits
with a non-zero exit status, the uninstall operation will fail.
The following replacements are performed:
%z Name of zone
%R Root of zone
%* Additional arguments, if any
It has no attributes.
-->
<!ELEMENT preuninstall (#PCDATA) >
<!ATTLIST preuninstall>
<!--
privilege
Add a privilege to the default, prohibited, or required set for all
zones of this brand with ip-type matched. If a privilege is added
to the default set all zones of this brand with ip-type matched on
the system will inherit this privilege unless the privilege is
removed via limitpriv in zonecfg(1m). If a privilege is added to
the prohibited set it can not be added to any zones with ip-type
matched via limitpriv in zonecfg(1m). If a privilege is added to
the required set then all zones of this brand with ip-type matched
on the system will inherit this privilege and it can't be removed via
limitpriv in zonecfg(1m).
Its attributes are
set The name of the set the privilege should go into.
name The name of the privilege.
ip-type Optional, indicates that adding of the privilege to the
set only applies to certain IP types. Can be "shared" or
"exclusive". If it is not specified, the default value
"all" will be used, which means it is applicable regardless
the IP type.
-->
<!ELEMENT privilege (#PCDATA) >
<!ATTLIST privilege set ( default | prohibited | required ) #REQUIRED
name CDATA #REQUIRED
ip-type ( shared | exclusive ) "all" >
<!--
brand
The toplevel container for a brand configuration.
Its attributes are
name The name of the brand. This must match the name of the
directory in which the configuration file is stored.
-->
<!ELEMENT brand (modname?, initname, login_cmd, user_cmd, install,
installopts?, boot?, halt?, verify_cfg?, verify_adm?,
postattach?, postclone?, postinstall?, predetach?,
preuninstall?, privilege+)>
<!ATTLIST brand name CDATA #REQUIRED>