xref: /titanic_52/usr/src/lib/brand/solaris10/zone/s10_boot.ksh (revision 6f773e29841ff1573612158ae130301164c2a24a) 
1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24#
25# s10 boot script.
26#
27# The arguments to this script are the zone name and the zonepath.
28#
29
30. /usr/lib/brand/solaris10/common.ksh
31
32ZONENAME=$1
33ZONEPATH=$2
34ZONEROOT=$ZONEPATH/root
35
36w_missing=$(gettext "Warning: \"%s\" is not installed in the global zone")
37
38arch=`uname -p`
39if [ "$arch" = "i386" ]; then
40	ARCH32=i86
41        ARCH64=amd64
42elif [ "$arch" = "sparc" ]; then
43	# 32-bit SPARC not supported!
44	ARCH32=
45        ARCH64=sparcv9
46else
47        echo "Unsupported architecture: $arch"
48        exit 2
49fi
50
51#
52# Run the s10_support boot hook.
53#
54/usr/lib/brand/solaris10/s10_support boot $ZONENAME
55if (( $? != 0 )) ; then
56        exit 1
57fi
58
59BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10;
60FILEDIR=$BRANDDIR/files;
61EXIT_CODE=1
62
63#
64# Replace the specified file in the booting zone with a wrapper script that
65# invokes s10_isaexec_wrapper.  This is a convenience function that reduces
66# clutter and code duplication.
67#
68# Parameters:
69#	$1	The full path of the file to replace (e.g., /sbin/ifconfig)
70#	$2	The access mode of the replacement file in hex (e.g., 0555)
71#	$3	The name of the replacement file's owner (e.g., root:bin)
72#
73# NOTE: The checks performed in the 'if' statement below are not generic: they
74# depend on the success of the zone filesystem structure validation performed
75# above to ensure that intermediate directories exist and aren't symlinks.
76#
77replace_with_native() {
78	path_dname=$ZONEROOT/`dirname $1`
79
80	[ ! -f $1 ] && printf "$w_missing" "$1"
81	if [ ! -h $path_dname -a -d $path_dname ]; then
82		safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \
83		    remove
84	fi
85}
86
87replace_with_native_py() {
88	path_dname=$ZONEROOT/`dirname $1`
89
90	[ ! -f $1 ] && printf "$w_missing" "$1"
91
92	if [ ! -h $path_dname -a -d $path_dname ]; then
93		safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \
94		    remove
95	fi
96}
97
98#
99# Create a new wrapper script that invokes s10_isaexec_wrapper in the
100# brand (for a non-existing s10c file) pointing to the native brand file.
101#
102# Parameters:
103#	$1	The full path of the wrapper file to create
104#	$2	The access mode of the replacement file in hex (e.g., 0555)
105#	$3	The name of the replacement file's owner (e.g., root:bin)
106#
107wrap_with_native() {
108
109	[ ! -f $1 ] && printf "$w_missing" "$1"
110
111	path_dname=$ZONEROOT/`dirname $1`
112	if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then
113		safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3
114	fi
115}
116
117#
118# Before we boot we validate and fix, if necessary, the required files within
119# the zone.  These modifications can be lost if a patch is applied within the
120# zone, so we validate and fix the zone every time it boots.
121#
122
123#
124# BINARY REPLACEMENT
125#
126# This section of the boot script is responsible for replacing Solaris 10
127# binaries within the booting zone with Nevada binaries.  This is a two-step
128# process: First, the directory structure of the zone is validated to ensure
129# that binary replacement will proceed safely.  Second, Solaris 10 binaries
130# are replaced with Nevada binaries.
131#
132# Here's an example.  Suppose that you want to replace /usr/bin/zcat with the
133# Nevada /usr/bin/zcat binary.  Then you should do the following:
134#
135#	1.  Go to the section below labeled "STEP ONE" and add the following
136#	    two lines:
137#
138#		safe_dir /usr
139#		safe_dir /usr/bin
140#
141#	    These lines ensure that both /usr and /usr/bin are directories
142#	    within the booting zone that can be safely accessed by the global
143#	    zone.
144#	2.  Go to the section below labeled "STEP TWO" and add the following
145#	    line:
146#
147#		replace_with_native /usr/bin/zcat 0555 root:bin
148#
149# Details about the binary replacement procedure can be found in the Solaris 10
150# Containers Developer Guide.
151#
152
153#
154# STEP ONE
155#
156# Validate that the zone filesystem looks like we expect it to.
157#
158safe_dir /lib
159safe_dir /lib/svc
160safe_dir /lib/svc/method
161safe_dir /lib/svc/share
162safe_dir /usr
163safe_dir /usr/bin
164safe_dir /usr/lib
165safe_dir /usr/lib/autofs
166safe_dir /usr/lib/fs
167safe_dir /usr/lib/fs/autofs
168safe_dir /usr/lib/fs/ufs
169safe_dir /usr/lib/fs/zfs
170safe_dir /usr/lib/inet
171safe_dir /usr/lib/zfs
172safe_dir /usr/sbin
173if [ -n "$ARCH32" ]; then
174	safe_dir /usr/lib/ipf/$ARCH32
175	safe_dir /usr/sbin/$ARCH32
176fi
177if [ -n "$ARCH64" ]; then
178	safe_dir /usr/lib/ipf/$ARCH64
179	safe_dir /usr/sbin/$ARCH64
180fi
181safe_dir /sbin
182safe_dir /var
183safe_dir /var/svc
184safe_dir /var/svc/manifest
185safe_dir /var/svc/manifest/network
186
187#
188# Some of the native networking daemons such as in.mpathd are
189# expected under /lib/inet
190#
191mkdir -m 0755 -p $ZONEROOT/lib/inet
192chown root:bin $ZONEROOT/lib/inet
193safe_dir /lib/inet
194
195#
196# STEP TWO
197#
198# Replace Solaris 10 binaries with Nevada binaries.
199#
200
201#
202# Replace various network-related programs with native wrappers.
203#
204replace_with_native /sbin/dhcpagent 0555 root:bin
205replace_with_native /sbin/dhcpinfo 0555 root:bin
206replace_with_native /sbin/ifconfig 0555 root:bin
207replace_with_native /usr/bin/netstat 0555 root:bin
208replace_with_native /usr/lib/inet/in.ndpd 0555 root:bin
209replace_with_native /usr/sbin/in.routed 0555 root:bin
210replace_with_native /usr/sbin/ndd 0555 root:bin
211replace_with_native /usr/sbin/snoop 0555 root:bin
212replace_with_native /usr/sbin/if_mpadm 0555 root:bin
213
214#
215# Replace IPFilter commands with native wrappers
216#
217if [ -n "$ARCH32" ]; then
218	replace_with_native /usr/lib/ipf/$ARCH32/ipftest 0555 root:bin
219	replace_with_native /usr/sbin/$ARCH32/ipf 0555 root:bin
220	replace_with_native /usr/sbin/$ARCH32/ipfs 0555 root:bin
221	replace_with_native /usr/sbin/$ARCH32/ipfstat 0555 root:bin
222	replace_with_native /usr/sbin/$ARCH32/ipmon 0555 root:bin
223	replace_with_native /usr/sbin/$ARCH32/ipnat 0555 root:bin
224	replace_with_native /usr/sbin/$ARCH32/ippool 0555 root:bin
225fi
226if [ -n "$ARCH64" ]; then
227	replace_with_native /usr/lib/ipf/$ARCH64/ipftest 0555 root:bin
228	replace_with_native /usr/sbin/$ARCH64/ipf 0555 root:bin
229	replace_with_native /usr/sbin/$ARCH64/ipfs 0555 root:bin
230	replace_with_native /usr/sbin/$ARCH64/ipfstat 0555 root:bin
231	replace_with_native /usr/sbin/$ARCH64/ipmon 0555 root:bin
232	replace_with_native /usr/sbin/$ARCH64/ipnat 0555 root:bin
233	replace_with_native /usr/sbin/$ARCH64/ippool 0555 root:bin
234fi
235
236#
237# Replace in.mpathd daemon at /usr/lib/inet by native wrapper
238#
239if [ ! -h $ZONEROOT/usr/lib/inet -a -d $ZONEROOT/usr/lib/inet ]; then
240	safe_replace $ZONEROOT/usr/lib/inet/in.mpathd \
241	    /lib/inet/in.mpathd 0555 root:bin remove
242fi
243
244#
245# Create wrapper at /lib/inet/in.mpathd as well because native ifconfig
246# looks up in.mpathd under /lib/inet.
247#
248wrap_with_native /lib/inet/in.mpathd 0555 root:bin
249
250# Create native wrapper for /sbin/ipmpstat
251wrap_with_native /sbin/ipmpstat 0555 root:bin
252
253#
254# Create ipmgmtd wrapper to native binary in s10 container
255# and copy ipmgmt service manifest and method.
256#
257wrap_with_native /lib/inet/ipmgmtd 0555 root:bin
258safe_copy /lib/svc/manifest/network/network-ipmgmt.xml \
259    $ZONEROOT/var/svc/manifest/network/network-ipmgmt.xml
260safe_copy /lib/svc/method/net-ipmgmt \
261    $ZONEROOT/lib/svc/method/net-ipmgmt
262
263#
264# To handle certain IPMP configurations, we need updated
265# net-physical method script and native net_include.sh
266#
267filename=$ZONEROOT/lib/svc/method/net-physical
268safe_backup $filename $filename.pre_p2v
269safe_copy /usr/lib/brand/solaris10/s10_net_physical $filename
270filename=$ZONEROOT/lib/svc/share/net_include.sh
271safe_backup $filename $filename.pre_p2v
272safe_copy /lib/svc/share/net_include.sh $filename
273
274#
275# PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying
276# IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an
277# S10 container, the kernel will return EINVAL. So we need this.
278#
279replace_with_native /usr/sbin/ndd 0555 root:bin
280
281#
282# Replace various ZFS-related programs with native wrappers.  These commands
283# either link with libzfs, dlopen libzfs or link with libraries that link
284# or dlopen libzfs.  Commands which fall into these categories but which can
285# only be used in the global zone are not wrapped.  The libdiskmgt dm_in_use
286# code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path.
287# That code does not issue ioctls on /dev/zfs and does not need wrapping.
288#
289replace_with_native /sbin/zfs 0555 root:bin
290replace_with_native /sbin/zpool 0555 root:bin
291replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin
292replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin
293replace_with_native /usr/lib/zfs/availdevs 0555 root:bin
294replace_with_native /usr/sbin/df 0555 root:bin
295replace_with_native /usr/sbin/zstreamdump 0555 root:bin
296replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin
297
298#
299# Replace automount and automountd with native wrappers.
300#
301replace_with_native /usr/lib/fs/autofs/automount 0555 root:bin
302replace_with_native /usr/lib/autofs/automountd 0555 root:bin
303
304#
305# The class-specific dispadmin(1M) and priocntl(1) binaries must be native
306# wrappers, and we must have all of the ones the native zone does.  This
307# allows new scheduling classes to appear without causing dispadmin and
308# priocntl to be unhappy.
309#
310rm -rf $ZONEROOT/usr/lib/class
311mkdir $ZONEROOT/usr/lib/class || exit 1
312
313find /usr/lib/class -type d -o -type f | while read x; do
314	[ -d $x ] && mkdir -p -m 755 $ZONEROOT$x
315	[ -f $x ] && wrap_with_native $x 0555 root:bin
316done
317
318#
319# END OF STEP TWO
320#
321
322#
323# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which
324# install or remove drivers will work.  NOTE: add_drv and rem_drv are hard
325# linked to isaexec so we want to remove the current executable and
326# then copy true so that we don't clobber isaexec.
327#
328filename=$ZONEROOT/usr/sbin/add_drv
329[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
330rm -f $filename
331safe_copy $ZONEROOT/usr/bin/true $filename
332
333filename=$ZONEROOT/usr/sbin/rem_drv
334[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
335rm -f $filename
336safe_copy $ZONEROOT/usr/bin/true $filename
337
338exit 0
339