1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 24# 25# s10 boot script. 26# 27# The arguments to this script are the zone name and the zonepath. 28# 29 30. /usr/lib/brand/solaris10/common.ksh 31 32ZONENAME=$1 33ZONEPATH=$2 34ZONEROOT=$ZONEPATH/root 35 36w_missing=$(gettext "Warning: \"%s\" is not installed in the global zone") 37 38arch=`uname -p` 39if [ "$arch" = "i386" ]; then 40 ARCH32=i86 41 ARCH64=amd64 42elif [ "$arch" = "sparc" ]; then 43 # 32-bit SPARC not supported! 44 ARCH32= 45 ARCH64=sparcv9 46else 47 echo "Unsupported architecture: $arch" 48 exit 2 49fi 50 51# 52# Run the s10_support boot hook. 53# 54/usr/lib/brand/solaris10/s10_support boot $ZONENAME 55if (( $? != 0 )) ; then 56 exit 1 57fi 58 59BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10; 60FILEDIR=$BRANDDIR/files; 61EXIT_CODE=1 62 63# 64# Replace the specified file in the booting zone with a wrapper script that 65# invokes s10_isaexec_wrapper. This is a convenience function that reduces 66# clutter and code duplication. 67# 68# Parameters: 69# $1 The full path of the file to replace (e.g., /sbin/ifconfig) 70# $2 The access mode of the replacement file in hex (e.g., 0555) 71# $3 The name of the replacement file's owner (e.g., root:bin) 72# 73# NOTE: The checks performed in the 'if' statement below are not generic: they 74# depend on the success of the zone filesystem structure validation performed 75# above to ensure that intermediate directories exist and aren't symlinks. 76# 77replace_with_native() { 78 path_dname=$ZONEROOT/`dirname $1` 79 80 [ ! -f $1 ] && printf "$w_missing" "$1" 81 if [ ! -h $path_dname -a -d $path_dname ]; then 82 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \ 83 remove 84 fi 85} 86 87# 88# Create a new wrapper script that invokes s10_isaexec_wrapper in the 89# brand (for a non-existing s10c file) pointing to the native brand file. 90# 91# Parameters: 92# $1 The full path of the wrapper file to create 93# $2 The access mode of the replacement file in hex (e.g., 0555) 94# $3 The name of the replacement file's owner (e.g., root:bin) 95# 96wrap_with_native() { 97 98 [ ! -f $1 ] && printf "$w_missing" "$1" 99 100 path_dname=$ZONEROOT/`dirname $1` 101 if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then 102 safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 103 fi 104} 105 106# 107# Before we boot we validate and fix, if necessary, the required files within 108# the zone. These modifications can be lost if a patch is applied within the 109# zone, so we validate and fix the zone every time it boots. 110# 111 112# 113# BINARY REPLACEMENT 114# 115# This section of the boot script is responsible for replacing Solaris 10 116# binaries within the booting zone with Nevada binaries. This is a two-step 117# process: First, the directory structure of the zone is validated to ensure 118# that binary replacement will proceed safely. Second, Solaris 10 binaries 119# are replaced with Nevada binaries. 120# 121# Here's an example. Suppose that you want to replace /usr/bin/zcat with the 122# Nevada /usr/bin/zcat binary. Then you should do the following: 123# 124# 1. Go to the section below labeled "STEP ONE" and add the following 125# two lines: 126# 127# safe_dir /usr 128# safe_dir /usr/bin 129# 130# These lines ensure that both /usr and /usr/bin are directories 131# within the booting zone that can be safely accessed by the global 132# zone. 133# 2. Go to the section below labeled "STEP TWO" and add the following 134# line: 135# 136# replace_with_native /usr/bin/zcat 0555 root:bin 137# 138# Details about the binary replacement procedure can be found in the Solaris 10 139# Containers Developer Guide. 140# 141 142# 143# STEP ONE 144# 145# Validate that the zone filesystem looks like we expect it to. 146# 147safe_dir /lib 148safe_dir /lib/svc 149safe_dir /lib/svc/method 150safe_dir /lib/svc/share 151safe_dir /usr 152safe_dir /usr/bin 153safe_dir /usr/lib 154safe_dir /usr/lib/autofs 155safe_dir /usr/lib/fs 156safe_dir /usr/lib/fs/autofs 157safe_dir /usr/lib/fs/ufs 158safe_dir /usr/lib/fs/zfs 159safe_dir /usr/lib/inet 160safe_dir /usr/lib/zfs 161safe_dir /usr/sbin 162if [ -n "$ARCH32" ]; then 163 safe_dir /usr/lib/ipf/$ARCH32 164 safe_dir /usr/sbin/$ARCH32 165fi 166if [ -n "$ARCH64" ]; then 167 safe_dir /usr/lib/ipf/$ARCH64 168 safe_dir /usr/sbin/$ARCH64 169fi 170safe_dir /sbin 171safe_dir /var 172safe_dir /var/svc 173safe_dir /var/svc/manifest 174safe_dir /var/svc/manifest/network 175 176# 177# Some of the native networking daemons such as in.mpathd are 178# expected under /lib/inet 179# 180mkdir -m 0755 -p $ZONEROOT/lib/inet 181chown root:bin $ZONEROOT/lib/inet 182safe_dir /lib/inet 183 184# 185# STEP TWO 186# 187# Replace Solaris 10 binaries with Nevada binaries. 188# 189 190# 191# Replace various network-related programs with native wrappers. 192# 193replace_with_native /sbin/dhcpagent 0555 root:bin 194replace_with_native /sbin/dhcpinfo 0555 root:bin 195replace_with_native /sbin/ifconfig 0555 root:bin 196replace_with_native /usr/bin/netstat 0555 root:bin 197replace_with_native /usr/lib/inet/in.ndpd 0555 root:bin 198replace_with_native /usr/sbin/in.routed 0555 root:bin 199replace_with_native /usr/sbin/ndd 0555 root:bin 200replace_with_native /usr/sbin/snoop 0555 root:bin 201replace_with_native /usr/sbin/if_mpadm 0555 root:bin 202 203# 204# Replace IPFilter commands with native wrappers 205# 206if [ -n "$ARCH32" ]; then 207 replace_with_native /usr/lib/ipf/$ARCH32/ipftest 0555 root:bin 208 replace_with_native /usr/sbin/$ARCH32/ipf 0555 root:bin 209 replace_with_native /usr/sbin/$ARCH32/ipfs 0555 root:bin 210 replace_with_native /usr/sbin/$ARCH32/ipfstat 0555 root:bin 211 replace_with_native /usr/sbin/$ARCH32/ipmon 0555 root:bin 212 replace_with_native /usr/sbin/$ARCH32/ipnat 0555 root:bin 213 replace_with_native /usr/sbin/$ARCH32/ippool 0555 root:bin 214fi 215if [ -n "$ARCH64" ]; then 216 replace_with_native /usr/lib/ipf/$ARCH64/ipftest 0555 root:bin 217 replace_with_native /usr/sbin/$ARCH64/ipf 0555 root:bin 218 replace_with_native /usr/sbin/$ARCH64/ipfs 0555 root:bin 219 replace_with_native /usr/sbin/$ARCH64/ipfstat 0555 root:bin 220 replace_with_native /usr/sbin/$ARCH64/ipmon 0555 root:bin 221 replace_with_native /usr/sbin/$ARCH64/ipnat 0555 root:bin 222 replace_with_native /usr/sbin/$ARCH64/ippool 0555 root:bin 223fi 224 225# 226# Replace in.mpathd daemon at /usr/lib/inet by native wrapper 227# 228if [ ! -h $ZONEROOT/usr/lib/inet -a -d $ZONEROOT/usr/lib/inet ]; then 229 safe_replace $ZONEROOT/usr/lib/inet/in.mpathd \ 230 /lib/inet/in.mpathd 0555 root:bin remove 231fi 232 233# 234# Create wrapper at /lib/inet/in.mpathd as well because native ifconfig 235# looks up in.mpathd under /lib/inet. 236# 237wrap_with_native /lib/inet/in.mpathd 0555 root:bin 238 239# Create native wrapper for /sbin/ipmpstat 240wrap_with_native /sbin/ipmpstat 0555 root:bin 241 242# 243# Create ipmgmtd wrapper to native binary in s10 container 244# and copy ipmgmt service manifest and method. 245# 246wrap_with_native /lib/inet/ipmgmtd 0555 root:bin 247safe_copy /lib/svc/manifest/network/network-ipmgmt.xml \ 248 $ZONEROOT/var/svc/manifest/network/network-ipmgmt.xml 249safe_copy /lib/svc/method/net-ipmgmt \ 250 $ZONEROOT/lib/svc/method/net-ipmgmt 251 252# 253# To handle certain IPMP configurations, we need updated 254# net-physical method script and native net_include.sh 255# 256filename=$ZONEROOT/lib/svc/method/net-physical 257safe_backup $filename $filename.pre_p2v 258safe_copy /usr/lib/brand/solaris10/s10_net_physical $filename 259filename=$ZONEROOT/lib/svc/share/net_include.sh 260safe_backup $filename $filename.pre_p2v 261safe_copy /lib/svc/share/net_include.sh $filename 262 263# 264# PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying 265# IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(8) is used within an 266# S10 container, the kernel will return EINVAL. So we need this. 267# 268replace_with_native /usr/sbin/ndd 0555 root:bin 269 270# 271# Replace various ZFS-related programs with native wrappers. These commands 272# either link with libzfs, dlopen libzfs or link with libraries that link 273# or dlopen libzfs. Commands which fall into these categories but which can 274# only be used in the global zone are not wrapped. The libdiskmgt dm_in_use 275# code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path. 276# That code does not issue ioctls on /dev/zfs and does not need wrapping. 277# 278replace_with_native /sbin/zfs 0555 root:bin 279replace_with_native /sbin/zpool 0555 root:bin 280replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin 281replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin 282replace_with_native /usr/lib/zfs/availdevs 0555 root:bin 283replace_with_native /usr/sbin/df 0555 root:bin 284replace_with_native /usr/sbin/zstreamdump 0555 root:bin 285 286# 287# Replace automount and automountd with native wrappers. 288# 289replace_with_native /usr/lib/fs/autofs/automount 0555 root:bin 290replace_with_native /usr/lib/autofs/automountd 0555 root:bin 291 292# 293# The class-specific dispadmin(8) and priocntl(1) binaries must be native 294# wrappers, and we must have all of the ones the native zone does. This 295# allows new scheduling classes to appear without causing dispadmin and 296# priocntl to be unhappy. 297# 298rm -rf $ZONEROOT/usr/lib/class 299mkdir $ZONEROOT/usr/lib/class || exit 1 300 301find /usr/lib/class -type d -o -type f | while read x; do 302 [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x 303 [ -f $x ] && wrap_with_native $x 0555 root:bin 304done 305 306# 307# END OF STEP TWO 308# 309 310# 311# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which 312# install or remove drivers will work. NOTE: add_drv and rem_drv are hard 313# linked to isaexec so we want to remove the current executable and 314# then copy true so that we don't clobber isaexec. 315# 316filename=$ZONEROOT/usr/sbin/add_drv 317[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 318rm -f $filename 319safe_copy $ZONEROOT/usr/bin/true $filename 320 321filename=$ZONEROOT/usr/sbin/rem_drv 322[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 323rm -f $filename 324safe_copy $ZONEROOT/usr/bin/true $filename 325 326exit 0 327