xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 06ca4e396ecc93ed45a333664a51558b7e84e8f5)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
24 Copyright (c) 2011, Joyent, Inc. All rights reserved.
25
26 DO NOT EDIT THIS FILE.
27
28 Copyright 2014 Nexenta Systems, Inc. All rights reserved.
29-->
30
31<!--
32  verify_cfg
33
34    Identifies the program to be invoked by zonecfg to verify that the
35    zone's configuration is legal, and that all the configured devices,
36    attributes, etc. are legal for this brand.
37
38    The program is called with a single argument: the path to a file
39    containing a temporary config.xml file the zone.  It should return 0
40    on success and non-0 on failure.  Any detailed error messages should be
41    displayed to stderr.
42
43    It has no attributes.
44
45-->
46<!ELEMENT verify_cfg	(#PCDATA) >
47<!ATTLIST verify_cfg>
48<!--
49  verify_adm
50
51    Identifies the program invoked by zoneadm to perform brand-specific
52    checks as to the viability of a zone on this specific machine.
53
54    The following replacements are performed:
55
56      %z	Name of zone
57      %R	Zonepath of zone
58      Additional arguments, if any, are appended.
59
60    The program should return 0 on success and non-0 on failure.  Any
61    detailed error messages should be displayed to stderr.
62
63    It has no attributes.
64
65-->
66<!ELEMENT verify_adm	(#PCDATA) >
67<!ATTLIST verify_adm>
68
69<!--
70  install
71
72    Identifies the program to invoke when installing a zone.  The following
73    replacements are performed:
74
75      %z	Name of zone
76      %R	Zonepath of zone
77      Additional arguments, if any, are appended.
78
79    It has no attributes.
80-->
81<!ELEMENT install	(#PCDATA) >
82<!ATTLIST install>
83
84<!--
85  installopts
86
87    Identifies the command-line options supported by the brand's
88    installation program, allowing zoneadm to parse the install line
89    properly.
90
91    It has no attributes.
92-->
93<!ELEMENT installopts	(#PCDATA) >
94<!ATTLIST installopts>
95
96<!--
97  boot
98
99    This is a program which gets run by zoneadmd when a zone is booted.
100    The program will be invoked as the last step in the zone booting
101    process before the the first process is spawned inside the zone.
102
103    If this programs succeeds it should not generate any output.
104    If this program returns an error, any output generated by the
105    program will be sent to the zoneadmd message log.
106
107    The following replacements are performed:
108
109      %z	Name of zone
110      %R	Zonepath of zone
111      Additional arguments, if any, are appended.
112
113    It has no attributes.
114-->
115<!ELEMENT boot	(#PCDATA) >
116<!ATTLIST boot>
117
118<!--
119  sysboot
120
121    This is a program that will be run by zoneadm during system boot for an
122    installed zone that won't automatically boot.
123
124    If the program succeeds, then it should not generate output.
125    If the program returns an error, then the output it generates will be
126    sent to the zones SMF service's message log.
127
128    The following replacements are performed:
129
130      %z	Name of the target zone
131      %R	Zonepath of the target zone
132      Additional arguments, if any, are appended.
133
134    This element has no attributes.
135-->
136<!ELEMENT sysboot	(#PCDATA) >
137<!ATTLIST sysboot>
138
139<!--
140  halt
141
142    This is a program which gets run by zoneadmd when a zone is being
143    halted.  This callback is provided to allow a brand to cleanup any
144    special configuration that was setup during boot.
145
146    This program will also be invoked by zoneadmd if any part of the zone
147    booting process fail, even if the booting process failed before the
148    brand boot program was invoked.  It is also possible that if the zone
149    fails to halt after invoking this program, future attempts to halt the
150    zone will invoke this program again.  So this program should be
151    designed to clean up any resources allocated to a zone but it should
152    also be able to gracefully handle the case where resources that it
153    expects to release are not actually allocated (or have been already
154    released.)
155
156    If this programs succeeds it should not generate any output.  If this
157    program returns an error, any output generated by the program will be
158    sent to the zoneadmd message log.
159
160    The following replacements are performed:
161
162      %z	Name of zone
163      %R	Zonepath of zone
164      Additional arguments, if any, are appended.
165
166    It has no attributes.
167-->
168<!ELEMENT halt	(#PCDATA) >
169<!ATTLIST halt>
170
171<!--
172  shutdown
173
174    This is a program which gets run by zoneadmd when a zone is being
175    shutdown gracefully. Currently only asynchronous mode is supported.
176
177    If this program succeeds it should not generate any output. If this
178    program returns an error, any output generated by the program will be
179    sent to the zoneadmd message log.
180
181    The following replacements are performed:
182
183      %z	Name of zone
184      %R	Zonepath of zone
185      Additional arguments, if any, are appended.
186
187    It has no attributes.
188-->
189<!ELEMENT shutdown	(#PCDATA) >
190<!ATTLIST shutdown>
191
192<!--
193  modname
194
195    Path to the kernel module that implements the kernel-level
196    functionality of the brand.
197
198    It has no attributes.
199-->
200<!ELEMENT modname	(#PCDATA) >
201<!ATTLIST modname>
202
203<!--
204  initname
205
206    Path to the initial executable that should be launched when booting a
207    branded zone.
208
209    It has no attributes.
210-->
211<!ELEMENT initname	(#PCDATA) >
212<!ATTLIST initname>
213
214<!--
215  restartinit, restartinit0 and restartinitreboot
216
217    These three boolean elements control what action is taken when the
218    program specified by the 'initname' element exits.
219
220    The default values are:
221
222        restartinit:       true
223        restartinit0:      false
224        restartinitreboot: false
225
226    If 'restartinit' is set to false then the init process will never be
227    restarted and the zone will shut down once init exits. In this case, the
228    other restartinit elements are ignored.
229
230    When 'restartinit0' is set, init will only be restarted if it exited with
231    an exit status of 0, otherwise the zone will shut down.
232
233    If 'restartinitreboot' is set to true then whenever init should be
234    restarted, based on the other restartinit elements, the zone will instead
235    be rebooted.
236
237    These have no attributes.
238-->
239<!ELEMENT restartinit	(#PCDATA) >
240<!ATTLIST restartinit>
241<!ELEMENT restartinit0	(#PCDATA) >
242<!ATTLIST restartinit0>
243<!ELEMENT restartinitreboot	(#PCDATA) >
244<!ATTLIST restartinitreboot>
245
246<!--
247  login_cmd
248
249    Path to the initial login binary that should be executed when
250    attempting to zlogin into a branded zone.
251
252    The following replacements are performed:
253
254      %Z	Name of the current zone
255      %u	User login name
256
257    It has no attributes.
258-->
259<!ELEMENT login_cmd	(#PCDATA) >
260<!ATTLIST login_cmd>
261
262<!--
263  forcedlogin_cmd
264
265    Path to the initial login binary that should be executed when
266    attempting to zlogin into a branded zone without authentication.
267
268    The following replacements are performed:
269
270      %Z	Name of the current zone
271      %u	User login name
272
273    It has no attributes.
274-->
275<!ELEMENT forcedlogin_cmd	(#PCDATA) >
276<!ATTLIST forcedlogin_cmd>
277
278<!--
279  user_cmd
280
281    Path to the binary that will translate a user name to a passwd(5) entry.
282
283    The following replacements are performed:
284
285      %u        User login name
286
287    It has no attributes.  The passwd(5) entry is used to determine $LOGNAME,
288    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
289-->
290<!ELEMENT user_cmd   (#PCDATA) >
291<!ATTLIST user_cmd>
292
293<!--
294  attach
295
296    Path to a hook that will perform any necessary processing on
297    a zone to allow it to be attached.  The zone will be in the "configured"
298    state when this hook is run.  This hook is never called when the zone
299    is "force attached" (-F).
300
301    If this hook exits with a non-zero exit status, the attach operation
302    will fail.
303
304    The following replacements are performed:
305
306      %z	Name of zone
307      %R	Zonepath of zone
308      Additional arguments, if any, are appended.
309
310    If no hook is provided, the internal zoneadm attach code will be used.
311
312    It has no attributes.
313-->
314<!ELEMENT attach	(#PCDATA) >
315<!ATTLIST attach>
316
317<!--
318  postattach
319
320    Path to a hook that will perform any necessary post-processing on
321    a zone after it has been attached.  The zone will be in the "installed"
322    state when this hook is run.  This hook is never called when the zone
323    is "force attached" (-F).
324
325    If this hook exits with a non-zero exit status, the attach operation
326    will fail and the zone state will be reset to "configured".
327
328    The following replacements are performed:
329
330      %z	Name of zone
331      %R	Zonepath of zone
332      Additional arguments, if any, are appended.
333
334    It has no attributes.
335-->
336<!ELEMENT postattach	(#PCDATA) >
337<!ATTLIST postattach>
338
339<!--
340  postclone
341
342    Path to a hook that will perform any necessary post-processing on
343    a zone after it has been cloned.  The zone will be in the "incomplete"
344    state when this hook is run.
345
346    If this hook exits with a non-zero exit status, the clone operation
347    will fail and the zone will be left in the "incomplete" state,
348    otherwise the state will be changed to the "installed" state.
349
350    The following replacements are performed:
351
352      %z	Name of zone
353      %R	Zonepath of zone
354      Additional arguments, if any, are appended.
355
356    It has no attributes.
357-->
358<!ELEMENT postclone	(#PCDATA) >
359<!ATTLIST postclone>
360
361<!--
362  postinstall
363
364    Path to a script that will perform any necessary post-processing on
365    a zone after it has been freshly installed.  This hook will run after the
366    install hook completes and the zone is in the installed state.  The
367    additional arguments are the same as what is passed to the install hook.
368
369    The following replacements are performed:
370
371      %z	Name of zone
372      %R	Zonepath of zone
373      Additional arguments, if any, are appended.
374
375    It has no attributes.
376-->
377<!ELEMENT postinstall	(#PCDATA) >
378<!ATTLIST postinstall>
379
380<!--
381  predetach
382
383    Path to a hook that will perform any necessary pre-processing on
384    a zone before it is detached.  The zone will be in the "installed"
385    state when this hook is run.
386
387    It is possible that if the zone fails to detach after invoking this
388    hook, future attempts to detach the zone will invoke this hook again.
389    So this hook should be designed to gracefully handle the case where
390    it is run multiple times on the same zone.  If this hook exits with
391    a non-zero exit status, the detach operation will fail.
392
393    This hook is most commonly used when there is pre-processing for detaching
394    a zone but the built-in detach support will be used for the actual
395    detach.  Otherwise, if a detach hook is provided, then it can be used
396    to do both preprocessing as well as the actual detach.
397
398    The following replacements are performed:
399
400      %z	Name of zone
401      %R	Zonepath of zone
402      Additional arguments, if any, are appended.
403
404    It has no attributes.
405-->
406<!ELEMENT predetach	(#PCDATA) >
407<!ATTLIST predetach>
408
409<!--
410  detach
411
412    Path to a hook that will perform any necessary processing on
413    a zone to allow it to be detached.  The zone will be in the "installed"
414    state when this hook is run.
415
416    It is possible that if the zone fails to detach while running this
417    hook, future attempts to detach the zone will invoke this hook again.
418    So this hook should be designed to gracefully handle the case where
419    it is run multiple times on the same zone.  If this hook exits with
420    a non-zero exit status, the detach operation will fail and the zone will
421    be left in the "installed" state, otherwise the state will be changed
422    to "configured".
423
424    The following replacements are performed:
425
426      %z	Name of zone
427      %R	Zonepath of zone
428      Additional arguments, if any, are appended.
429
430    If no hook is provided, the internal zoneadm detach code will be used.
431
432    It has no attributes.
433-->
434<!ELEMENT detach	(#PCDATA) >
435<!ATTLIST detach>
436
437<!--
438  clone
439    Path to a hook that will perform any necessary processing on a zone to
440    allow it to be installed via cloning.  Cloning is an alternative to
441    installing so this hook should result in the same effect for the zone.
442    The zone will be in the "incomplete" state when this hook is run.
443
444    If this hook exits with a non-zero exit status, the clone operation
445    will fail and the zone will be left in the "incomplete" state, otherwise
446    the state will be changed to "installed".
447
448    The following replacements are performed:
449
450      %z	Name of zone
451      %R	Zonepath of zone
452      1st arg   name of source zone
453      Additional arguments, if any, are appended.
454
455    If no hook is provided, the internal zoneadm cloning code will be used.
456-->
457<!ELEMENT clone	(#PCDATA) >
458<!ATTLIST clone>
459
460<!--
461  preuninstall
462
463    Path to a script that will perform any necessary pre-processing on
464    a zone before it is uninstalled.  The zone will be in the "installed"
465    state when this hook is run.
466
467    It is possible that if the zone fails to uninstall after invoking this
468    hook, future attempts to uninstall the zone will invoke this hook
469    again.  So this hook should be designed to gracefully handle the case
470    where it is run multiple times on the same zone.  If this hook exits
471    with a non-zero exit status, the uninstall operation will fail.
472
473    The following replacements are performed:
474
475      %z	Name of zone
476      %R	Zonepath of zone
477      Additional arguments, if any, are appended.
478
479    It has no attributes.
480-->
481<!ELEMENT preuninstall	(#PCDATA) >
482<!ATTLIST preuninstall>
483
484<!--
485  uninstall
486    Identifies the hook to invoke when uninstalling a zone.  The zone will
487    be in the "incomplete" state when this hook is run.
488
489    If this hook exits with a non-zero exit status, the uninstall operation
490    will fail and the zone will be left in the "incomplete" state, otherwise
491    the state will be changed to "configured".
492
493    The following replacements are performed:
494
495      %z	Name of zone
496      %R	Zonepath of zone
497      Additional arguments, if any, are appended.
498
499    If no hook is provided, the internal zoneadm uninstall code will be used.
500-->
501<!ELEMENT uninstall	(#PCDATA) >
502<!ATTLIST uninstall>
503
504<!--
505  presnap
506    Identifies the hook to invoke before snapshotting a zone using the
507    built-in ZFS clone support.
508
509    If this hook exits with a non-zero exit status, the snapshot operation
510    will fail and the zfs clone operation will fail.
511
512    The following replacements are performed:
513
514      %z	Name of zone
515      %R	Zonepath of zone
516-->
517<!ELEMENT presnap	(#PCDATA) >
518<!ATTLIST presnap>
519
520<!--
521  postsnap
522    Identifies the hook to invoke after snapshotting a zone using the
523    built-in ZFS clone support.
524
525    If this hook exits with a non-zero exit status, the zfs clone operation
526    will fail.
527
528    The following replacements are performed:
529
530      %z	Name of zone
531      %R	Zonepath of zone
532-->
533<!ELEMENT postsnap	(#PCDATA) >
534<!ATTLIST postsnap>
535
536<!--
537  validatesnap
538    Identifies the hook to invoke to validate a snapshot of a zone using the
539    built-in ZFS clone support.  This will validate a snapshot that was
540    explicitly specified to the clone command when the user wants to
541    re-use a snapshot from an earlier clone operation.
542
543    If this hook exits with a non-zero exit status, the snapshot validation
544    operation will fail, meaning the zfs snapshot cannot be used to install
545    the zone.
546
547    The following replacements are performed:
548
549      %z	Name of zone
550      %R	Zonepath of zone
551      1st arg   snapshot name
552      2nd arg   snapshot path
553-->
554<!ELEMENT validatesnap	(#PCDATA) >
555<!ATTLIST validatesnap>
556
557<!--
558  prestatechange
559    Identifies the hook to invoke before zoneadmd makes a state change.
560    If this hook exits with a non-zero exit status, the action failed
561    and no further state change activity will take place.
562
563    The following replacements are performed:
564
565      %z	Name of zone
566      %R	Zonepath of zone
567      1st arg   integer representing current state of zone
568			2 - installed
569			3 - ready
570			4 - running
571			5 - shutting down
572			6 - down
573			7 - mounted
574      2nd arg   integer representing transition command
575			0 - ready
576			1 - boot
577			4 - halt
578      3rd arg   Alternate root (zonepath is mounted under this root)
579			empty string if zone not mounted under alternate root
580-->
581<!ELEMENT prestatechange	(#PCDATA) >
582<!ATTLIST prestatechange>
583
584<!--
585  poststatechange
586    Identifies the hook to invoke after zoneadmd makes a successful state
587    change.  If this hook exits with a non-zero exit status, the action failed
588    and zoneadmd treats the overall state change as failed, although
589    all of the actions up to running the hook will have taken place.
590
591    The following replacements are performed:
592
593      %z	Name of zone
594      %R	Zonepath of zone
595    See prestatechange comment for 1st, 2nd and 3rd argument values.
596-->
597<!ELEMENT poststatechange	(#PCDATA) >
598<!ATTLIST poststatechange>
599
600<!--
601  query
602    Identifies a hook which can be called to get brand-specific information
603    about the zone.  There is no specific place in zones where this is called,
604    calls within the zone infrastructure can be added as needed.
605
606    One example of the use of this hook is to query the implicit ZFS datasets
607    supported by the brand.
608
609    If this hook exits with a non-zero exit status, the query failed,
610    although in general, this hook shouldn't return non-zero.
611
612    The following replacements are performed:
613
614      %z	Name of zone
615      %R	Zonepath of zone
616      1st arg   Arbitrary string which the hook can use to determine what
617		data to return.  Brands implementing this hook should be
618		tolerant of arguments they don't support and simply do
619		nothing.
620-->
621<!ELEMENT query	(#PCDATA) >
622<!ATTLIST query>
623
624<!--
625  security-flags
626    Specifies the default security flags applied to zones of this brand. This
627    set can be overridden via security-flags in zonecfg(8).
628-->
629<!ELEMENT security-flags	(#PCDATA) >
630<!ATTLIST security-flags>
631
632<!--
633  privilege
634
635    Add a privilege to the default, prohibited, or required set for all
636    zones of this brand with ip-type matched.  If a privilege is added
637    to the default set all zones of this brand with ip-type matched on
638    the system will inherit this privilege unless the privilege is
639    removed via limitpriv in zonecfg(8).  If a privilege is added to
640    the prohibited set it can not be added to any zones with ip-type
641    matched via limitpriv in zonecfg(8).  If a privilege is added to
642    the required set then all zones of this brand with ip-type matched
643    on the system will inherit this privilege and it can't be removed via
644    limitpriv in zonecfg(8).
645
646    Its attributes are
647      set	The name of the set the privilege should go into.
648      name	The name of the privilege.
649      ip-type	Optional, indicates that adding of the privilege to the
650		set only applies to certain IP types. Can be "shared" or
651		"exclusive". If it is not specified, the default value
652		"all" will be used, which means it is applicable regardless
653		the IP type.
654
655-->
656<!ELEMENT privilege	(#PCDATA) >
657<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
658			name	CDATA #REQUIRED
659			ip-type ( shared | exclusive ) "all" >
660
661<!--
662  brand
663
664    The toplevel container for a brand configuration.
665
666    Its attributes are
667
668      name	The name of the brand.  This must match the name of the
669		directory in which the configuration file is stored.
670-->
671
672<!ELEMENT brand		(modname?, initname, restartinit?,
673			restartinit0?, restartinitreboot?,
674			login_cmd,
675			forcedlogin_cmd, user_cmd, install,
676			installopts?, boot?, sysboot?, halt?, shutdown?,
677			verify_cfg?, verify_adm?, postattach?, postclone?,
678			postinstall?, predetach?, attach?, detach?, clone?,
679			presnap?, postsnap?, validatesnap?,
680			preuninstall?, uninstall?,
681			prestatechange?, poststatechange?, query?,
682			security-flags?, privilege+)>
683
684<!ATTLIST brand		name		CDATA #REQUIRED>
685