xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 3c7284bd3243d42a710edac3a15f6019b4c849be)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
24
25 DO NOT EDIT THIS FILE.
26
27 Copyright 2014 Nexenta Systems, Inc. All rights reserved.
28-->
29
30<!--
31  verify_cfg
32
33    Identifies the program to be invoked by zonecfg to verify that the
34    zone's configuration is legal, and that all the configured devices,
35    attributes, etc. are legal for this brand.
36
37    The program is called with a single argument: the path to a file
38    containing a temporary config.xml file the zone.  It should return 0
39    on success and non-0 on failure.  Any detailed error messages should be
40    displayed to stderr.
41
42    It has no attributes.
43
44-->
45<!ELEMENT verify_cfg	(#PCDATA) >
46<!ATTLIST verify_cfg>
47<!--
48  verify_adm
49
50    Identifies the program invoked by zoneadm to perform brand-specific
51    checks as to the viability of a zone on this specific machine.
52
53    The following replacements are performed:
54
55      %z	Name of zone
56      %R	Zonepath of zone
57      Additional arguments, if any, are appended.
58
59    The program should return 0 on success and non-0 on failure.  Any
60    detailed error messages should be displayed to stderr.
61
62    It has no attributes.
63
64-->
65<!ELEMENT verify_adm	(#PCDATA) >
66<!ATTLIST verify_adm>
67
68<!--
69  install
70
71    Identifies the program to invoke when installing a zone.  The following
72    replacements are performed:
73
74      %z	Name of zone
75      %R	Zonepath of zone
76      Additional arguments, if any, are appended.
77
78    It has no attributes.
79-->
80<!ELEMENT install	(#PCDATA) >
81<!ATTLIST install>
82
83<!--
84  installopts
85
86    Identifies the command-line options supported by the brand's
87    installation program, allowing zoneadm to parse the install line
88    properly.
89
90    It has no attributes.
91-->
92<!ELEMENT installopts	(#PCDATA) >
93<!ATTLIST installopts>
94
95<!--
96  boot
97
98    This is a program which gets run by zoneadmd when a zone is booted.
99    The program will be invoked as the last step in the zone booting
100    process before the the first process is spawned inside the zone.
101
102    If this programs succeeds it should not generate any output.
103    If this program returns an error, any output generated by the
104    program will be sent to the zoneadmd message log.
105
106    The following replacements are performed:
107
108      %z	Name of zone
109      %R	Zonepath of zone
110      Additional arguments, if any, are appended.
111
112    It has no attributes.
113-->
114<!ELEMENT boot	(#PCDATA) >
115<!ATTLIST boot>
116
117<!--
118  sysboot
119
120    This is a program that will be run by zoneadm during system boot for an
121    installed zone that won't automatically boot.
122
123    If the program succeeds, then it should not generate output.
124    If the program returns an error, then the output it generates will be
125    sent to the zones SMF service's message log.
126
127    The following replacements are performed:
128
129      %z	Name of the target zone
130      %R	Zonepath of the target zone
131      Additional arguments, if any, are appended.
132
133    This element has no attributes.
134-->
135<!ELEMENT sysboot	(#PCDATA) >
136<!ATTLIST sysboot>
137
138<!--
139  halt
140
141    This is a program which gets run by zoneadmd when a zone is being
142    halted.  This callback is provided to allow a brand to cleanup any
143    special configuration that was setup during boot.
144
145    This program will also be invoked by zoneadmd if any part of the zone
146    booting process fail, even if the booting process failed before the
147    brand boot program was invoked.  It is also possible that if the zone
148    fails to halt after invoking this program, future attempts to halt the
149    zone will invoke this program again.  So this program should be
150    designed to clean up any resources allocated to a zone but it should
151    also be able to gracefully handle the case where resources that it
152    expects to release are not actually allocated (or have been already
153    released.)
154
155    If this programs succeeds it should not generate any output.  If this
156    program returns an error, any output generated by the program will be
157    sent to the zoneadmd message log.
158
159    The following replacements are performed:
160
161      %z	Name of zone
162      %R	Zonepath of zone
163      Additional arguments, if any, are appended.
164
165    It has no attributes.
166-->
167<!ELEMENT halt	(#PCDATA) >
168<!ATTLIST halt>
169
170<!--
171  shutdown
172
173    This is a program which gets run by zoneadmd when a zone is being
174    shutdown gracefully. Currently only asynchronous mode is supported.
175
176    If this program succeeds it should not generate any output. If this
177    program returns an error, any output generated by the program will be
178    sent to the zoneadmd message log.
179
180    The following replacements are performed:
181
182      %z	Name of zone
183      %R	Zonepath of zone
184      Additional arguments, if any, are appended.
185
186    It has no attributes.
187-->
188<!ELEMENT shutdown	(#PCDATA) >
189<!ATTLIST shutdown>
190
191<!--
192  modname
193
194    Path to the kernel module that implements the kernel-level
195    functionality of the brand.
196
197    It has no attributes.
198-->
199<!ELEMENT modname	(#PCDATA) >
200<!ATTLIST modname>
201
202<!--
203  initname
204
205    Path to the initial executable that should be launched when booting a
206    branded zone.
207
208    It has no attributes.
209-->
210<!ELEMENT initname	(#PCDATA) >
211<!ATTLIST initname>
212
213<!--
214  login_cmd
215
216    Path to the initial login binary that should be executed when
217    attempting to zlogin into a branded zone.
218
219    The following replacements are performed:
220
221      %Z	Name of the current zone
222      %u	User login name
223
224    It has no attributes.
225-->
226<!ELEMENT login_cmd	(#PCDATA) >
227<!ATTLIST login_cmd>
228
229<!--
230  forcedlogin_cmd
231
232    Path to the initial login binary that should be executed when
233    attempting to zlogin into a branded zone without authentication.
234
235    The following replacements are performed:
236
237      %Z	Name of the current zone
238      %u	User login name
239
240    It has no attributes.
241-->
242<!ELEMENT forcedlogin_cmd	(#PCDATA) >
243<!ATTLIST forcedlogin_cmd>
244
245<!--
246  user_cmd
247
248    Path to the binary that will translate a user name to a passwd(4) entry.
249
250    The following replacements are performed:
251
252      %u        User login name
253
254    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
255    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
256-->
257<!ELEMENT user_cmd   (#PCDATA) >
258<!ATTLIST user_cmd>
259
260<!--
261  attach
262
263    Path to a hook that will perform any necessary processing on
264    a zone to allow it to be attached.  The zone will be in the "configured"
265    state when this hook is run.  This hook is never called when the zone
266    is "force attached" (-F).
267
268    If this hook exits with a non-zero exit status, the attach operation
269    will fail.
270
271    The following replacements are performed:
272
273      %z	Name of zone
274      %R	Zonepath of zone
275      Additional arguments, if any, are appended.
276
277    If no hook is provided, the internal zoneadm attach code will be used.
278
279    It has no attributes.
280-->
281<!ELEMENT attach	(#PCDATA) >
282<!ATTLIST attach>
283
284<!--
285  postattach
286
287    Path to a hook that will perform any necessary post-processing on
288    a zone after it has been attached.  The zone will be in the "installed"
289    state when this hook is run.  This hook is never called when the zone
290    is "force attached" (-F).
291
292    If this hook exits with a non-zero exit status, the attach operation
293    will fail and the zone state will be reset to "configured".
294
295    The following replacements are performed:
296
297      %z	Name of zone
298      %R	Zonepath of zone
299      Additional arguments, if any, are appended.
300
301    It has no attributes.
302-->
303<!ELEMENT postattach	(#PCDATA) >
304<!ATTLIST postattach>
305
306<!--
307  postclone
308
309    Path to a hook that will perform any necessary post-processing on
310    a zone after it has been cloned.  The zone will be in the "incomplete"
311    state when this hook is run.
312
313    If this hook exits with a non-zero exit status, the clone operation
314    will fail and the zone will be left in the "incomplete" state,
315    otherwise the state will be changed to the "installed" state.
316
317    The following replacements are performed:
318
319      %z	Name of zone
320      %R	Zonepath of zone
321      Additional arguments, if any, are appended.
322
323    It has no attributes.
324-->
325<!ELEMENT postclone	(#PCDATA) >
326<!ATTLIST postclone>
327
328<!--
329  postinstall
330
331    Path to a script that will perform any necessary post-processing on
332    a zone after it has been freshly installed.  This hook will run after the
333    install hook completes and the zone is in the installed state.  The
334    additional arguments are the same as what is passed to the install hook.
335
336    The following replacements are performed:
337
338      %z	Name of zone
339      %R	Zonepath of zone
340      Additional arguments, if any, are appended.
341
342    It has no attributes.
343-->
344<!ELEMENT postinstall	(#PCDATA) >
345<!ATTLIST postinstall>
346
347<!--
348  predetach
349
350    Path to a hook that will perform any necessary pre-processing on
351    a zone before it is detached.  The zone will be in the "installed"
352    state when this hook is run.
353
354    It is possible that if the zone fails to detach after invoking this
355    hook, future attempts to detach the zone will invoke this hook again.
356    So this hook should be designed to gracefully handle the case where
357    it is run multiple times on the same zone.  If this hook exits with
358    a non-zero exit status, the detach operation will fail.
359
360    This hook is most commonly used when there is pre-processing for detaching
361    a zone but the built-in detach support will be used for the actual
362    detach.  Otherwise, if a detach hook is provided, then it can be used
363    to do both preprocessing as well as the actual detach.
364
365    The following replacements are performed:
366
367      %z	Name of zone
368      %R	Zonepath of zone
369      Additional arguments, if any, are appended.
370
371    It has no attributes.
372-->
373<!ELEMENT predetach	(#PCDATA) >
374<!ATTLIST predetach>
375
376<!--
377  detach
378
379    Path to a hook that will perform any necessary processing on
380    a zone to allow it to be detached.  The zone will be in the "installed"
381    state when this hook is run.
382
383    It is possible that if the zone fails to detach while running this
384    hook, future attempts to detach the zone will invoke this hook again.
385    So this hook should be designed to gracefully handle the case where
386    it is run multiple times on the same zone.  If this hook exits with
387    a non-zero exit status, the detach operation will fail and the zone will
388    be left in the "installed" state, otherwise the state will be changed
389    to "configured".
390
391    The following replacements are performed:
392
393      %z	Name of zone
394      %R	Zonepath of zone
395      Additional arguments, if any, are appended.
396
397    If no hook is provided, the internal zoneadm detach code will be used.
398
399    It has no attributes.
400-->
401<!ELEMENT detach	(#PCDATA) >
402<!ATTLIST detach>
403
404<!--
405  clone
406    Path to a hook that will perform any necessary processing on a zone to
407    allow it to be installed via cloning.  Cloning is an alternative to
408    installing so this hook should result in the same effect for the zone.
409    The zone will be in the "incomplete" state when this hook is run.
410
411    If this hook exits with a non-zero exit status, the clone operation
412    will fail and the zone will be left in the "incomplete" state, otherwise
413    the state will be changed to "installed".
414
415    The following replacements are performed:
416
417      %z	Name of zone
418      %R	Zonepath of zone
419      1st arg   name of source zone
420      Additional arguments, if any, are appended.
421
422    If no hook is provided, the internal zoneadm cloning code will be used.
423-->
424<!ELEMENT clone	(#PCDATA) >
425<!ATTLIST clone>
426
427<!--
428  preuninstall
429
430    Path to a script that will perform any necessary pre-processing on
431    a zone before it is uninstalled.  The zone will be in the "installed"
432    state when this hook is run.
433
434    It is possible that if the zone fails to uninstall after invoking this
435    hook, future attempts to uninstall the zone will invoke this hook
436    again.  So this hook should be designed to gracefully handle the case
437    where it is run multiple times on the same zone.  If this hook exits
438    with a non-zero exit status, the uninstall operation will fail.
439
440    The following replacements are performed:
441
442      %z	Name of zone
443      %R	Zonepath of zone
444      Additional arguments, if any, are appended.
445
446    It has no attributes.
447-->
448<!ELEMENT preuninstall	(#PCDATA) >
449<!ATTLIST preuninstall>
450
451<!--
452  uninstall
453    Identifies the hook to invoke when uninstalling a zone.  The zone will
454    be in the "incomplete" state when this hook is run.
455
456    If this hook exits with a non-zero exit status, the uninstall operation
457    will fail and the zone will be left in the "incomplete" state, otherwise
458    the state will be changed to "configured".
459
460    The following replacements are performed:
461
462      %z	Name of zone
463      %R	Zonepath of zone
464      Additional arguments, if any, are appended.
465
466    If no hook is provided, the internal zoneadm uninstall code will be used.
467-->
468<!ELEMENT uninstall	(#PCDATA) >
469<!ATTLIST uninstall>
470
471<!--
472  presnap
473    Identifies the hook to invoke before snapshotting a zone using the
474    built-in ZFS clone support.
475
476    If this hook exits with a non-zero exit status, the snapshot operation
477    will fail and the zfs clone operation will fail.
478
479    The following replacements are performed:
480
481      %z	Name of zone
482      %R	Zonepath of zone
483-->
484<!ELEMENT presnap	(#PCDATA) >
485<!ATTLIST presnap>
486
487<!--
488  postsnap
489    Identifies the hook to invoke after snapshotting a zone using the
490    built-in ZFS clone support.
491
492    If this hook exits with a non-zero exit status, the zfs clone operation
493    will fail.
494
495    The following replacements are performed:
496
497      %z	Name of zone
498      %R	Zonepath of zone
499-->
500<!ELEMENT postsnap	(#PCDATA) >
501<!ATTLIST postsnap>
502
503<!--
504  validatesnap
505    Identifies the hook to invoke to validate a snapshot of a zone using the
506    built-in ZFS clone support.  This will validate a snapshot that was
507    explicitly specified to the clone command when the user wants to
508    re-use a snapshot from an earlier clone operation.
509
510    If this hook exits with a non-zero exit status, the snapshot validation
511    operation will fail, meaning the zfs snapshot cannot be used to install
512    the zone.
513
514    The following replacements are performed:
515
516      %z	Name of zone
517      %R	Zonepath of zone
518      1st arg   snapshot name
519      2nd arg   snapshot path
520-->
521<!ELEMENT validatesnap	(#PCDATA) >
522<!ATTLIST validatesnap>
523
524<!--
525  prestatechange
526    Identifies the hook to invoke before zoneadmd makes a state change.
527    If this hook exits with a non-zero exit status, the action failed
528    and no further state change activity will take place.
529
530    The following replacements are performed:
531
532      %z	Name of zone
533      %R	Zonepath of zone
534      1st arg   integer representing current state of zone
535			2 - installed
536			3 - ready
537			4 - running
538			5 - shutting down
539			6 - down
540			7 - mounted
541      2nd arg   integer representing transition command
542			0 - ready
543			1 - boot
544			4 - halt
545      3rd arg   Alternate root (zonepath is mounted under this root)
546			empty string if zone not mounted under alternate root
547-->
548<!ELEMENT prestatechange	(#PCDATA) >
549<!ATTLIST prestatechange>
550
551<!--
552  poststatechange
553    Identifies the hook to invoke after zoneadmd makes a successful state
554    change.  If this hook exits with a non-zero exit status, the action failed
555    and zoneadmd treats the overall state change as failed, although
556    all of the actions up to running the hook will have taken place.
557
558    The following replacements are performed:
559
560      %z	Name of zone
561      %R	Zonepath of zone
562    See prestatechange comment for 1st, 2nd and 3rd argument values.
563-->
564<!ELEMENT poststatechange	(#PCDATA) >
565<!ATTLIST poststatechange>
566
567<!--
568  query
569    Identifies a hook which can be called to get brand-specific information
570    about the zone.  There is no specific place in zones where this is called,
571    calls within the zone infrastructure can be added as needed.
572
573    One example of the use of this hook is to query the implicit ZFS datasets
574    supported by the brand.
575
576    If this hook exits with a non-zero exit status, the query failed,
577    although in general, this hook shouldn't return non-zero.
578
579    The following replacements are performed:
580
581      %z	Name of zone
582      %R	Zonepath of zone
583      1st arg   Arbitrary string which the hook can use to determine what
584		data to return.  Brands implementing this hook should be
585		tolerant of arguments they don't support and simply do
586		nothing.
587-->
588<!ELEMENT query	(#PCDATA) >
589<!ATTLIST query>
590
591<!--
592  privilege
593
594    Add a privilege to the default, prohibited, or required set for all
595    zones of this brand with ip-type matched.  If a privilege is added
596    to the default set all zones of this brand with ip-type matched on
597    the system will inherit this privilege unless the privilege is
598    removed via limitpriv in zonecfg(1m).  If a privilege is added to
599    the prohibited set it can not be added to any zones with ip-type
600    matched via limitpriv in zonecfg(1m).  If a privilege is added to
601    the required set then all zones of this brand with ip-type matched
602    on the system will inherit this privilege and it can't be removed via
603    limitpriv in zonecfg(1m).
604
605    Its attributes are
606      set	The name of the set the privilege should go into.
607      name	The name of the privilege.
608      ip-type	Optional, indicates that adding of the privilege to the
609		set only applies to certain IP types. Can be "shared" or
610		"exclusive". If it is not specified, the default value
611		"all" will be used, which means it is applicable regardless
612		the IP type.
613
614-->
615<!ELEMENT privilege	(#PCDATA) >
616<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
617			name	CDATA #REQUIRED
618			ip-type ( shared | exclusive ) "all" >
619
620<!--
621  brand
622
623    The toplevel container for a brand configuration.
624
625    Its attributes are
626
627      name	The name of the brand.  This must match the name of the
628		directory in which the configuration file is stored.
629-->
630
631<!ELEMENT brand		(modname?, initname, login_cmd, forcedlogin_cmd,
632			user_cmd, install,
633			installopts?, boot?, sysboot?, halt?, shutdown?,
634			verify_cfg?, verify_adm?, postattach?, postclone?,
635			postinstall?, predetach?, attach?, detach?, clone?,
636			presnap?, postsnap?, validatesnap?,
637			preuninstall?, uninstall?,
638			prestatechange?, poststatechange?, query?,
639			privilege+)>
640
641<!ATTLIST brand		name		CDATA #REQUIRED>
642