xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 3cf6f95f0e20ed31de99608fdb0a120190d5438f)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24 Use is subject to license terms.
25
26 ident	"%Z%%M%	%I%	%E% SMI"
27
28 DO NOT EDIT THIS FILE.
29-->
30
31<!--
32  verify_cfg
33
34    Identifies the program to be invoked by zonecfg to verify that the
35    zone's configuration is legal, and that all the configured devices,
36    attributes, etc. are legal for this brand.
37
38    The program is called with a single argument: the path to a file
39    containing a temporary config.xml file the zone.  It should return 0
40    on success and non-0 on failure.  Any detailed error messages should be
41    displayed to stderr.
42
43    It has no attributes.
44
45-->
46<!ELEMENT verify_cfg	(#PCDATA) >
47<!ATTLIST verify_cfg>
48<!--
49  verify_adm
50
51    Identifies the program invoked by zoneadm to perform brand-specific
52    checks as to the viability of a zone on this specific machine.
53
54    The following replacements are performed:
55
56      %z	Name of zone
57      %R	Zonepath of zone
58      Additional arguments, if any, are appended.
59
60    The program should return 0 on success and non-0 on failure.  Any
61    detailed error messages should be displayed to stderr.
62
63    It has no attributes.
64
65-->
66<!ELEMENT verify_adm	(#PCDATA) >
67<!ATTLIST verify_adm>
68
69<!--
70  install
71
72    Identifies the program to invoke when installing a zone.  The following
73    replacements are performed:
74
75      %z	Name of zone
76      %R	Zonepath of zone
77      Additional arguments, if any, are appended.
78
79    It has no attributes.
80-->
81<!ELEMENT install	(#PCDATA) >
82<!ATTLIST install>
83
84<!--
85  installopts
86
87    Identifies the command-line options supported by the brand's
88    installation program, allowing zoneadm to parse the install line
89    properly.
90
91    It has no attributes.
92-->
93<!ELEMENT installopts	(#PCDATA) >
94<!ATTLIST installopts>
95
96<!--
97  boot
98
99    This is a program which gets run by zoneadmd when a zone is booted.
100    The program will be invoked as the last step in the zone booting
101    process before the the first process is spawned inside the zone.
102
103    If this programs succeeds it should not generate any output.
104    If this program returns an error, any output generated by the
105    program will be sent to the zoneadmd message log.
106
107    The following replacements are performed:
108
109      %z	Name of zone
110      %R	Zonepath of zone
111      Additional arguments, if any, are appended.
112
113    It has no attributes.
114-->
115<!ELEMENT boot	(#PCDATA) >
116<!ATTLIST boot>
117
118<!--
119  halt
120
121    This is a program which gets run by zoneadmd when a zone is being
122    halted.  This callback is provided to allow a brand to cleanup any
123    special configuration that was setup during boot.
124
125    This program will also be invoked by zoneadmd if any part of the zone
126    booting process fail, even if the booting process failed before the
127    brand boot program was invoked.  It is also possible that if the zone
128    fails to halt after invoking this program, future attempts to halt the
129    zone will invoke this program again.  So this program should be
130    designed to clean up any resources allocated to a zone but it should
131    also be able to gracefully handle the case where resources that it
132    expects to release are not actually allocated (or have been already
133    released.)
134
135    If this programs succeeds it should not generate any output.  If this
136    program returns an error, any output generated by the program will be
137    sent to the zoneadmd message log.
138
139    The following replacements are performed:
140
141      %z	Name of zone
142      %R	Zonepath of zone
143      Additional arguments, if any, are appended.
144
145    It has no attributes.
146-->
147<!ELEMENT halt	(#PCDATA) >
148<!ATTLIST halt>
149
150<!--
151  modname
152
153    Path to the kernel module that implements the kernel-level
154    functionality of the brand.
155
156    It has no attributes.
157-->
158<!ELEMENT modname	(#PCDATA) >
159<!ATTLIST modname>
160
161<!--
162  initname
163
164    Path to the initial executable that should be launched when booting a
165    branded zone.
166
167    It has no attributes.
168-->
169<!ELEMENT initname	(#PCDATA) >
170<!ATTLIST initname>
171
172<!--
173  login_cmd
174
175    Path to the initial login binary that should be executed when
176    attempting to zlogin into a branded zone.
177
178    The following replacements are performed:
179
180      %Z	Name of the current zone
181      %u	User login name
182
183    It has no attributes.
184-->
185<!ELEMENT login_cmd	(#PCDATA) >
186<!ATTLIST login_cmd>
187
188<!--
189  user_cmd
190
191    Path to the binary that will translate a user name to a passwd(4) entry.
192
193    The following replacements are performed:
194
195      %u        User login name
196
197    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
198    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
199-->
200<!ELEMENT user_cmd   (#PCDATA) >
201<!ATTLIST user_cmd>
202
203<!--
204  attach
205
206    Path to a hook that will perform any necessary processing on
207    a zone to allow it to be attached.  The zone will be in the "configured"
208    state when this hook is run.  This hook is never called when the zone
209    is "force attached" (-F).
210
211    If this hook exits with a non-zero exit status, the attach operation
212    will fail.
213
214    The following replacements are performed:
215
216      %z	Name of zone
217      %R	Zonepath of zone
218      Additional arguments, if any, are appended.
219
220    If no hook is provided, the internal zoneadm attach code will be used.
221
222    It has no attributes.
223-->
224<!ELEMENT attach	(#PCDATA) >
225<!ATTLIST attach>
226
227<!--
228  postattach
229
230    Path to a hook that will perform any necessary post-processing on
231    a zone after it has been attached.  The zone will be in the "installed"
232    state when this hook is run.  This hook is never called when the zone
233    is "force attached" (-F).
234
235    If this hook exits with a non-zero exit status, the attach operation
236    will fail and the zone state will be reset to "configured".
237
238    The following replacements are performed:
239
240      %z	Name of zone
241      %R	Zonepath of zone
242      Additional arguments, if any, are appended.
243
244    It has no attributes.
245-->
246<!ELEMENT postattach	(#PCDATA) >
247<!ATTLIST postattach>
248
249<!--
250  postclone
251
252    Path to a hook that will perform any necessary post-processing on
253    a zone after it has been cloned.  The zone will be in the "incomplete"
254    state when this hook is run.
255
256    If this hook exits with a non-zero exit status, the clone operation
257    will fail and the zone will be left in the "incomplete" state,
258    otherwise the state will be changed to the "installed" state.
259
260    The following replacements are performed:
261
262      %z	Name of zone
263      %R	Zonepath of zone
264      Additional arguments, if any, are appended.
265
266    It has no attributes.
267-->
268<!ELEMENT postclone	(#PCDATA) >
269<!ATTLIST postclone>
270
271<!--
272  postinstall
273
274    Path to a script that will perform any necessary post-processing on
275    a zone after it has been freshly installed.  This hook will run after the
276    install hook completes and the zone is in the installed state.  The
277    additional arguments are the same as what is passed to the install hook.
278
279    The following replacements are performed:
280
281      %z	Name of zone
282      %R	Zonepath of zone
283      Additional arguments, if any, are appended.
284
285    It has no attributes.
286-->
287<!ELEMENT postinstall	(#PCDATA) >
288<!ATTLIST postinstall>
289
290<!--
291  predetach
292
293    Path to a hook that will perform any necessary pre-processing on
294    a zone before it is detached.  The zone will be in the "installed"
295    state when this hook is run.
296
297    It is possible that if the zone fails to detach after invoking this
298    hook, future attempts to detach the zone will invoke this hook again.
299    So this hook should be designed to gracefully handle the case where
300    it is run multiple times on the same zone.  If this hook exits with
301    a non-zero exit status, the detach operation will fail.
302
303    This hook is most commonly used when there is pre-processing for detaching
304    a zone but the built-in detach support will be used for the actual
305    detach.  Otherwise, if a detach hook is provided, then it can be used
306    to do both preprocessing as well as the actual detach.
307
308    The following replacements are performed:
309
310      %z	Name of zone
311      %R	Zonepath of zone
312      Additional arguments, if any, are appended.
313
314    It has no attributes.
315-->
316<!ELEMENT predetach	(#PCDATA) >
317<!ATTLIST predetach>
318
319<!--
320  detach
321
322    Path to a hook that will perform any necessary processing on
323    a zone to allow it to be detached.  The zone will be in the "installed"
324    state when this hook is run.
325
326    It is possible that if the zone fails to detach while running this
327    hook, future attempts to detach the zone will invoke this hook again.
328    So this hook should be designed to gracefully handle the case where
329    it is run multiple times on the same zone.  If this hook exits with
330    a non-zero exit status, the detach operation will fail and the zone will
331    be left in the "installed" state, otherwise the state will be changed
332    to "configured".
333
334    The following replacements are performed:
335
336      %z	Name of zone
337      %R	Zonepath of zone
338      Additional arguments, if any, are appended.
339
340    If no hook is provided, the internal zoneadm detach code will be used.
341
342    It has no attributes.
343-->
344<!ELEMENT detach	(#PCDATA) >
345<!ATTLIST detach>
346
347<!--
348  clone
349    Path to a hook that will perform any necessary processing on a zone to
350    allow it to be installed via cloning.  Cloning is an alternative to
351    installing so this hook should result in the same effect for the zone.
352    The zone will be in the "incomplete" state when this hook is run.
353
354    If this hook exits with a non-zero exit status, the clone operation
355    will fail and the zone will be left in the "incomplete" state, otherwise
356    the state will be changed to "installed".
357
358    The following replacements are performed:
359
360      %z	Name of zone
361      %R	Zonepath of zone
362      1st arg   name of source zone
363      Additional arguments, if any, are appended.
364
365    If no hook is provided, the internal zoneadm cloning code will be used.
366-->
367<!ELEMENT clone	(#PCDATA) >
368<!ATTLIST clone>
369
370<!--
371  preuninstall
372
373    Path to a script that will perform any necessary pre-processing on
374    a zone before it is uninstalled.  The zone will be in the "installed"
375    state when this hook is run.
376
377    It is possible that if the zone fails to uninstall after invoking this
378    hook, future attempts to uninstall the zone will invoke this hook
379    again.  So this hook should be designed to gracefully handle the case
380    where it is run multiple times on the same zone.  If this hook exits
381    with a non-zero exit status, the uninstall operation will fail.
382
383    The following replacements are performed:
384
385      %z	Name of zone
386      %R	Zonepath of zone
387      Additional arguments, if any, are appended.
388
389    It has no attributes.
390-->
391<!ELEMENT preuninstall	(#PCDATA) >
392<!ATTLIST preuninstall>
393
394<!--
395  uninstall
396    Identifies the hook to invoke when uninstalling a zone.  The zone will
397    be in the "incomplete" state when this hook is run.
398
399    If this hook exits with a non-zero exit status, the uninstall operation
400    will fail and the zone will be left in the "incomplete" state, otherwise
401    the state will be changed to "configured".
402
403    The following replacements are performed:
404
405      %z	Name of zone
406      %R	Zonepath of zone
407      Additional arguments, if any, are appended.
408
409    If no hook is provided, the internal zoneadm uninstall code will be used.
410-->
411<!ELEMENT uninstall	(#PCDATA) >
412<!ATTLIST uninstall>
413
414<!--
415  presnap
416    Identifies the hook to invoke before snapshotting a zone using the
417    built-in ZFS clone support.
418
419    If this hook exits with a non-zero exit status, the snapshot operation
420    will fail and the zfs clone operation will fail.
421
422    The following replacements are performed:
423
424      %z	Name of zone
425      %R	Zonepath of zone
426-->
427<!ELEMENT presnap	(#PCDATA) >
428<!ATTLIST presnap>
429
430<!--
431  postsnap
432    Identifies the hook to invoke after snapshotting a zone using the
433    built-in ZFS clone support.
434
435    If this hook exits with a non-zero exit status, the zfs clone operation
436    will fail.
437
438    The following replacements are performed:
439
440      %z	Name of zone
441      %R	Zonepath of zone
442-->
443<!ELEMENT postsnap	(#PCDATA) >
444<!ATTLIST postsnap>
445
446<!--
447  validatesnap
448    Identifies the hook to invoke to validate a snapshot of a zone using the
449    built-in ZFS clone support.  This will validate a snapshot that was
450    explicitly specified to the clone command when the user wants to
451    re-use a snapshot from an earlier clone operation.
452
453    If this hook exits with a non-zero exit status, the snapshot validation
454    operation will fail, meaning the zfs snapshot cannot be used to install
455    the zone.
456
457    The following replacements are performed:
458
459      %z	Name of zone
460      %R	Zonepath of zone
461      1st arg   snapshot name
462      2nd arg   snapshot path
463-->
464<!ELEMENT validatesnap	(#PCDATA) >
465<!ATTLIST validatesnap>
466
467<!--
468  privilege
469
470    Add a privilege to the default, prohibited, or required set for all
471    zones of this brand with ip-type matched.  If a privilege is added
472    to the default set all zones of this brand with ip-type matched on
473    the system will inherit this privilege unless the privilege is
474    removed via limitpriv in zonecfg(1m).  If a privilege is added to
475    the prohibited set it can not be added to any zones with ip-type
476    matched via limitpriv in zonecfg(1m).  If a privilege is added to
477    the required set then all zones of this brand with ip-type matched
478    on the system will inherit this privilege and it can't be removed via
479    limitpriv in zonecfg(1m).
480
481    Its attributes are
482      set	The name of the set the privilege should go into.
483      name	The name of the privilege.
484      ip-type	Optional, indicates that adding of the privilege to the
485		set only applies to certain IP types. Can be "shared" or
486		"exclusive". If it is not specified, the default value
487		"all" will be used, which means it is applicable regardless
488		the IP type.
489
490-->
491<!ELEMENT privilege	(#PCDATA) >
492<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
493			name	CDATA #REQUIRED
494			ip-type ( shared | exclusive ) "all" >
495
496<!--
497  brand
498
499    The toplevel container for a brand configuration.
500
501    Its attributes are
502
503      name	The name of the brand.  This must match the name of the
504		directory in which the configuration file is stored.
505-->
506
507<!ELEMENT brand		(modname?, initname, login_cmd, user_cmd, install,
508			installopts?, boot?, halt?, verify_cfg?, verify_adm?,
509			postattach?, postclone?, postinstall?, predetach?,
510			attach?, detach?, clone?,
511			presnap?, postsnap?, validatesnap?,
512			preuninstall?, uninstall?, privilege+)>
513
514<!ATTLIST brand		name		CDATA #REQUIRED>
515