xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 3d393ee6c37fa10ac512ed6d36109ad616dc7c1a)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24 Use is subject to license terms.
25
26 DO NOT EDIT THIS FILE.
27-->
28
29<!--
30  verify_cfg
31
32    Identifies the program to be invoked by zonecfg to verify that the
33    zone's configuration is legal, and that all the configured devices,
34    attributes, etc. are legal for this brand.
35
36    The program is called with a single argument: the path to a file
37    containing a temporary config.xml file the zone.  It should return 0
38    on success and non-0 on failure.  Any detailed error messages should be
39    displayed to stderr.
40
41    It has no attributes.
42
43-->
44<!ELEMENT verify_cfg	(#PCDATA) >
45<!ATTLIST verify_cfg>
46<!--
47  verify_adm
48
49    Identifies the program invoked by zoneadm to perform brand-specific
50    checks as to the viability of a zone on this specific machine.
51
52    The following replacements are performed:
53
54      %z	Name of zone
55      %R	Zonepath of zone
56      Additional arguments, if any, are appended.
57
58    The program should return 0 on success and non-0 on failure.  Any
59    detailed error messages should be displayed to stderr.
60
61    It has no attributes.
62
63-->
64<!ELEMENT verify_adm	(#PCDATA) >
65<!ATTLIST verify_adm>
66
67<!--
68  install
69
70    Identifies the program to invoke when installing a zone.  The following
71    replacements are performed:
72
73      %z	Name of zone
74      %R	Zonepath of zone
75      Additional arguments, if any, are appended.
76
77    It has no attributes.
78-->
79<!ELEMENT install	(#PCDATA) >
80<!ATTLIST install>
81
82<!--
83  installopts
84
85    Identifies the command-line options supported by the brand's
86    installation program, allowing zoneadm to parse the install line
87    properly.
88
89    It has no attributes.
90-->
91<!ELEMENT installopts	(#PCDATA) >
92<!ATTLIST installopts>
93
94<!--
95  boot
96
97    This is a program which gets run by zoneadmd when a zone is booted.
98    The program will be invoked as the last step in the zone booting
99    process before the the first process is spawned inside the zone.
100
101    If this programs succeeds it should not generate any output.
102    If this program returns an error, any output generated by the
103    program will be sent to the zoneadmd message log.
104
105    The following replacements are performed:
106
107      %z	Name of zone
108      %R	Zonepath of zone
109      Additional arguments, if any, are appended.
110
111    It has no attributes.
112-->
113<!ELEMENT boot	(#PCDATA) >
114<!ATTLIST boot>
115
116<!--
117  halt
118
119    This is a program which gets run by zoneadmd when a zone is being
120    halted.  This callback is provided to allow a brand to cleanup any
121    special configuration that was setup during boot.
122
123    This program will also be invoked by zoneadmd if any part of the zone
124    booting process fail, even if the booting process failed before the
125    brand boot program was invoked.  It is also possible that if the zone
126    fails to halt after invoking this program, future attempts to halt the
127    zone will invoke this program again.  So this program should be
128    designed to clean up any resources allocated to a zone but it should
129    also be able to gracefully handle the case where resources that it
130    expects to release are not actually allocated (or have been already
131    released.)
132
133    If this programs succeeds it should not generate any output.  If this
134    program returns an error, any output generated by the program will be
135    sent to the zoneadmd message log.
136
137    The following replacements are performed:
138
139      %z	Name of zone
140      %R	Zonepath of zone
141      Additional arguments, if any, are appended.
142
143    It has no attributes.
144-->
145<!ELEMENT halt	(#PCDATA) >
146<!ATTLIST halt>
147
148<!--
149  modname
150
151    Path to the kernel module that implements the kernel-level
152    functionality of the brand.
153
154    It has no attributes.
155-->
156<!ELEMENT modname	(#PCDATA) >
157<!ATTLIST modname>
158
159<!--
160  initname
161
162    Path to the initial executable that should be launched when booting a
163    branded zone.
164
165    It has no attributes.
166-->
167<!ELEMENT initname	(#PCDATA) >
168<!ATTLIST initname>
169
170<!--
171  login_cmd
172
173    Path to the initial login binary that should be executed when
174    attempting to zlogin into a branded zone.
175
176    The following replacements are performed:
177
178      %Z	Name of the current zone
179      %u	User login name
180
181    It has no attributes.
182-->
183<!ELEMENT login_cmd	(#PCDATA) >
184<!ATTLIST login_cmd>
185
186<!--
187  user_cmd
188
189    Path to the binary that will translate a user name to a passwd(4) entry.
190
191    The following replacements are performed:
192
193      %u        User login name
194
195    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
196    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
197-->
198<!ELEMENT user_cmd   (#PCDATA) >
199<!ATTLIST user_cmd>
200
201<!--
202  attach
203
204    Path to a hook that will perform any necessary processing on
205    a zone to allow it to be attached.  The zone will be in the "configured"
206    state when this hook is run.  This hook is never called when the zone
207    is "force attached" (-F).
208
209    If this hook exits with a non-zero exit status, the attach operation
210    will fail.
211
212    The following replacements are performed:
213
214      %z	Name of zone
215      %R	Zonepath of zone
216      Additional arguments, if any, are appended.
217
218    If no hook is provided, the internal zoneadm attach code will be used.
219
220    It has no attributes.
221-->
222<!ELEMENT attach	(#PCDATA) >
223<!ATTLIST attach>
224
225<!--
226  postattach
227
228    Path to a hook that will perform any necessary post-processing on
229    a zone after it has been attached.  The zone will be in the "installed"
230    state when this hook is run.  This hook is never called when the zone
231    is "force attached" (-F).
232
233    If this hook exits with a non-zero exit status, the attach operation
234    will fail and the zone state will be reset to "configured".
235
236    The following replacements are performed:
237
238      %z	Name of zone
239      %R	Zonepath of zone
240      Additional arguments, if any, are appended.
241
242    It has no attributes.
243-->
244<!ELEMENT postattach	(#PCDATA) >
245<!ATTLIST postattach>
246
247<!--
248  postclone
249
250    Path to a hook that will perform any necessary post-processing on
251    a zone after it has been cloned.  The zone will be in the "incomplete"
252    state when this hook is run.
253
254    If this hook exits with a non-zero exit status, the clone operation
255    will fail and the zone will be left in the "incomplete" state,
256    otherwise the state will be changed to the "installed" state.
257
258    The following replacements are performed:
259
260      %z	Name of zone
261      %R	Zonepath of zone
262      Additional arguments, if any, are appended.
263
264    It has no attributes.
265-->
266<!ELEMENT postclone	(#PCDATA) >
267<!ATTLIST postclone>
268
269<!--
270  postinstall
271
272    Path to a script that will perform any necessary post-processing on
273    a zone after it has been freshly installed.  This hook will run after the
274    install hook completes and the zone is in the installed state.  The
275    additional arguments are the same as what is passed to the install hook.
276
277    The following replacements are performed:
278
279      %z	Name of zone
280      %R	Zonepath of zone
281      Additional arguments, if any, are appended.
282
283    It has no attributes.
284-->
285<!ELEMENT postinstall	(#PCDATA) >
286<!ATTLIST postinstall>
287
288<!--
289  predetach
290
291    Path to a hook that will perform any necessary pre-processing on
292    a zone before it is detached.  The zone will be in the "installed"
293    state when this hook is run.
294
295    It is possible that if the zone fails to detach after invoking this
296    hook, future attempts to detach the zone will invoke this hook again.
297    So this hook should be designed to gracefully handle the case where
298    it is run multiple times on the same zone.  If this hook exits with
299    a non-zero exit status, the detach operation will fail.
300
301    This hook is most commonly used when there is pre-processing for detaching
302    a zone but the built-in detach support will be used for the actual
303    detach.  Otherwise, if a detach hook is provided, then it can be used
304    to do both preprocessing as well as the actual detach.
305
306    The following replacements are performed:
307
308      %z	Name of zone
309      %R	Zonepath of zone
310      Additional arguments, if any, are appended.
311
312    It has no attributes.
313-->
314<!ELEMENT predetach	(#PCDATA) >
315<!ATTLIST predetach>
316
317<!--
318  detach
319
320    Path to a hook that will perform any necessary processing on
321    a zone to allow it to be detached.  The zone will be in the "installed"
322    state when this hook is run.
323
324    It is possible that if the zone fails to detach while running this
325    hook, future attempts to detach the zone will invoke this hook again.
326    So this hook should be designed to gracefully handle the case where
327    it is run multiple times on the same zone.  If this hook exits with
328    a non-zero exit status, the detach operation will fail and the zone will
329    be left in the "installed" state, otherwise the state will be changed
330    to "configured".
331
332    The following replacements are performed:
333
334      %z	Name of zone
335      %R	Zonepath of zone
336      Additional arguments, if any, are appended.
337
338    If no hook is provided, the internal zoneadm detach code will be used.
339
340    It has no attributes.
341-->
342<!ELEMENT detach	(#PCDATA) >
343<!ATTLIST detach>
344
345<!--
346  clone
347    Path to a hook that will perform any necessary processing on a zone to
348    allow it to be installed via cloning.  Cloning is an alternative to
349    installing so this hook should result in the same effect for the zone.
350    The zone will be in the "incomplete" state when this hook is run.
351
352    If this hook exits with a non-zero exit status, the clone operation
353    will fail and the zone will be left in the "incomplete" state, otherwise
354    the state will be changed to "installed".
355
356    The following replacements are performed:
357
358      %z	Name of zone
359      %R	Zonepath of zone
360      1st arg   name of source zone
361      Additional arguments, if any, are appended.
362
363    If no hook is provided, the internal zoneadm cloning code will be used.
364-->
365<!ELEMENT clone	(#PCDATA) >
366<!ATTLIST clone>
367
368<!--
369  preuninstall
370
371    Path to a script that will perform any necessary pre-processing on
372    a zone before it is uninstalled.  The zone will be in the "installed"
373    state when this hook is run.
374
375    It is possible that if the zone fails to uninstall after invoking this
376    hook, future attempts to uninstall the zone will invoke this hook
377    again.  So this hook should be designed to gracefully handle the case
378    where it is run multiple times on the same zone.  If this hook exits
379    with a non-zero exit status, the uninstall operation will fail.
380
381    The following replacements are performed:
382
383      %z	Name of zone
384      %R	Zonepath of zone
385      Additional arguments, if any, are appended.
386
387    It has no attributes.
388-->
389<!ELEMENT preuninstall	(#PCDATA) >
390<!ATTLIST preuninstall>
391
392<!--
393  uninstall
394    Identifies the hook to invoke when uninstalling a zone.  The zone will
395    be in the "incomplete" state when this hook is run.
396
397    If this hook exits with a non-zero exit status, the uninstall operation
398    will fail and the zone will be left in the "incomplete" state, otherwise
399    the state will be changed to "configured".
400
401    The following replacements are performed:
402
403      %z	Name of zone
404      %R	Zonepath of zone
405      Additional arguments, if any, are appended.
406
407    If no hook is provided, the internal zoneadm uninstall code will be used.
408-->
409<!ELEMENT uninstall	(#PCDATA) >
410<!ATTLIST uninstall>
411
412<!--
413  presnap
414    Identifies the hook to invoke before snapshotting a zone using the
415    built-in ZFS clone support.
416
417    If this hook exits with a non-zero exit status, the snapshot operation
418    will fail and the zfs clone operation will fail.
419
420    The following replacements are performed:
421
422      %z	Name of zone
423      %R	Zonepath of zone
424-->
425<!ELEMENT presnap	(#PCDATA) >
426<!ATTLIST presnap>
427
428<!--
429  postsnap
430    Identifies the hook to invoke after snapshotting a zone using the
431    built-in ZFS clone support.
432
433    If this hook exits with a non-zero exit status, the zfs clone operation
434    will fail.
435
436    The following replacements are performed:
437
438      %z	Name of zone
439      %R	Zonepath of zone
440-->
441<!ELEMENT postsnap	(#PCDATA) >
442<!ATTLIST postsnap>
443
444<!--
445  validatesnap
446    Identifies the hook to invoke to validate a snapshot of a zone using the
447    built-in ZFS clone support.  This will validate a snapshot that was
448    explicitly specified to the clone command when the user wants to
449    re-use a snapshot from an earlier clone operation.
450
451    If this hook exits with a non-zero exit status, the snapshot validation
452    operation will fail, meaning the zfs snapshot cannot be used to install
453    the zone.
454
455    The following replacements are performed:
456
457      %z	Name of zone
458      %R	Zonepath of zone
459      1st arg   snapshot name
460      2nd arg   snapshot path
461-->
462<!ELEMENT validatesnap	(#PCDATA) >
463<!ATTLIST validatesnap>
464
465<!--
466  prestatechange
467    Identifies the hook to invoke before zoneadmd makes a state change.
468    If this hook exits with a non-zero exit status, the action failed
469    and no further state change activity will take place.
470
471    The following replacements are performed:
472
473      %z	Name of zone
474      %R	Zonepath of zone
475      1st arg   integer representing current state of zone
476			2 - installed
477			3 - ready
478			4 - running
479			5 - shutting down
480			6 - down
481			7 - mounted
482      2nd arg   integer representing transition command
483			0 - ready
484			1 - boot
485			4 - halt
486-->
487<!ELEMENT prestatechange	(#PCDATA) >
488<!ATTLIST prestatechange>
489
490<!--
491  poststatechange
492    Identifies the hook to invoke after zoneadmd makes a successful state
493    change.  If this hook exits with a non-zero exit status, the action failed
494    and zoneadmd treats the overall state change as failed, although
495    all of the actions up to running the hook will have taken place.
496
497    The following replacements are performed:
498
499      %z	Name of zone
500      %R	Zonepath of zone
501    See prestatechange comment for 1st and 2nd argument values.
502-->
503<!ELEMENT poststatechange	(#PCDATA) >
504<!ATTLIST poststatechange>
505
506<!--
507  query
508    Identifies a hook which can be called to get brand-specific information
509    about the zone.  There is no specific place in zones where this is called,
510    calls within the zone infrastructure can be added as needed.
511
512    One example of the use of this hook is to query the implicit ZFS datasets
513    supported by the brand.
514
515    If this hook exits with a non-zero exit status, the query failed,
516    although in general, this hook shouldn't return non-zero.
517
518    The following replacements are performed:
519
520      %z	Name of zone
521      %R	Zonepath of zone
522      1st arg   Arbitrary string which the hook can use to determine what
523		data to return.  Brands implementing this hook should be
524		tolerant of arguments they don't support and simply do
525		nothing.
526-->
527<!ELEMENT query	(#PCDATA) >
528<!ATTLIST query>
529
530<!--
531  privilege
532
533    Add a privilege to the default, prohibited, or required set for all
534    zones of this brand with ip-type matched.  If a privilege is added
535    to the default set all zones of this brand with ip-type matched on
536    the system will inherit this privilege unless the privilege is
537    removed via limitpriv in zonecfg(1m).  If a privilege is added to
538    the prohibited set it can not be added to any zones with ip-type
539    matched via limitpriv in zonecfg(1m).  If a privilege is added to
540    the required set then all zones of this brand with ip-type matched
541    on the system will inherit this privilege and it can't be removed via
542    limitpriv in zonecfg(1m).
543
544    Its attributes are
545      set	The name of the set the privilege should go into.
546      name	The name of the privilege.
547      ip-type	Optional, indicates that adding of the privilege to the
548		set only applies to certain IP types. Can be "shared" or
549		"exclusive". If it is not specified, the default value
550		"all" will be used, which means it is applicable regardless
551		the IP type.
552
553-->
554<!ELEMENT privilege	(#PCDATA) >
555<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
556			name	CDATA #REQUIRED
557			ip-type ( shared | exclusive ) "all" >
558
559<!--
560  brand
561
562    The toplevel container for a brand configuration.
563
564    Its attributes are
565
566      name	The name of the brand.  This must match the name of the
567		directory in which the configuration file is stored.
568-->
569
570<!ELEMENT brand		(modname?, initname, login_cmd, user_cmd, install,
571			installopts?, boot?, halt?, verify_cfg?, verify_adm?,
572			postattach?, postclone?, postinstall?, predetach?,
573			attach?, detach?, clone?,
574			presnap?, postsnap?, validatesnap?,
575			preuninstall?, uninstall?,
576			prestatechange?, poststatechange?, query?,
577			privilege+)>
578
579<!ATTLIST brand		name		CDATA #REQUIRED>
580