xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 3e2c06821003697f97716f7c084864c5bf606aa3)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24 Use is subject to license terms.
25
26 DO NOT EDIT THIS FILE.
27-->
28
29<!--
30  verify_cfg
31
32    Identifies the program to be invoked by zonecfg to verify that the
33    zone's configuration is legal, and that all the configured devices,
34    attributes, etc. are legal for this brand.
35
36    The program is called with a single argument: the path to a file
37    containing a temporary config.xml file the zone.  It should return 0
38    on success and non-0 on failure.  Any detailed error messages should be
39    displayed to stderr.
40
41    It has no attributes.
42
43-->
44<!ELEMENT verify_cfg	(#PCDATA) >
45<!ATTLIST verify_cfg>
46<!--
47  verify_adm
48
49    Identifies the program invoked by zoneadm to perform brand-specific
50    checks as to the viability of a zone on this specific machine.
51
52    The following replacements are performed:
53
54      %z	Name of zone
55      %R	Zonepath of zone
56      Additional arguments, if any, are appended.
57
58    The program should return 0 on success and non-0 on failure.  Any
59    detailed error messages should be displayed to stderr.
60
61    It has no attributes.
62
63-->
64<!ELEMENT verify_adm	(#PCDATA) >
65<!ATTLIST verify_adm>
66
67<!--
68  install
69
70    Identifies the program to invoke when installing a zone.  The following
71    replacements are performed:
72
73      %z	Name of zone
74      %R	Zonepath of zone
75      Additional arguments, if any, are appended.
76
77    It has no attributes.
78-->
79<!ELEMENT install	(#PCDATA) >
80<!ATTLIST install>
81
82<!--
83  installopts
84
85    Identifies the command-line options supported by the brand's
86    installation program, allowing zoneadm to parse the install line
87    properly.
88
89    It has no attributes.
90-->
91<!ELEMENT installopts	(#PCDATA) >
92<!ATTLIST installopts>
93
94<!--
95  boot
96
97    This is a program which gets run by zoneadmd when a zone is booted.
98    The program will be invoked as the last step in the zone booting
99    process before the the first process is spawned inside the zone.
100
101    If this programs succeeds it should not generate any output.
102    If this program returns an error, any output generated by the
103    program will be sent to the zoneadmd message log.
104
105    The following replacements are performed:
106
107      %z	Name of zone
108      %R	Zonepath of zone
109      Additional arguments, if any, are appended.
110
111    It has no attributes.
112-->
113<!ELEMENT boot	(#PCDATA) >
114<!ATTLIST boot>
115
116<!--
117  sysboot
118
119    This is a program that will be run by zoneadm during system boot for an
120    installed zone that won't automatically boot.
121
122    If the program succeeds, then it should not generate output.
123    If the program returns an error, then the output it generates will be
124    sent to the zones SMF service's message log.
125
126    The following replacements are performed:
127
128      %z	Name of the target zone
129      %R	Zonepath of the target zone
130      Additional arguments, if any, are appended.
131
132    This element has no attributes.
133-->
134<!ELEMENT sysboot	(#PCDATA) >
135<!ATTLIST sysboot>
136
137<!--
138  halt
139
140    This is a program which gets run by zoneadmd when a zone is being
141    halted.  This callback is provided to allow a brand to cleanup any
142    special configuration that was setup during boot.
143
144    This program will also be invoked by zoneadmd if any part of the zone
145    booting process fail, even if the booting process failed before the
146    brand boot program was invoked.  It is also possible that if the zone
147    fails to halt after invoking this program, future attempts to halt the
148    zone will invoke this program again.  So this program should be
149    designed to clean up any resources allocated to a zone but it should
150    also be able to gracefully handle the case where resources that it
151    expects to release are not actually allocated (or have been already
152    released.)
153
154    If this programs succeeds it should not generate any output.  If this
155    program returns an error, any output generated by the program will be
156    sent to the zoneadmd message log.
157
158    The following replacements are performed:
159
160      %z	Name of zone
161      %R	Zonepath of zone
162      Additional arguments, if any, are appended.
163
164    It has no attributes.
165-->
166<!ELEMENT halt	(#PCDATA) >
167<!ATTLIST halt>
168
169<!--
170  modname
171
172    Path to the kernel module that implements the kernel-level
173    functionality of the brand.
174
175    It has no attributes.
176-->
177<!ELEMENT modname	(#PCDATA) >
178<!ATTLIST modname>
179
180<!--
181  initname
182
183    Path to the initial executable that should be launched when booting a
184    branded zone.
185
186    It has no attributes.
187-->
188<!ELEMENT initname	(#PCDATA) >
189<!ATTLIST initname>
190
191<!--
192  login_cmd
193
194    Path to the initial login binary that should be executed when
195    attempting to zlogin into a branded zone.
196
197    The following replacements are performed:
198
199      %Z	Name of the current zone
200      %u	User login name
201
202    It has no attributes.
203-->
204<!ELEMENT login_cmd	(#PCDATA) >
205<!ATTLIST login_cmd>
206
207<!--
208  user_cmd
209
210    Path to the binary that will translate a user name to a passwd(4) entry.
211
212    The following replacements are performed:
213
214      %u        User login name
215
216    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
217    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
218-->
219<!ELEMENT user_cmd   (#PCDATA) >
220<!ATTLIST user_cmd>
221
222<!--
223  attach
224
225    Path to a hook that will perform any necessary processing on
226    a zone to allow it to be attached.  The zone will be in the "configured"
227    state when this hook is run.  This hook is never called when the zone
228    is "force attached" (-F).
229
230    If this hook exits with a non-zero exit status, the attach operation
231    will fail.
232
233    The following replacements are performed:
234
235      %z	Name of zone
236      %R	Zonepath of zone
237      Additional arguments, if any, are appended.
238
239    If no hook is provided, the internal zoneadm attach code will be used.
240
241    It has no attributes.
242-->
243<!ELEMENT attach	(#PCDATA) >
244<!ATTLIST attach>
245
246<!--
247  postattach
248
249    Path to a hook that will perform any necessary post-processing on
250    a zone after it has been attached.  The zone will be in the "installed"
251    state when this hook is run.  This hook is never called when the zone
252    is "force attached" (-F).
253
254    If this hook exits with a non-zero exit status, the attach operation
255    will fail and the zone state will be reset to "configured".
256
257    The following replacements are performed:
258
259      %z	Name of zone
260      %R	Zonepath of zone
261      Additional arguments, if any, are appended.
262
263    It has no attributes.
264-->
265<!ELEMENT postattach	(#PCDATA) >
266<!ATTLIST postattach>
267
268<!--
269  postclone
270
271    Path to a hook that will perform any necessary post-processing on
272    a zone after it has been cloned.  The zone will be in the "incomplete"
273    state when this hook is run.
274
275    If this hook exits with a non-zero exit status, the clone operation
276    will fail and the zone will be left in the "incomplete" state,
277    otherwise the state will be changed to the "installed" state.
278
279    The following replacements are performed:
280
281      %z	Name of zone
282      %R	Zonepath of zone
283      Additional arguments, if any, are appended.
284
285    It has no attributes.
286-->
287<!ELEMENT postclone	(#PCDATA) >
288<!ATTLIST postclone>
289
290<!--
291  postinstall
292
293    Path to a script that will perform any necessary post-processing on
294    a zone after it has been freshly installed.  This hook will run after the
295    install hook completes and the zone is in the installed state.  The
296    additional arguments are the same as what is passed to the install hook.
297
298    The following replacements are performed:
299
300      %z	Name of zone
301      %R	Zonepath of zone
302      Additional arguments, if any, are appended.
303
304    It has no attributes.
305-->
306<!ELEMENT postinstall	(#PCDATA) >
307<!ATTLIST postinstall>
308
309<!--
310  predetach
311
312    Path to a hook that will perform any necessary pre-processing on
313    a zone before it is detached.  The zone will be in the "installed"
314    state when this hook is run.
315
316    It is possible that if the zone fails to detach after invoking this
317    hook, future attempts to detach the zone will invoke this hook again.
318    So this hook should be designed to gracefully handle the case where
319    it is run multiple times on the same zone.  If this hook exits with
320    a non-zero exit status, the detach operation will fail.
321
322    This hook is most commonly used when there is pre-processing for detaching
323    a zone but the built-in detach support will be used for the actual
324    detach.  Otherwise, if a detach hook is provided, then it can be used
325    to do both preprocessing as well as the actual detach.
326
327    The following replacements are performed:
328
329      %z	Name of zone
330      %R	Zonepath of zone
331      Additional arguments, if any, are appended.
332
333    It has no attributes.
334-->
335<!ELEMENT predetach	(#PCDATA) >
336<!ATTLIST predetach>
337
338<!--
339  detach
340
341    Path to a hook that will perform any necessary processing on
342    a zone to allow it to be detached.  The zone will be in the "installed"
343    state when this hook is run.
344
345    It is possible that if the zone fails to detach while running this
346    hook, future attempts to detach the zone will invoke this hook again.
347    So this hook should be designed to gracefully handle the case where
348    it is run multiple times on the same zone.  If this hook exits with
349    a non-zero exit status, the detach operation will fail and the zone will
350    be left in the "installed" state, otherwise the state will be changed
351    to "configured".
352
353    The following replacements are performed:
354
355      %z	Name of zone
356      %R	Zonepath of zone
357      Additional arguments, if any, are appended.
358
359    If no hook is provided, the internal zoneadm detach code will be used.
360
361    It has no attributes.
362-->
363<!ELEMENT detach	(#PCDATA) >
364<!ATTLIST detach>
365
366<!--
367  clone
368    Path to a hook that will perform any necessary processing on a zone to
369    allow it to be installed via cloning.  Cloning is an alternative to
370    installing so this hook should result in the same effect for the zone.
371    The zone will be in the "incomplete" state when this hook is run.
372
373    If this hook exits with a non-zero exit status, the clone operation
374    will fail and the zone will be left in the "incomplete" state, otherwise
375    the state will be changed to "installed".
376
377    The following replacements are performed:
378
379      %z	Name of zone
380      %R	Zonepath of zone
381      1st arg   name of source zone
382      Additional arguments, if any, are appended.
383
384    If no hook is provided, the internal zoneadm cloning code will be used.
385-->
386<!ELEMENT clone	(#PCDATA) >
387<!ATTLIST clone>
388
389<!--
390  preuninstall
391
392    Path to a script that will perform any necessary pre-processing on
393    a zone before it is uninstalled.  The zone will be in the "installed"
394    state when this hook is run.
395
396    It is possible that if the zone fails to uninstall after invoking this
397    hook, future attempts to uninstall the zone will invoke this hook
398    again.  So this hook should be designed to gracefully handle the case
399    where it is run multiple times on the same zone.  If this hook exits
400    with a non-zero exit status, the uninstall operation will fail.
401
402    The following replacements are performed:
403
404      %z	Name of zone
405      %R	Zonepath of zone
406      Additional arguments, if any, are appended.
407
408    It has no attributes.
409-->
410<!ELEMENT preuninstall	(#PCDATA) >
411<!ATTLIST preuninstall>
412
413<!--
414  uninstall
415    Identifies the hook to invoke when uninstalling a zone.  The zone will
416    be in the "incomplete" state when this hook is run.
417
418    If this hook exits with a non-zero exit status, the uninstall operation
419    will fail and the zone will be left in the "incomplete" state, otherwise
420    the state will be changed to "configured".
421
422    The following replacements are performed:
423
424      %z	Name of zone
425      %R	Zonepath of zone
426      Additional arguments, if any, are appended.
427
428    If no hook is provided, the internal zoneadm uninstall code will be used.
429-->
430<!ELEMENT uninstall	(#PCDATA) >
431<!ATTLIST uninstall>
432
433<!--
434  presnap
435    Identifies the hook to invoke before snapshotting a zone using the
436    built-in ZFS clone support.
437
438    If this hook exits with a non-zero exit status, the snapshot operation
439    will fail and the zfs clone operation will fail.
440
441    The following replacements are performed:
442
443      %z	Name of zone
444      %R	Zonepath of zone
445-->
446<!ELEMENT presnap	(#PCDATA) >
447<!ATTLIST presnap>
448
449<!--
450  postsnap
451    Identifies the hook to invoke after snapshotting a zone using the
452    built-in ZFS clone support.
453
454    If this hook exits with a non-zero exit status, the zfs clone operation
455    will fail.
456
457    The following replacements are performed:
458
459      %z	Name of zone
460      %R	Zonepath of zone
461-->
462<!ELEMENT postsnap	(#PCDATA) >
463<!ATTLIST postsnap>
464
465<!--
466  validatesnap
467    Identifies the hook to invoke to validate a snapshot of a zone using the
468    built-in ZFS clone support.  This will validate a snapshot that was
469    explicitly specified to the clone command when the user wants to
470    re-use a snapshot from an earlier clone operation.
471
472    If this hook exits with a non-zero exit status, the snapshot validation
473    operation will fail, meaning the zfs snapshot cannot be used to install
474    the zone.
475
476    The following replacements are performed:
477
478      %z	Name of zone
479      %R	Zonepath of zone
480      1st arg   snapshot name
481      2nd arg   snapshot path
482-->
483<!ELEMENT validatesnap	(#PCDATA) >
484<!ATTLIST validatesnap>
485
486<!--
487  prestatechange
488    Identifies the hook to invoke before zoneadmd makes a state change.
489    If this hook exits with a non-zero exit status, the action failed
490    and no further state change activity will take place.
491
492    The following replacements are performed:
493
494      %z	Name of zone
495      %R	Zonepath of zone
496      1st arg   integer representing current state of zone
497			2 - installed
498			3 - ready
499			4 - running
500			5 - shutting down
501			6 - down
502			7 - mounted
503      2nd arg   integer representing transition command
504			0 - ready
505			1 - boot
506			4 - halt
507-->
508<!ELEMENT prestatechange	(#PCDATA) >
509<!ATTLIST prestatechange>
510
511<!--
512  poststatechange
513    Identifies the hook to invoke after zoneadmd makes a successful state
514    change.  If this hook exits with a non-zero exit status, the action failed
515    and zoneadmd treats the overall state change as failed, although
516    all of the actions up to running the hook will have taken place.
517
518    The following replacements are performed:
519
520      %z	Name of zone
521      %R	Zonepath of zone
522    See prestatechange comment for 1st and 2nd argument values.
523-->
524<!ELEMENT poststatechange	(#PCDATA) >
525<!ATTLIST poststatechange>
526
527<!--
528  query
529    Identifies a hook which can be called to get brand-specific information
530    about the zone.  There is no specific place in zones where this is called,
531    calls within the zone infrastructure can be added as needed.
532
533    One example of the use of this hook is to query the implicit ZFS datasets
534    supported by the brand.
535
536    If this hook exits with a non-zero exit status, the query failed,
537    although in general, this hook shouldn't return non-zero.
538
539    The following replacements are performed:
540
541      %z	Name of zone
542      %R	Zonepath of zone
543      1st arg   Arbitrary string which the hook can use to determine what
544		data to return.  Brands implementing this hook should be
545		tolerant of arguments they don't support and simply do
546		nothing.
547-->
548<!ELEMENT query	(#PCDATA) >
549<!ATTLIST query>
550
551<!--
552  privilege
553
554    Add a privilege to the default, prohibited, or required set for all
555    zones of this brand with ip-type matched.  If a privilege is added
556    to the default set all zones of this brand with ip-type matched on
557    the system will inherit this privilege unless the privilege is
558    removed via limitpriv in zonecfg(1m).  If a privilege is added to
559    the prohibited set it can not be added to any zones with ip-type
560    matched via limitpriv in zonecfg(1m).  If a privilege is added to
561    the required set then all zones of this brand with ip-type matched
562    on the system will inherit this privilege and it can't be removed via
563    limitpriv in zonecfg(1m).
564
565    Its attributes are
566      set	The name of the set the privilege should go into.
567      name	The name of the privilege.
568      ip-type	Optional, indicates that adding of the privilege to the
569		set only applies to certain IP types. Can be "shared" or
570		"exclusive". If it is not specified, the default value
571		"all" will be used, which means it is applicable regardless
572		the IP type.
573
574-->
575<!ELEMENT privilege	(#PCDATA) >
576<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
577			name	CDATA #REQUIRED
578			ip-type ( shared | exclusive ) "all" >
579
580<!--
581  brand
582
583    The toplevel container for a brand configuration.
584
585    Its attributes are
586
587      name	The name of the brand.  This must match the name of the
588		directory in which the configuration file is stored.
589-->
590
591<!ELEMENT brand		(modname?, initname, login_cmd, user_cmd, install,
592			installopts?, boot?, sysboot?, halt?, verify_cfg?,
593			verify_adm?, postattach?, postclone?, postinstall?,
594			predetach?, attach?, detach?, clone?,
595			presnap?, postsnap?, validatesnap?,
596			preuninstall?, uninstall?,
597			prestatechange?, poststatechange?, query?,
598			privilege+)>
599
600<!ATTLIST brand		name		CDATA #REQUIRED>
601