xref: /illumos-gate/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision b1e2e3fb17324e9ddf43db264a0c64da7756d9e6)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
24 Copyright (c) 2011, Joyent, Inc. All rights reserved.
25
26 DO NOT EDIT THIS FILE.
27
28 Copyright 2014 Nexenta Systems, Inc. All rights reserved.
29-->
30
31<!--
32  verify_cfg
33
34    Identifies the program to be invoked by zonecfg to verify that the
35    zone's configuration is legal, and that all the configured devices,
36    attributes, etc. are legal for this brand.
37
38    The program is called with a single argument: the path to a file
39    containing a temporary config.xml file the zone.  It should return 0
40    on success and non-0 on failure.  Any detailed error messages should be
41    displayed to stderr.
42
43    It has no attributes.
44
45-->
46<!ELEMENT verify_cfg	(#PCDATA) >
47<!ATTLIST verify_cfg>
48<!--
49  verify_adm
50
51    Identifies the program invoked by zoneadm to perform brand-specific
52    checks as to the viability of a zone on this specific machine.
53
54    The following replacements are performed:
55
56      %z	Name of zone
57      %R	Zonepath of zone
58      Additional arguments, if any, are appended.
59
60    The program should return 0 on success and non-0 on failure.  Any
61    detailed error messages should be displayed to stderr.
62
63    It has no attributes.
64
65-->
66<!ELEMENT verify_adm	(#PCDATA) >
67<!ATTLIST verify_adm>
68
69<!--
70  install
71
72    Identifies the program to invoke when installing a zone.  The following
73    replacements are performed:
74
75      %z	Name of zone
76      %R	Zonepath of zone
77      Additional arguments, if any, are appended.
78
79    It has no attributes.
80-->
81<!ELEMENT install	(#PCDATA) >
82<!ATTLIST install>
83
84<!--
85  installopts
86
87    Identifies the command-line options supported by the brand's
88    installation program, allowing zoneadm to parse the install line
89    properly.
90
91    It has no attributes.
92-->
93<!ELEMENT installopts	(#PCDATA) >
94<!ATTLIST installopts>
95
96<!--
97  boot
98
99    This is a program which gets run by zoneadmd when a zone is booted.
100    The program will be invoked as the last step in the zone booting
101    process before the the first process is spawned inside the zone.
102
103    If this programs succeeds it should not generate any output.
104    If this program returns an error, any output generated by the
105    program will be sent to the zoneadmd message log.
106
107    The following replacements are performed:
108
109      %z	Name of zone
110      %R	Zonepath of zone
111      Additional arguments, if any, are appended.
112
113    It has no attributes.
114-->
115<!ELEMENT boot	(#PCDATA) >
116<!ATTLIST boot>
117
118<!--
119  sysboot
120
121    This is a program that will be run by zoneadm during system boot for an
122    installed zone that won't automatically boot.
123
124    If the program succeeds, then it should not generate output.
125    If the program returns an error, then the output it generates will be
126    sent to the zones SMF service's message log.
127
128    The following replacements are performed:
129
130      %z	Name of the target zone
131      %R	Zonepath of the target zone
132      Additional arguments, if any, are appended.
133
134    This element has no attributes.
135-->
136<!ELEMENT sysboot	(#PCDATA) >
137<!ATTLIST sysboot>
138
139<!--
140  halt
141
142    This is a program which gets run by zoneadmd when a zone is being
143    halted.  This callback is provided to allow a brand to cleanup any
144    special configuration that was setup during boot.
145
146    This program will also be invoked by zoneadmd if any part of the zone
147    booting process fail, even if the booting process failed before the
148    brand boot program was invoked.  It is also possible that if the zone
149    fails to halt after invoking this program, future attempts to halt the
150    zone will invoke this program again.  So this program should be
151    designed to clean up any resources allocated to a zone but it should
152    also be able to gracefully handle the case where resources that it
153    expects to release are not actually allocated (or have been already
154    released.)
155
156    If this programs succeeds it should not generate any output.  If this
157    program returns an error, any output generated by the program will be
158    sent to the zoneadmd message log.
159
160    The following replacements are performed:
161
162      %z	Name of zone
163      %R	Zonepath of zone
164      Additional arguments, if any, are appended.
165
166    It has no attributes.
167-->
168<!ELEMENT halt	(#PCDATA) >
169<!ATTLIST halt>
170
171<!--
172  shutdown
173
174    This is a program which gets run by zoneadmd when a zone is being
175    shutdown gracefully. Currently only asynchronous mode is supported.
176
177    If this program succeeds it should not generate any output. If this
178    program returns an error, any output generated by the program will be
179    sent to the zoneadmd message log.
180
181    The following replacements are performed:
182
183      %z	Name of zone
184      %R	Zonepath of zone
185      Additional arguments, if any, are appended.
186
187    It has no attributes.
188-->
189<!ELEMENT shutdown	(#PCDATA) >
190<!ATTLIST shutdown>
191
192<!--
193  modname
194
195    Path to the kernel module that implements the kernel-level
196    functionality of the brand.
197
198    It has no attributes.
199-->
200<!ELEMENT modname	(#PCDATA) >
201<!ATTLIST modname>
202
203<!--
204  initname
205
206    Path to the initial executable that should be launched when booting a
207    branded zone.
208
209    It has no attributes.
210-->
211<!ELEMENT initname	(#PCDATA) >
212<!ATTLIST initname>
213
214<!--
215  restartinit
216
217    Boolean indicating that the program specified by the initname attr
218    should be restarted, or not, if it exits.  By default, the init program
219    will be restarted if this attribute is not provided.  Specifying false
220    for this attr will prevent that.
221
222    It has no attributes.
223-->
224<!ELEMENT restartinit	(#PCDATA) >
225<!ATTLIST restartinit>
226
227<!--
228  login_cmd
229
230    Path to the initial login binary that should be executed when
231    attempting to zlogin into a branded zone.
232
233    The following replacements are performed:
234
235      %Z	Name of the current zone
236      %u	User login name
237
238    It has no attributes.
239-->
240<!ELEMENT login_cmd	(#PCDATA) >
241<!ATTLIST login_cmd>
242
243<!--
244  forcedlogin_cmd
245
246    Path to the initial login binary that should be executed when
247    attempting to zlogin into a branded zone without authentication.
248
249    The following replacements are performed:
250
251      %Z	Name of the current zone
252      %u	User login name
253
254    It has no attributes.
255-->
256<!ELEMENT forcedlogin_cmd	(#PCDATA) >
257<!ATTLIST forcedlogin_cmd>
258
259<!--
260  user_cmd
261
262    Path to the binary that will translate a user name to a passwd(4) entry.
263
264    The following replacements are performed:
265
266      %u        User login name
267
268    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
269    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
270-->
271<!ELEMENT user_cmd   (#PCDATA) >
272<!ATTLIST user_cmd>
273
274<!--
275  attach
276
277    Path to a hook that will perform any necessary processing on
278    a zone to allow it to be attached.  The zone will be in the "configured"
279    state when this hook is run.  This hook is never called when the zone
280    is "force attached" (-F).
281
282    If this hook exits with a non-zero exit status, the attach operation
283    will fail.
284
285    The following replacements are performed:
286
287      %z	Name of zone
288      %R	Zonepath of zone
289      Additional arguments, if any, are appended.
290
291    If no hook is provided, the internal zoneadm attach code will be used.
292
293    It has no attributes.
294-->
295<!ELEMENT attach	(#PCDATA) >
296<!ATTLIST attach>
297
298<!--
299  postattach
300
301    Path to a hook that will perform any necessary post-processing on
302    a zone after it has been attached.  The zone will be in the "installed"
303    state when this hook is run.  This hook is never called when the zone
304    is "force attached" (-F).
305
306    If this hook exits with a non-zero exit status, the attach operation
307    will fail and the zone state will be reset to "configured".
308
309    The following replacements are performed:
310
311      %z	Name of zone
312      %R	Zonepath of zone
313      Additional arguments, if any, are appended.
314
315    It has no attributes.
316-->
317<!ELEMENT postattach	(#PCDATA) >
318<!ATTLIST postattach>
319
320<!--
321  postclone
322
323    Path to a hook that will perform any necessary post-processing on
324    a zone after it has been cloned.  The zone will be in the "incomplete"
325    state when this hook is run.
326
327    If this hook exits with a non-zero exit status, the clone operation
328    will fail and the zone will be left in the "incomplete" state,
329    otherwise the state will be changed to the "installed" state.
330
331    The following replacements are performed:
332
333      %z	Name of zone
334      %R	Zonepath of zone
335      Additional arguments, if any, are appended.
336
337    It has no attributes.
338-->
339<!ELEMENT postclone	(#PCDATA) >
340<!ATTLIST postclone>
341
342<!--
343  postinstall
344
345    Path to a script that will perform any necessary post-processing on
346    a zone after it has been freshly installed.  This hook will run after the
347    install hook completes and the zone is in the installed state.  The
348    additional arguments are the same as what is passed to the install hook.
349
350    The following replacements are performed:
351
352      %z	Name of zone
353      %R	Zonepath of zone
354      Additional arguments, if any, are appended.
355
356    It has no attributes.
357-->
358<!ELEMENT postinstall	(#PCDATA) >
359<!ATTLIST postinstall>
360
361<!--
362  predetach
363
364    Path to a hook that will perform any necessary pre-processing on
365    a zone before it is detached.  The zone will be in the "installed"
366    state when this hook is run.
367
368    It is possible that if the zone fails to detach after invoking this
369    hook, future attempts to detach the zone will invoke this hook again.
370    So this hook should be designed to gracefully handle the case where
371    it is run multiple times on the same zone.  If this hook exits with
372    a non-zero exit status, the detach operation will fail.
373
374    This hook is most commonly used when there is pre-processing for detaching
375    a zone but the built-in detach support will be used for the actual
376    detach.  Otherwise, if a detach hook is provided, then it can be used
377    to do both preprocessing as well as the actual detach.
378
379    The following replacements are performed:
380
381      %z	Name of zone
382      %R	Zonepath of zone
383      Additional arguments, if any, are appended.
384
385    It has no attributes.
386-->
387<!ELEMENT predetach	(#PCDATA) >
388<!ATTLIST predetach>
389
390<!--
391  detach
392
393    Path to a hook that will perform any necessary processing on
394    a zone to allow it to be detached.  The zone will be in the "installed"
395    state when this hook is run.
396
397    It is possible that if the zone fails to detach while running this
398    hook, future attempts to detach the zone will invoke this hook again.
399    So this hook should be designed to gracefully handle the case where
400    it is run multiple times on the same zone.  If this hook exits with
401    a non-zero exit status, the detach operation will fail and the zone will
402    be left in the "installed" state, otherwise the state will be changed
403    to "configured".
404
405    The following replacements are performed:
406
407      %z	Name of zone
408      %R	Zonepath of zone
409      Additional arguments, if any, are appended.
410
411    If no hook is provided, the internal zoneadm detach code will be used.
412
413    It has no attributes.
414-->
415<!ELEMENT detach	(#PCDATA) >
416<!ATTLIST detach>
417
418<!--
419  clone
420    Path to a hook that will perform any necessary processing on a zone to
421    allow it to be installed via cloning.  Cloning is an alternative to
422    installing so this hook should result in the same effect for the zone.
423    The zone will be in the "incomplete" state when this hook is run.
424
425    If this hook exits with a non-zero exit status, the clone operation
426    will fail and the zone will be left in the "incomplete" state, otherwise
427    the state will be changed to "installed".
428
429    The following replacements are performed:
430
431      %z	Name of zone
432      %R	Zonepath of zone
433      1st arg   name of source zone
434      Additional arguments, if any, are appended.
435
436    If no hook is provided, the internal zoneadm cloning code will be used.
437-->
438<!ELEMENT clone	(#PCDATA) >
439<!ATTLIST clone>
440
441<!--
442  preuninstall
443
444    Path to a script that will perform any necessary pre-processing on
445    a zone before it is uninstalled.  The zone will be in the "installed"
446    state when this hook is run.
447
448    It is possible that if the zone fails to uninstall after invoking this
449    hook, future attempts to uninstall the zone will invoke this hook
450    again.  So this hook should be designed to gracefully handle the case
451    where it is run multiple times on the same zone.  If this hook exits
452    with a non-zero exit status, the uninstall operation will fail.
453
454    The following replacements are performed:
455
456      %z	Name of zone
457      %R	Zonepath of zone
458      Additional arguments, if any, are appended.
459
460    It has no attributes.
461-->
462<!ELEMENT preuninstall	(#PCDATA) >
463<!ATTLIST preuninstall>
464
465<!--
466  uninstall
467    Identifies the hook to invoke when uninstalling a zone.  The zone will
468    be in the "incomplete" state when this hook is run.
469
470    If this hook exits with a non-zero exit status, the uninstall operation
471    will fail and the zone will be left in the "incomplete" state, otherwise
472    the state will be changed to "configured".
473
474    The following replacements are performed:
475
476      %z	Name of zone
477      %R	Zonepath of zone
478      Additional arguments, if any, are appended.
479
480    If no hook is provided, the internal zoneadm uninstall code will be used.
481-->
482<!ELEMENT uninstall	(#PCDATA) >
483<!ATTLIST uninstall>
484
485<!--
486  presnap
487    Identifies the hook to invoke before snapshotting a zone using the
488    built-in ZFS clone support.
489
490    If this hook exits with a non-zero exit status, the snapshot operation
491    will fail and the zfs clone operation will fail.
492
493    The following replacements are performed:
494
495      %z	Name of zone
496      %R	Zonepath of zone
497-->
498<!ELEMENT presnap	(#PCDATA) >
499<!ATTLIST presnap>
500
501<!--
502  postsnap
503    Identifies the hook to invoke after snapshotting a zone using the
504    built-in ZFS clone support.
505
506    If this hook exits with a non-zero exit status, the zfs clone operation
507    will fail.
508
509    The following replacements are performed:
510
511      %z	Name of zone
512      %R	Zonepath of zone
513-->
514<!ELEMENT postsnap	(#PCDATA) >
515<!ATTLIST postsnap>
516
517<!--
518  validatesnap
519    Identifies the hook to invoke to validate a snapshot of a zone using the
520    built-in ZFS clone support.  This will validate a snapshot that was
521    explicitly specified to the clone command when the user wants to
522    re-use a snapshot from an earlier clone operation.
523
524    If this hook exits with a non-zero exit status, the snapshot validation
525    operation will fail, meaning the zfs snapshot cannot be used to install
526    the zone.
527
528    The following replacements are performed:
529
530      %z	Name of zone
531      %R	Zonepath of zone
532      1st arg   snapshot name
533      2nd arg   snapshot path
534-->
535<!ELEMENT validatesnap	(#PCDATA) >
536<!ATTLIST validatesnap>
537
538<!--
539  prestatechange
540    Identifies the hook to invoke before zoneadmd makes a state change.
541    If this hook exits with a non-zero exit status, the action failed
542    and no further state change activity will take place.
543
544    The following replacements are performed:
545
546      %z	Name of zone
547      %R	Zonepath of zone
548      1st arg   integer representing current state of zone
549			2 - installed
550			3 - ready
551			4 - running
552			5 - shutting down
553			6 - down
554			7 - mounted
555      2nd arg   integer representing transition command
556			0 - ready
557			1 - boot
558			4 - halt
559      3rd arg   Alternate root (zonepath is mounted under this root)
560			empty string if zone not mounted under alternate root
561-->
562<!ELEMENT prestatechange	(#PCDATA) >
563<!ATTLIST prestatechange>
564
565<!--
566  poststatechange
567    Identifies the hook to invoke after zoneadmd makes a successful state
568    change.  If this hook exits with a non-zero exit status, the action failed
569    and zoneadmd treats the overall state change as failed, although
570    all of the actions up to running the hook will have taken place.
571
572    The following replacements are performed:
573
574      %z	Name of zone
575      %R	Zonepath of zone
576    See prestatechange comment for 1st, 2nd and 3rd argument values.
577-->
578<!ELEMENT poststatechange	(#PCDATA) >
579<!ATTLIST poststatechange>
580
581<!--
582  query
583    Identifies a hook which can be called to get brand-specific information
584    about the zone.  There is no specific place in zones where this is called,
585    calls within the zone infrastructure can be added as needed.
586
587    One example of the use of this hook is to query the implicit ZFS datasets
588    supported by the brand.
589
590    If this hook exits with a non-zero exit status, the query failed,
591    although in general, this hook shouldn't return non-zero.
592
593    The following replacements are performed:
594
595      %z	Name of zone
596      %R	Zonepath of zone
597      1st arg   Arbitrary string which the hook can use to determine what
598		data to return.  Brands implementing this hook should be
599		tolerant of arguments they don't support and simply do
600		nothing.
601-->
602<!ELEMENT query	(#PCDATA) >
603<!ATTLIST query>
604
605<!--
606  privilege
607
608    Add a privilege to the default, prohibited, or required set for all
609    zones of this brand with ip-type matched.  If a privilege is added
610    to the default set all zones of this brand with ip-type matched on
611    the system will inherit this privilege unless the privilege is
612    removed via limitpriv in zonecfg(1m).  If a privilege is added to
613    the prohibited set it can not be added to any zones with ip-type
614    matched via limitpriv in zonecfg(1m).  If a privilege is added to
615    the required set then all zones of this brand with ip-type matched
616    on the system will inherit this privilege and it can't be removed via
617    limitpriv in zonecfg(1m).
618
619    Its attributes are
620      set	The name of the set the privilege should go into.
621      name	The name of the privilege.
622      ip-type	Optional, indicates that adding of the privilege to the
623		set only applies to certain IP types. Can be "shared" or
624		"exclusive". If it is not specified, the default value
625		"all" will be used, which means it is applicable regardless
626		the IP type.
627
628-->
629<!ELEMENT privilege	(#PCDATA) >
630<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
631			name	CDATA #REQUIRED
632			ip-type ( shared | exclusive ) "all" >
633
634<!--
635  brand
636
637    The toplevel container for a brand configuration.
638
639    Its attributes are
640
641      name	The name of the brand.  This must match the name of the
642		directory in which the configuration file is stored.
643-->
644
645<!ELEMENT brand		(modname?, initname, restartinit?, login_cmd,
646			forcedlogin_cmd, user_cmd, install,
647			installopts?, boot?, sysboot?, halt?, shutdown?,
648			verify_cfg?, verify_adm?, postattach?, postclone?,
649			postinstall?, predetach?, attach?, detach?, clone?,
650			presnap?, postsnap?, validatesnap?,
651			preuninstall?, uninstall?,
652			prestatechange?, poststatechange?, query?,
653			privilege+)>
654
655<!ATTLIST brand		name		CDATA #REQUIRED>
656