1<?xml version='1.0' encoding='UTF-8' ?> 2 3<!-- 4 CDDL HEADER START 5 6 The contents of this file are subject to the terms of the 7 Common Development and Distribution License (the "License"). 8 You may not use this file except in compliance with the License. 9 10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11 or http://www.opensolaris.org/os/licensing. 12 See the License for the specific language governing permissions 13 and limitations under the License. 14 15 When distributing Covered Code, include this CDDL HEADER in each 16 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17 If applicable, add the following below this CDDL HEADER, with the 18 fields enclosed by brackets "[]" replaced with your own identifying 19 information: Portions Copyright [yyyy] [name of copyright owner] 20 21 CDDL HEADER END 22 23 Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 Use is subject to license terms. 25 26 ident "%Z%%M% %I% %E% SMI" 27 28 DO NOT EDIT THIS FILE. 29--> 30 31<!-- 32 verify_cfg 33 34 Identifies the program to be invoked by zonecfg to verify that the 35 zone's configuration is legal, and that all the configured devices, 36 attributes, etc. are legal for this brand. 37 38 The program is called with a single argument: the path to a file 39 containing a temporary config.xml file the zone. It should return 0 40 on success and non-0 on failure. Any detailed error messages should be 41 displayed to stderr. 42 43 It has no attributes. 44 45--> 46<!ELEMENT verify_cfg (#PCDATA) > 47<!ATTLIST verify_cfg> 48<!-- 49 verify_adm 50 51 Identifies the program invoked by zoneadm to perform brand-specific 52 checks as to the viability of a zone on this specific machine. 53 54 The following replacements are performed: 55 56 %z Name of zone 57 %R Zonepath of zone 58 Additional arguments, if any, are appended. 59 60 The program should return 0 on success and non-0 on failure. Any 61 detailed error messages should be displayed to stderr. 62 63 It has no attributes. 64 65--> 66<!ELEMENT verify_adm (#PCDATA) > 67<!ATTLIST verify_adm> 68 69<!-- 70 install 71 72 Identifies the program to invoke when installing a zone. The following 73 replacements are performed: 74 75 %z Name of zone 76 %R Zonepath of zone 77 Additional arguments, if any, are appended. 78 79 It has no attributes. 80--> 81<!ELEMENT install (#PCDATA) > 82<!ATTLIST install> 83 84<!-- 85 installopts 86 87 Identifies the command-line options supported by the brand's 88 installation program, allowing zoneadm to parse the install line 89 properly. 90 91 It has no attributes. 92--> 93<!ELEMENT installopts (#PCDATA) > 94<!ATTLIST installopts> 95 96<!-- 97 boot 98 99 This is a program which gets run by zoneadmd when a zone is booted. 100 The program will be invoked as the last step in the zone booting 101 process before the the first process is spawned inside the zone. 102 103 If this programs succeeds it should not generate any output. 104 If this program returns an error, any output generated by the 105 program will be sent to the zoneadmd message log. 106 107 The following replacements are performed: 108 109 %z Name of zone 110 %R Zonepath of zone 111 Additional arguments, if any, are appended. 112 113 It has no attributes. 114--> 115<!ELEMENT boot (#PCDATA) > 116<!ATTLIST boot> 117 118<!-- 119 halt 120 121 This is a program which gets run by zoneadmd when a zone is being 122 halted. This callback is provided to allow a brand to cleanup any 123 special configuration that was setup during boot. 124 125 This program will also be invoked by zoneadmd if any part of the zone 126 booting process fail, even if the booting process failed before the 127 brand boot program was invoked. It is also possible that if the zone 128 fails to halt after invoking this program, future attempts to halt the 129 zone will invoke this program again. So this program should be 130 designed to clean up any resources allocated to a zone but it should 131 also be able to gracefully handle the case where resources that it 132 expects to release are not actually allocated (or have been already 133 released.) 134 135 If this programs succeeds it should not generate any output. If this 136 program returns an error, any output generated by the program will be 137 sent to the zoneadmd message log. 138 139 The following replacements are performed: 140 141 %z Name of zone 142 %R Zonepath of zone 143 Additional arguments, if any, are appended. 144 145 It has no attributes. 146--> 147<!ELEMENT halt (#PCDATA) > 148<!ATTLIST halt> 149 150<!-- 151 modname 152 153 Path to the kernel module that implements the kernel-level 154 functionality of the brand. 155 156 It has no attributes. 157--> 158<!ELEMENT modname (#PCDATA) > 159<!ATTLIST modname> 160 161<!-- 162 initname 163 164 Path to the initial executable that should be launched when booting a 165 branded zone. 166 167 It has no attributes. 168--> 169<!ELEMENT initname (#PCDATA) > 170<!ATTLIST initname> 171 172<!-- 173 login_cmd 174 175 Path to the initial login binary that should be executed when 176 attempting to zlogin into a branded zone. 177 178 The following replacements are performed: 179 180 %Z Name of the current zone 181 %u User login name 182 183 It has no attributes. 184--> 185<!ELEMENT login_cmd (#PCDATA) > 186<!ATTLIST login_cmd> 187 188<!-- 189 user_cmd 190 191 Path to the binary that will translate a user name to a passwd(4) entry. 192 193 The following replacements are performed: 194 195 %u User login name 196 197 It has no attributes. The passwd(4) entry is used to determine $LOGNAME, 198 $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>". 199--> 200<!ELEMENT user_cmd (#PCDATA) > 201<!ATTLIST user_cmd> 202 203<!-- 204 attach 205 206 Path to a hook that will perform any necessary processing on 207 a zone to allow it to be attached. The zone will be in the "configured" 208 state when this hook is run. This hook is never called when the zone 209 is "force attached" (-F). 210 211 If this hook exits with a non-zero exit status, the attach operation 212 will fail. 213 214 The following replacements are performed: 215 216 %z Name of zone 217 %R Zonepath of zone 218 Additional arguments, if any, are appended. 219 220 If no hook is provided, the internal zoneadm attach code will be used. 221 222 It has no attributes. 223--> 224<!ELEMENT attach (#PCDATA) > 225<!ATTLIST attach> 226 227<!-- 228 postattach 229 230 Path to a hook that will perform any necessary post-processing on 231 a zone after it has been attached. The zone will be in the "installed" 232 state when this hook is run. This hook is never called when the zone 233 is "force attached" (-F). 234 235 If this hook exits with a non-zero exit status, the attach operation 236 will fail and the zone state will be reset to "configured". 237 238 The following replacements are performed: 239 240 %z Name of zone 241 %R Zonepath of zone 242 Additional arguments, if any, are appended. 243 244 It has no attributes. 245--> 246<!ELEMENT postattach (#PCDATA) > 247<!ATTLIST postattach> 248 249<!-- 250 postclone 251 252 Path to a hook that will perform any necessary post-processing on 253 a zone after it has been cloned. The zone will be in the "incomplete" 254 state when this hook is run. 255 256 If this hook exits with a non-zero exit status, the clone operation 257 will fail and the zone will be left in the "incomplete" state, 258 otherwise the state will be changed to the "installed" state. 259 260 The following replacements are performed: 261 262 %z Name of zone 263 %R Zonepath of zone 264 Additional arguments, if any, are appended. 265 266 It has no attributes. 267--> 268<!ELEMENT postclone (#PCDATA) > 269<!ATTLIST postclone> 270 271<!-- 272 postinstall 273 274 Path to a script that will perform any necessary post-processing on 275 a zone after it has been freshly installed. This hook will run after the 276 install hook completes and the zone is in the installed state. The 277 additional arguments are the same as what is passed to the install hook. 278 279 The following replacements are performed: 280 281 %z Name of zone 282 %R Zonepath of zone 283 Additional arguments, if any, are appended. 284 285 It has no attributes. 286--> 287<!ELEMENT postinstall (#PCDATA) > 288<!ATTLIST postinstall> 289 290<!-- 291 predetach 292 293 Path to a hook that will perform any necessary pre-processing on 294 a zone before it is detached. The zone will be in the "installed" 295 state when this hook is run. 296 297 It is possible that if the zone fails to detach after invoking this 298 hook, future attempts to detach the zone will invoke this hook again. 299 So this hook should be designed to gracefully handle the case where 300 it is run multiple times on the same zone. If this hook exits with 301 a non-zero exit status, the detach operation will fail. 302 303 This hook is most commonly used when there is pre-processing for detaching 304 a zone but the built-in detach support will be used for the actual 305 detach. Otherwise, if a detach hook is provided, then it can be used 306 to do both preprocessing as well as the actual detach. 307 308 The following replacements are performed: 309 310 %z Name of zone 311 %R Zonepath of zone 312 Additional arguments, if any, are appended. 313 314 It has no attributes. 315--> 316<!ELEMENT predetach (#PCDATA) > 317<!ATTLIST predetach> 318 319<!-- 320 detach 321 322 Path to a hook that will perform any necessary processing on 323 a zone to allow it to be detached. The zone will be in the "installed" 324 state when this hook is run. 325 326 It is possible that if the zone fails to detach while running this 327 hook, future attempts to detach the zone will invoke this hook again. 328 So this hook should be designed to gracefully handle the case where 329 it is run multiple times on the same zone. If this hook exits with 330 a non-zero exit status, the detach operation will fail and the zone will 331 be left in the "installed" state, otherwise the state will be changed 332 to "configured". 333 334 The following replacements are performed: 335 336 %z Name of zone 337 %R Zonepath of zone 338 Additional arguments, if any, are appended. 339 340 If no hook is provided, the internal zoneadm detach code will be used. 341 342 It has no attributes. 343--> 344<!ELEMENT detach (#PCDATA) > 345<!ATTLIST detach> 346 347<!-- 348 clone 349 Path to a hook that will perform any necessary processing on a zone to 350 allow it to be installed via cloning. Cloning is an alternative to 351 installing so this hook should result in the same effect for the zone. 352 The zone will be in the "incomplete" state when this hook is run. 353 354 If this hook exits with a non-zero exit status, the clone operation 355 will fail and the zone will be left in the "incomplete" state, otherwise 356 the state will be changed to "installed". 357 358 The following replacements are performed: 359 360 %z Name of zone 361 %R Zonepath of zone 362 1st arg name of source zone 363 Additional arguments, if any, are appended. 364 365 If no hook is provided, the internal zoneadm cloning code will be used. 366--> 367<!ELEMENT clone (#PCDATA) > 368<!ATTLIST clone> 369 370<!-- 371 preuninstall 372 373 Path to a script that will perform any necessary pre-processing on 374 a zone before it is uninstalled. The zone will be in the "installed" 375 state when this hook is run. 376 377 It is possible that if the zone fails to uninstall after invoking this 378 hook, future attempts to uninstall the zone will invoke this hook 379 again. So this hook should be designed to gracefully handle the case 380 where it is run multiple times on the same zone. If this hook exits 381 with a non-zero exit status, the uninstall operation will fail. 382 383 The following replacements are performed: 384 385 %z Name of zone 386 %R Zonepath of zone 387 Additional arguments, if any, are appended. 388 389 It has no attributes. 390--> 391<!ELEMENT preuninstall (#PCDATA) > 392<!ATTLIST preuninstall> 393 394<!-- 395 uninstall 396 Identifies the hook to invoke when uninstalling a zone. The zone will 397 be in the "incomplete" state when this hook is run. 398 399 If this hook exits with a non-zero exit status, the uninstall operation 400 will fail and the zone will be left in the "incomplete" state, otherwise 401 the state will be changed to "configured". 402 403 The following replacements are performed: 404 405 %z Name of zone 406 %R Zonepath of zone 407 Additional arguments, if any, are appended. 408 409 If no hook is provided, the internal zoneadm uninstall code will be used. 410--> 411<!ELEMENT uninstall (#PCDATA) > 412<!ATTLIST uninstall> 413 414<!-- 415 presnap 416 Identifies the hook to invoke before snapshotting a zone using the 417 built-in ZFS clone support. 418 419 If this hook exits with a non-zero exit status, the snapshot operation 420 will fail and the zfs clone operation will fail. 421 422 The following replacements are performed: 423 424 %z Name of zone 425 %R Zonepath of zone 426--> 427<!ELEMENT presnap (#PCDATA) > 428<!ATTLIST presnap> 429 430<!-- 431 postsnap 432 Identifies the hook to invoke after snapshotting a zone using the 433 built-in ZFS clone support. 434 435 If this hook exits with a non-zero exit status, the zfs clone operation 436 will fail. 437 438 The following replacements are performed: 439 440 %z Name of zone 441 %R Zonepath of zone 442--> 443<!ELEMENT postsnap (#PCDATA) > 444<!ATTLIST postsnap> 445 446<!-- 447 validatesnap 448 Identifies the hook to invoke to validate a snapshot of a zone using the 449 built-in ZFS clone support. This will validate a snapshot that was 450 explicitly specified to the clone command when the user wants to 451 re-use a snapshot from an earlier clone operation. 452 453 If this hook exits with a non-zero exit status, the snapshot validation 454 operation will fail, meaning the zfs snapshot cannot be used to install 455 the zone. 456 457 The following replacements are performed: 458 459 %z Name of zone 460 %R Zonepath of zone 461 1st arg snapshot name 462 2nd arg snapshot path 463--> 464<!ELEMENT validatesnap (#PCDATA) > 465<!ATTLIST validatesnap> 466 467<!-- 468 privilege 469 470 Add a privilege to the default, prohibited, or required set for all 471 zones of this brand with ip-type matched. If a privilege is added 472 to the default set all zones of this brand with ip-type matched on 473 the system will inherit this privilege unless the privilege is 474 removed via limitpriv in zonecfg(1m). If a privilege is added to 475 the prohibited set it can not be added to any zones with ip-type 476 matched via limitpriv in zonecfg(1m). If a privilege is added to 477 the required set then all zones of this brand with ip-type matched 478 on the system will inherit this privilege and it can't be removed via 479 limitpriv in zonecfg(1m). 480 481 Its attributes are 482 set The name of the set the privilege should go into. 483 name The name of the privilege. 484 ip-type Optional, indicates that adding of the privilege to the 485 set only applies to certain IP types. Can be "shared" or 486 "exclusive". If it is not specified, the default value 487 "all" will be used, which means it is applicable regardless 488 the IP type. 489 490--> 491<!ELEMENT privilege (#PCDATA) > 492<!ATTLIST privilege set ( default | prohibited | required ) #REQUIRED 493 name CDATA #REQUIRED 494 ip-type ( shared | exclusive ) "all" > 495 496<!-- 497 brand 498 499 The toplevel container for a brand configuration. 500 501 Its attributes are 502 503 name The name of the brand. This must match the name of the 504 directory in which the configuration file is stored. 505--> 506 507<!ELEMENT brand (modname?, initname, login_cmd, user_cmd, install, 508 installopts?, boot?, halt?, verify_cfg?, verify_adm?, 509 postattach?, postclone?, postinstall?, predetach?, 510 attach?, detach?, clone?, 511 presnap?, postsnap?, validatesnap?, 512 preuninstall?, uninstall?, privilege+)> 513 514<!ATTLIST brand name CDATA #REQUIRED> 515