1<?xml version='1.0' encoding='UTF-8' ?> 2 3<!-- 4 CDDL HEADER START 5 6 The contents of this file are subject to the terms of the 7 Common Development and Distribution License (the "License"). 8 You may not use this file except in compliance with the License. 9 10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11 or http://www.opensolaris.org/os/licensing. 12 See the License for the specific language governing permissions 13 and limitations under the License. 14 15 When distributing Covered Code, include this CDDL HEADER in each 16 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17 If applicable, add the following below this CDDL HEADER, with the 18 fields enclosed by brackets "[]" replaced with your own identifying 19 information: Portions Copyright [yyyy] [name of copyright owner] 20 21 CDDL HEADER END 22 23 Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 Use is subject to license terms. 25 26 DO NOT EDIT THIS FILE. 27--> 28 29<!-- 30 verify_cfg 31 32 Identifies the program to be invoked by zonecfg to verify that the 33 zone's configuration is legal, and that all the configured devices, 34 attributes, etc. are legal for this brand. 35 36 The program is called with a single argument: the path to a file 37 containing a temporary config.xml file the zone. It should return 0 38 on success and non-0 on failure. Any detailed error messages should be 39 displayed to stderr. 40 41 It has no attributes. 42 43--> 44<!ELEMENT verify_cfg (#PCDATA) > 45<!ATTLIST verify_cfg> 46<!-- 47 verify_adm 48 49 Identifies the program invoked by zoneadm to perform brand-specific 50 checks as to the viability of a zone on this specific machine. 51 52 The following replacements are performed: 53 54 %z Name of zone 55 %R Zonepath of zone 56 Additional arguments, if any, are appended. 57 58 The program should return 0 on success and non-0 on failure. Any 59 detailed error messages should be displayed to stderr. 60 61 It has no attributes. 62 63--> 64<!ELEMENT verify_adm (#PCDATA) > 65<!ATTLIST verify_adm> 66 67<!-- 68 install 69 70 Identifies the program to invoke when installing a zone. The following 71 replacements are performed: 72 73 %z Name of zone 74 %R Zonepath of zone 75 Additional arguments, if any, are appended. 76 77 It has no attributes. 78--> 79<!ELEMENT install (#PCDATA) > 80<!ATTLIST install> 81 82<!-- 83 installopts 84 85 Identifies the command-line options supported by the brand's 86 installation program, allowing zoneadm to parse the install line 87 properly. 88 89 It has no attributes. 90--> 91<!ELEMENT installopts (#PCDATA) > 92<!ATTLIST installopts> 93 94<!-- 95 boot 96 97 This is a program which gets run by zoneadmd when a zone is booted. 98 The program will be invoked as the last step in the zone booting 99 process before the the first process is spawned inside the zone. 100 101 If this programs succeeds it should not generate any output. 102 If this program returns an error, any output generated by the 103 program will be sent to the zoneadmd message log. 104 105 The following replacements are performed: 106 107 %z Name of zone 108 %R Zonepath of zone 109 Additional arguments, if any, are appended. 110 111 It has no attributes. 112--> 113<!ELEMENT boot (#PCDATA) > 114<!ATTLIST boot> 115 116<!-- 117 sysboot 118 119 This is a program that will be run by zoneadm during system boot for an 120 installed zone that won't automatically boot. 121 122 If the program succeeds, then it should not generate output. 123 If the program returns an error, then the output it generates will be 124 sent to the zones SMF service's message log. 125 126 The following replacements are performed: 127 128 %z Name of the target zone 129 %R Zonepath of the target zone 130 Additional arguments, if any, are appended. 131 132 This element has no attributes. 133--> 134<!ELEMENT sysboot (#PCDATA) > 135<!ATTLIST sysboot> 136 137<!-- 138 halt 139 140 This is a program which gets run by zoneadmd when a zone is being 141 halted. This callback is provided to allow a brand to cleanup any 142 special configuration that was setup during boot. 143 144 This program will also be invoked by zoneadmd if any part of the zone 145 booting process fail, even if the booting process failed before the 146 brand boot program was invoked. It is also possible that if the zone 147 fails to halt after invoking this program, future attempts to halt the 148 zone will invoke this program again. So this program should be 149 designed to clean up any resources allocated to a zone but it should 150 also be able to gracefully handle the case where resources that it 151 expects to release are not actually allocated (or have been already 152 released.) 153 154 If this programs succeeds it should not generate any output. If this 155 program returns an error, any output generated by the program will be 156 sent to the zoneadmd message log. 157 158 The following replacements are performed: 159 160 %z Name of zone 161 %R Zonepath of zone 162 Additional arguments, if any, are appended. 163 164 It has no attributes. 165--> 166<!ELEMENT halt (#PCDATA) > 167<!ATTLIST halt> 168 169<!-- 170 modname 171 172 Path to the kernel module that implements the kernel-level 173 functionality of the brand. 174 175 It has no attributes. 176--> 177<!ELEMENT modname (#PCDATA) > 178<!ATTLIST modname> 179 180<!-- 181 initname 182 183 Path to the initial executable that should be launched when booting a 184 branded zone. 185 186 It has no attributes. 187--> 188<!ELEMENT initname (#PCDATA) > 189<!ATTLIST initname> 190 191<!-- 192 login_cmd 193 194 Path to the initial login binary that should be executed when 195 attempting to zlogin into a branded zone. 196 197 The following replacements are performed: 198 199 %Z Name of the current zone 200 %u User login name 201 202 It has no attributes. 203--> 204<!ELEMENT login_cmd (#PCDATA) > 205<!ATTLIST login_cmd> 206 207<!-- 208 user_cmd 209 210 Path to the binary that will translate a user name to a passwd(4) entry. 211 212 The following replacements are performed: 213 214 %u User login name 215 216 It has no attributes. The passwd(4) entry is used to determine $LOGNAME, 217 $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>". 218--> 219<!ELEMENT user_cmd (#PCDATA) > 220<!ATTLIST user_cmd> 221 222<!-- 223 attach 224 225 Path to a hook that will perform any necessary processing on 226 a zone to allow it to be attached. The zone will be in the "configured" 227 state when this hook is run. This hook is never called when the zone 228 is "force attached" (-F). 229 230 If this hook exits with a non-zero exit status, the attach operation 231 will fail. 232 233 The following replacements are performed: 234 235 %z Name of zone 236 %R Zonepath of zone 237 Additional arguments, if any, are appended. 238 239 If no hook is provided, the internal zoneadm attach code will be used. 240 241 It has no attributes. 242--> 243<!ELEMENT attach (#PCDATA) > 244<!ATTLIST attach> 245 246<!-- 247 postattach 248 249 Path to a hook that will perform any necessary post-processing on 250 a zone after it has been attached. The zone will be in the "installed" 251 state when this hook is run. This hook is never called when the zone 252 is "force attached" (-F). 253 254 If this hook exits with a non-zero exit status, the attach operation 255 will fail and the zone state will be reset to "configured". 256 257 The following replacements are performed: 258 259 %z Name of zone 260 %R Zonepath of zone 261 Additional arguments, if any, are appended. 262 263 It has no attributes. 264--> 265<!ELEMENT postattach (#PCDATA) > 266<!ATTLIST postattach> 267 268<!-- 269 postclone 270 271 Path to a hook that will perform any necessary post-processing on 272 a zone after it has been cloned. The zone will be in the "incomplete" 273 state when this hook is run. 274 275 If this hook exits with a non-zero exit status, the clone operation 276 will fail and the zone will be left in the "incomplete" state, 277 otherwise the state will be changed to the "installed" state. 278 279 The following replacements are performed: 280 281 %z Name of zone 282 %R Zonepath of zone 283 Additional arguments, if any, are appended. 284 285 It has no attributes. 286--> 287<!ELEMENT postclone (#PCDATA) > 288<!ATTLIST postclone> 289 290<!-- 291 postinstall 292 293 Path to a script that will perform any necessary post-processing on 294 a zone after it has been freshly installed. This hook will run after the 295 install hook completes and the zone is in the installed state. The 296 additional arguments are the same as what is passed to the install hook. 297 298 The following replacements are performed: 299 300 %z Name of zone 301 %R Zonepath of zone 302 Additional arguments, if any, are appended. 303 304 It has no attributes. 305--> 306<!ELEMENT postinstall (#PCDATA) > 307<!ATTLIST postinstall> 308 309<!-- 310 predetach 311 312 Path to a hook that will perform any necessary pre-processing on 313 a zone before it is detached. The zone will be in the "installed" 314 state when this hook is run. 315 316 It is possible that if the zone fails to detach after invoking this 317 hook, future attempts to detach the zone will invoke this hook again. 318 So this hook should be designed to gracefully handle the case where 319 it is run multiple times on the same zone. If this hook exits with 320 a non-zero exit status, the detach operation will fail. 321 322 This hook is most commonly used when there is pre-processing for detaching 323 a zone but the built-in detach support will be used for the actual 324 detach. Otherwise, if a detach hook is provided, then it can be used 325 to do both preprocessing as well as the actual detach. 326 327 The following replacements are performed: 328 329 %z Name of zone 330 %R Zonepath of zone 331 Additional arguments, if any, are appended. 332 333 It has no attributes. 334--> 335<!ELEMENT predetach (#PCDATA) > 336<!ATTLIST predetach> 337 338<!-- 339 detach 340 341 Path to a hook that will perform any necessary processing on 342 a zone to allow it to be detached. The zone will be in the "installed" 343 state when this hook is run. 344 345 It is possible that if the zone fails to detach while running this 346 hook, future attempts to detach the zone will invoke this hook again. 347 So this hook should be designed to gracefully handle the case where 348 it is run multiple times on the same zone. If this hook exits with 349 a non-zero exit status, the detach operation will fail and the zone will 350 be left in the "installed" state, otherwise the state will be changed 351 to "configured". 352 353 The following replacements are performed: 354 355 %z Name of zone 356 %R Zonepath of zone 357 Additional arguments, if any, are appended. 358 359 If no hook is provided, the internal zoneadm detach code will be used. 360 361 It has no attributes. 362--> 363<!ELEMENT detach (#PCDATA) > 364<!ATTLIST detach> 365 366<!-- 367 clone 368 Path to a hook that will perform any necessary processing on a zone to 369 allow it to be installed via cloning. Cloning is an alternative to 370 installing so this hook should result in the same effect for the zone. 371 The zone will be in the "incomplete" state when this hook is run. 372 373 If this hook exits with a non-zero exit status, the clone operation 374 will fail and the zone will be left in the "incomplete" state, otherwise 375 the state will be changed to "installed". 376 377 The following replacements are performed: 378 379 %z Name of zone 380 %R Zonepath of zone 381 1st arg name of source zone 382 Additional arguments, if any, are appended. 383 384 If no hook is provided, the internal zoneadm cloning code will be used. 385--> 386<!ELEMENT clone (#PCDATA) > 387<!ATTLIST clone> 388 389<!-- 390 preuninstall 391 392 Path to a script that will perform any necessary pre-processing on 393 a zone before it is uninstalled. The zone will be in the "installed" 394 state when this hook is run. 395 396 It is possible that if the zone fails to uninstall after invoking this 397 hook, future attempts to uninstall the zone will invoke this hook 398 again. So this hook should be designed to gracefully handle the case 399 where it is run multiple times on the same zone. If this hook exits 400 with a non-zero exit status, the uninstall operation will fail. 401 402 The following replacements are performed: 403 404 %z Name of zone 405 %R Zonepath of zone 406 Additional arguments, if any, are appended. 407 408 It has no attributes. 409--> 410<!ELEMENT preuninstall (#PCDATA) > 411<!ATTLIST preuninstall> 412 413<!-- 414 uninstall 415 Identifies the hook to invoke when uninstalling a zone. The zone will 416 be in the "incomplete" state when this hook is run. 417 418 If this hook exits with a non-zero exit status, the uninstall operation 419 will fail and the zone will be left in the "incomplete" state, otherwise 420 the state will be changed to "configured". 421 422 The following replacements are performed: 423 424 %z Name of zone 425 %R Zonepath of zone 426 Additional arguments, if any, are appended. 427 428 If no hook is provided, the internal zoneadm uninstall code will be used. 429--> 430<!ELEMENT uninstall (#PCDATA) > 431<!ATTLIST uninstall> 432 433<!-- 434 presnap 435 Identifies the hook to invoke before snapshotting a zone using the 436 built-in ZFS clone support. 437 438 If this hook exits with a non-zero exit status, the snapshot operation 439 will fail and the zfs clone operation will fail. 440 441 The following replacements are performed: 442 443 %z Name of zone 444 %R Zonepath of zone 445--> 446<!ELEMENT presnap (#PCDATA) > 447<!ATTLIST presnap> 448 449<!-- 450 postsnap 451 Identifies the hook to invoke after snapshotting a zone using the 452 built-in ZFS clone support. 453 454 If this hook exits with a non-zero exit status, the zfs clone operation 455 will fail. 456 457 The following replacements are performed: 458 459 %z Name of zone 460 %R Zonepath of zone 461--> 462<!ELEMENT postsnap (#PCDATA) > 463<!ATTLIST postsnap> 464 465<!-- 466 validatesnap 467 Identifies the hook to invoke to validate a snapshot of a zone using the 468 built-in ZFS clone support. This will validate a snapshot that was 469 explicitly specified to the clone command when the user wants to 470 re-use a snapshot from an earlier clone operation. 471 472 If this hook exits with a non-zero exit status, the snapshot validation 473 operation will fail, meaning the zfs snapshot cannot be used to install 474 the zone. 475 476 The following replacements are performed: 477 478 %z Name of zone 479 %R Zonepath of zone 480 1st arg snapshot name 481 2nd arg snapshot path 482--> 483<!ELEMENT validatesnap (#PCDATA) > 484<!ATTLIST validatesnap> 485 486<!-- 487 prestatechange 488 Identifies the hook to invoke before zoneadmd makes a state change. 489 If this hook exits with a non-zero exit status, the action failed 490 and no further state change activity will take place. 491 492 The following replacements are performed: 493 494 %z Name of zone 495 %R Zonepath of zone 496 1st arg integer representing current state of zone 497 2 - installed 498 3 - ready 499 4 - running 500 5 - shutting down 501 6 - down 502 7 - mounted 503 2nd arg integer representing transition command 504 0 - ready 505 1 - boot 506 4 - halt 507--> 508<!ELEMENT prestatechange (#PCDATA) > 509<!ATTLIST prestatechange> 510 511<!-- 512 poststatechange 513 Identifies the hook to invoke after zoneadmd makes a successful state 514 change. If this hook exits with a non-zero exit status, the action failed 515 and zoneadmd treats the overall state change as failed, although 516 all of the actions up to running the hook will have taken place. 517 518 The following replacements are performed: 519 520 %z Name of zone 521 %R Zonepath of zone 522 See prestatechange comment for 1st and 2nd argument values. 523--> 524<!ELEMENT poststatechange (#PCDATA) > 525<!ATTLIST poststatechange> 526 527<!-- 528 query 529 Identifies a hook which can be called to get brand-specific information 530 about the zone. There is no specific place in zones where this is called, 531 calls within the zone infrastructure can be added as needed. 532 533 One example of the use of this hook is to query the implicit ZFS datasets 534 supported by the brand. 535 536 If this hook exits with a non-zero exit status, the query failed, 537 although in general, this hook shouldn't return non-zero. 538 539 The following replacements are performed: 540 541 %z Name of zone 542 %R Zonepath of zone 543 1st arg Arbitrary string which the hook can use to determine what 544 data to return. Brands implementing this hook should be 545 tolerant of arguments they don't support and simply do 546 nothing. 547--> 548<!ELEMENT query (#PCDATA) > 549<!ATTLIST query> 550 551<!-- 552 privilege 553 554 Add a privilege to the default, prohibited, or required set for all 555 zones of this brand with ip-type matched. If a privilege is added 556 to the default set all zones of this brand with ip-type matched on 557 the system will inherit this privilege unless the privilege is 558 removed via limitpriv in zonecfg(1m). If a privilege is added to 559 the prohibited set it can not be added to any zones with ip-type 560 matched via limitpriv in zonecfg(1m). If a privilege is added to 561 the required set then all zones of this brand with ip-type matched 562 on the system will inherit this privilege and it can't be removed via 563 limitpriv in zonecfg(1m). 564 565 Its attributes are 566 set The name of the set the privilege should go into. 567 name The name of the privilege. 568 ip-type Optional, indicates that adding of the privilege to the 569 set only applies to certain IP types. Can be "shared" or 570 "exclusive". If it is not specified, the default value 571 "all" will be used, which means it is applicable regardless 572 the IP type. 573 574--> 575<!ELEMENT privilege (#PCDATA) > 576<!ATTLIST privilege set ( default | prohibited | required ) #REQUIRED 577 name CDATA #REQUIRED 578 ip-type ( shared | exclusive ) "all" > 579 580<!-- 581 brand 582 583 The toplevel container for a brand configuration. 584 585 Its attributes are 586 587 name The name of the brand. This must match the name of the 588 directory in which the configuration file is stored. 589--> 590 591<!ELEMENT brand (modname?, initname, login_cmd, user_cmd, install, 592 installopts?, boot?, sysboot?, halt?, verify_cfg?, 593 verify_adm?, postattach?, postclone?, postinstall?, 594 predetach?, attach?, detach?, clone?, 595 presnap?, postsnap?, validatesnap?, 596 preuninstall?, uninstall?, 597 prestatechange?, poststatechange?, query?, 598 privilege+)> 599 600<!ATTLIST brand name CDATA #REQUIRED> 601