1<?xml version='1.0' encoding='UTF-8' ?> 2 3<!-- 4 CDDL HEADER START 5 6 The contents of this file are subject to the terms of the 7 Common Development and Distribution License (the "License"). 8 You may not use this file except in compliance with the License. 9 10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 11 or http://www.opensolaris.org/os/licensing. 12 See the License for the specific language governing permissions 13 and limitations under the License. 14 15 When distributing Covered Code, include this CDDL HEADER in each 16 file and include the License file at usr/src/OPENSOLARIS.LICENSE. 17 If applicable, add the following below this CDDL HEADER, with the 18 fields enclosed by brackets "[]" replaced with your own identifying 19 information: Portions Copyright [yyyy] [name of copyright owner] 20 21 CDDL HEADER END 22 23 Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24 Use is subject to license terms. 25 26 ident "%Z%%M% %I% %E% SMI" 27 28 DO NOT EDIT THIS FILE. 29--> 30 31<!-- 32 verify_cfg 33 34 Identifies the program to be invoked by zonecfg to verify that the 35 zone's configuration is legal, and that all the configured devices, 36 attributes, etc. are legal for this brand. 37 38 The program is called with a single argument: the path to a file 39 containing a temporary config.xml file the zone. It should return 0 40 on success and non-0 on failure. Any detailed error messages should be 41 displayed to stderr. 42 43 It has no attributes. 44 45--> 46<!ELEMENT verify_cfg (#PCDATA) > 47<!ATTLIST verify_cfg> 48<!-- 49 verify_adm 50 51 Identifies the program invoked by zoneadm to perform brand-specific 52 checks as to the viability of a zone on this specific machine. 53 54 The following replacements are performed: 55 56 %z Name of zone 57 %R Root of zone 58 %* Additional arguments, if any 59 60 The program should return 0 on success and non-0 on failure. Any 61 detailed error messages should be displayed to stderr. 62 63 It has no attributes. 64 65--> 66<!ELEMENT verify_adm (#PCDATA) > 67<!ATTLIST verify_adm> 68 69<!-- 70 install 71 72 Identifies the program to invoke when installing a zone. The following 73 replacements are performed: 74 75 %z Name of zone 76 %R Root of zone 77 %* Additional arguments, if any 78 79 It has no attributes. 80--> 81<!ELEMENT install (#PCDATA) > 82<!ATTLIST install> 83 84<!-- 85 installopts 86 87 Identifies the command-line options supported by the brand's 88 installation program, allowing zoneadm to parse the install line 89 properly. 90 91 It has no attributes. 92--> 93<!ELEMENT installopts (#PCDATA) > 94<!ATTLIST installopts> 95 96<!-- 97 boot 98 99 This is a program which gets run by zoneadmd when a zone is booted. 100 The program will be invoked as the last step in the zone booting 101 process before the the first process is spawned inside the zone. 102 103 If this programs succeeds it should not generate any output. 104 If this program returns an error, any output generated by the 105 program will be sent to the zoneadmd message log. 106 107 The following replacements are performed: 108 109 %z Name of zone 110 %R Root of zone 111 %* Additional arguments, if any 112 113 It has no attributes. 114--> 115<!ELEMENT boot (#PCDATA) > 116<!ATTLIST boot> 117 118<!-- 119 halt 120 121 This is a program which gets run by zoneadmd when a zone is being 122 halted. This callback is provided to allow a brand to cleanup any 123 special configuration that was setup during boot. 124 125 This program will also be invoked by zoneadmd if any part of the zone 126 booting process fail, even if the booting process failed before the 127 brand boot program was invoked. It is also possible that if the zone 128 fails to halt after invoking this program, future attempts to halt the 129 zone will invoke this program again. So this program should be 130 designed to clean up any resources allocated to a zone but it should 131 also be able to gracefully handle the case where resources that it 132 expects to release are not actually allocated (or have been already 133 released.) 134 135 If this programs succeeds it should not generate any output. If this 136 program returns an error, any output generated by the program will be 137 sent to the zoneadmd message log. 138 139 The following replacements are performed: 140 141 %z Name of zone 142 %R Root of zone 143 %* Additional arguments, if any 144 145 It has no attributes. 146--> 147<!ELEMENT halt (#PCDATA) > 148<!ATTLIST halt> 149 150<!-- 151 modname 152 153 Path to the kernel module that implements the kernel-level 154 functionality of the brand. 155 156 It has no attributes. 157--> 158<!ELEMENT modname (#PCDATA) > 159<!ATTLIST modname> 160 161<!-- 162 initname 163 164 Path to the initial executable that should be launched when booting a 165 branded zone. 166 167 It has no attributes. 168--> 169<!ELEMENT initname (#PCDATA) > 170<!ATTLIST initname> 171 172<!-- 173 login_cmd 174 175 Path to the initial login binary that should be executed when 176 attempting to zlogin into a branded zone. 177 178 The following replacements are performed: 179 180 %Z Name of the current zone 181 %u User login name 182 183 It has no attributes. 184--> 185<!ELEMENT login_cmd (#PCDATA) > 186<!ATTLIST login_cmd> 187 188<!-- 189 user_cmd 190 191 Path to the binary that will translate a user name to a passwd(4) entry. 192 193 The following replacements are performed: 194 195 %u User login name 196 197 It has no attributes. The passwd(4) entry is used to determine $LOGNAME, 198 $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>". 199--> 200<!ELEMENT user_cmd (#PCDATA) > 201<!ATTLIST user_cmd> 202 203<!-- 204 postattach 205 206 Path to a script that will perform any necessary post-processing on 207 a zone after it has been attached. The additional argument could be '-F' 208 if this is a forced attach. 209 210 If this program exits with a non-zero exit status, the attach operation 211 will fail. 212 213 The following replacements are performed: 214 215 %z Name of zone 216 %R Root of zone 217 %* Additional arguments, if any 218 219 It has no attributes. 220--> 221<!ELEMENT postattach (#PCDATA) > 222<!ATTLIST postattach> 223 224<!-- 225 postclone 226 227 Path to a script that will perform any necessary post-processing on 228 a zone after it has been freshly copied. 229 230 The following replacements are performed: 231 232 %z Name of zone 233 %R Root of zone 234 %* Additional arguments, if any 235 236 It has no attributes. 237--> 238<!ELEMENT postclone (#PCDATA) > 239<!ATTLIST postclone> 240 241<!-- 242 postinstall 243 244 Path to a script that will perform any necessary post-processing on 245 a zone after it has been freshly installed. This hook will run after the 246 install hook completes and the zone is in the installed state. The 247 additional arguments are the same as what is passed to the install hook. 248 249 The following replacements are performed: 250 251 %z Name of zone 252 %R Root of zone 253 %* Additional arguments, if any 254 255 It has no attributes. 256--> 257<!ELEMENT postinstall (#PCDATA) > 258<!ATTLIST postinstall> 259 260<!-- 261 predetach 262 263 Path to a script that will perform any necessary pre-processing on 264 a zone before it is detached. The additional argument could be '-n' 265 if this is a dry-run detach. 266 267 It is possible that if the zone fails to detach after invoking this 268 program, future attempts to detach the zone will invoke this program again. 269 So this program should be designed to gracefully handle the case where 270 it is run multiple times on the same zone. If this program exits with 271 a non-zero exit status, the detach operation will fail. 272 273 The following replacements are performed: 274 275 %z Name of zone 276 %R Root of zone 277 %* Additional arguments, if any 278 279 It has no attributes. 280--> 281<!ELEMENT predetach (#PCDATA) > 282<!ATTLIST predetach> 283 284<!-- 285 preuninstall 286 287 Path to a script that will perform any necessary pre-processing on 288 a zone before it is uninstalled. The additional argument could be '-F' 289 if this is a forced uninstall. 290 291 It is possible that if the zone fails to uninstall after invoking this 292 program, future attempts to uninstall the zone will invoke this program 293 again. So this program should be designed to gracefully handle the case 294 where it is run multiple times on the same zone. If this program exits 295 with a non-zero exit status, the uninstall operation will fail. 296 297 The following replacements are performed: 298 299 %z Name of zone 300 %R Root of zone 301 %* Additional arguments, if any 302 303 It has no attributes. 304--> 305<!ELEMENT preuninstall (#PCDATA) > 306<!ATTLIST preuninstall> 307 308<!-- 309 privilege 310 311 Add a privilege to the default, prohibited, or required set for all 312 zones of this brand with ip-type matched. If a privilege is added 313 to the default set all zones of this brand with ip-type matched on 314 the system will inherit this privilege unless the privilege is 315 removed via limitpriv in zonecfg(1m). If a privilege is added to 316 the prohibited set it can not be added to any zones with ip-type 317 matched via limitpriv in zonecfg(1m). If a privilege is added to 318 the required set then all zones of this brand with ip-type matched 319 on the system will inherit this privilege and it can't be removed via 320 limitpriv in zonecfg(1m). 321 322 Its attributes are 323 set The name of the set the privilege should go into. 324 name The name of the privilege. 325 ip-type Optional, indicates that adding of the privilege to the 326 set only applies to certain IP types. Can be "shared" or 327 "exclusive". If it is not specified, the default value 328 "all" will be used, which means it is applicable regardless 329 the IP type. 330 331--> 332<!ELEMENT privilege (#PCDATA) > 333<!ATTLIST privilege set ( default | prohibited | required ) #REQUIRED 334 name CDATA #REQUIRED 335 ip-type ( shared | exclusive ) "all" > 336 337<!-- 338 brand 339 340 The toplevel container for a brand configuration. 341 342 Its attributes are 343 344 name The name of the brand. This must match the name of the 345 directory in which the configuration file is stored. 346--> 347 348<!ELEMENT brand (modname?, initname, login_cmd, user_cmd, install, 349 installopts?, boot?, halt?, verify_cfg?, verify_adm?, 350 postattach?, postclone?, postinstall?, predetach?, 351 preuninstall?, privilege+)> 352 353<!ATTLIST brand name CDATA #REQUIRED> 354