1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 /* 30 * This file contains the functions used to support the ZFS integration 31 * with zones. This includes validation (e.g. zonecfg dataset), cloning, 32 * file system creation and destruction. 33 */ 34 35 #include <stdio.h> 36 #include <errno.h> 37 #include <unistd.h> 38 #include <string.h> 39 #include <locale.h> 40 #include <libintl.h> 41 #include <sys/stat.h> 42 #include <sys/statvfs.h> 43 #include <libgen.h> 44 #include <libzonecfg.h> 45 #include <sys/mnttab.h> 46 #include <libzfs.h> 47 48 #include "zoneadm.h" 49 50 libzfs_handle_t *g_zfs; 51 52 typedef struct zfs_mount_data { 53 char *match_name; 54 zfs_handle_t *match_handle; 55 } zfs_mount_data_t; 56 57 typedef struct zfs_snapshot_data { 58 char *match_name; 59 int len; 60 int max; 61 } zfs_snapshot_data_t; 62 63 /* 64 * A ZFS file system iterator call-back function which is used to validate 65 * datasets imported into the zone. 66 */ 67 /* ARGSUSED */ 68 static int 69 check_zvol(zfs_handle_t *zhp, void *unused) 70 { 71 int ret; 72 73 if (zfs_get_type(zhp) == ZFS_TYPE_VOLUME) { 74 /* 75 * TRANSLATION_NOTE 76 * zfs and dataset are literals that should not be translated. 77 */ 78 (void) fprintf(stderr, gettext("cannot verify zfs dataset %s: " 79 "volumes cannot be specified as a zone dataset resource\n"), 80 zfs_get_name(zhp)); 81 ret = -1; 82 } else { 83 ret = zfs_iter_children(zhp, check_zvol, NULL); 84 } 85 86 zfs_close(zhp); 87 88 return (ret); 89 } 90 91 /* 92 * A ZFS file system iterator call-back function which returns the 93 * zfs_handle_t for a ZFS file system on the specified mount point. 94 */ 95 static int 96 match_mountpoint(zfs_handle_t *zhp, void *data) 97 { 98 int res; 99 zfs_mount_data_t *cbp; 100 char mp[ZFS_MAXPROPLEN]; 101 102 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) { 103 zfs_close(zhp); 104 return (0); 105 } 106 107 cbp = (zfs_mount_data_t *)data; 108 if (zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, mp, sizeof (mp), NULL, NULL, 109 0, B_FALSE) == 0 && strcmp(mp, cbp->match_name) == 0) { 110 cbp->match_handle = zhp; 111 return (1); 112 } 113 114 res = zfs_iter_filesystems(zhp, match_mountpoint, data); 115 zfs_close(zhp); 116 return (res); 117 } 118 119 /* 120 * Get ZFS handle for the specified mount point. 121 */ 122 static zfs_handle_t * 123 mount2zhandle(char *mountpoint) 124 { 125 zfs_mount_data_t cb; 126 127 cb.match_name = mountpoint; 128 cb.match_handle = NULL; 129 (void) zfs_iter_root(g_zfs, match_mountpoint, &cb); 130 return (cb.match_handle); 131 } 132 133 /* 134 * Check if there is already a file system (zfs or any other type) mounted on 135 * path. 136 */ 137 static boolean_t 138 is_mountpnt(char *path) 139 { 140 FILE *fp; 141 struct mnttab entry; 142 143 if ((fp = fopen("/etc/mnttab", "r")) == NULL) 144 return (B_FALSE); 145 146 while (getmntent(fp, &entry) == 0) { 147 if (strcmp(path, entry.mnt_mountp) == 0) { 148 (void) fclose(fp); 149 return (B_TRUE); 150 } 151 } 152 153 (void) fclose(fp); 154 return (B_FALSE); 155 } 156 157 /* 158 * Perform any necessary housekeeping tasks we need to do before we take 159 * a ZFS snapshot of the zone. What this really entails is that we are 160 * taking a sw inventory of the source zone, like we do when we detach, 161 * so that there is the XML manifest in the snapshot. We use that to 162 * validate the snapshot if it is the source of a clone at some later time. 163 */ 164 static int 165 pre_snapshot(char *source_zone) 166 { 167 int err; 168 zone_dochandle_t handle; 169 170 if ((handle = zonecfg_init_handle()) == NULL) { 171 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 172 return (Z_ERR); 173 } 174 175 if ((err = zonecfg_get_handle(source_zone, handle)) != Z_OK) { 176 errno = err; 177 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 178 zonecfg_fini_handle(handle); 179 return (Z_ERR); 180 } 181 182 if ((err = zonecfg_get_detach_info(handle, B_TRUE)) != Z_OK) { 183 errno = err; 184 zperror(gettext("getting the software version information " 185 "failed"), B_TRUE); 186 zonecfg_fini_handle(handle); 187 return (Z_ERR); 188 } 189 190 if ((err = zonecfg_detach_save(handle, 0)) != Z_OK) { 191 errno = err; 192 zperror(gettext("saving the software version manifest failed"), 193 B_TRUE); 194 zonecfg_fini_handle(handle); 195 return (Z_ERR); 196 } 197 198 zonecfg_fini_handle(handle); 199 return (Z_OK); 200 } 201 202 /* 203 * Perform any necessary housekeeping tasks we need to do after we take 204 * a ZFS snapshot of the zone. What this really entails is removing the 205 * sw inventory XML file from the zone. It is still in the snapshot where 206 * we want it, but we don't want it in the source zone itself. 207 */ 208 static int 209 post_snapshot(char *source_zone) 210 { 211 int err; 212 zone_dochandle_t handle; 213 214 if ((handle = zonecfg_init_handle()) == NULL) { 215 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 216 return (Z_ERR); 217 } 218 219 if ((err = zonecfg_get_handle(source_zone, handle)) != Z_OK) { 220 errno = err; 221 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 222 zonecfg_fini_handle(handle); 223 return (Z_ERR); 224 } 225 226 zonecfg_rm_detached(handle, B_FALSE); 227 zonecfg_fini_handle(handle); 228 229 return (Z_OK); 230 } 231 232 /* 233 * This is a ZFS snapshot iterator call-back function which returns the 234 * highest number of SUNWzone snapshots that have been taken. 235 */ 236 static int 237 get_snap_max(zfs_handle_t *zhp, void *data) 238 { 239 int res; 240 zfs_snapshot_data_t *cbp; 241 242 if (zfs_get_type(zhp) != ZFS_TYPE_SNAPSHOT) { 243 zfs_close(zhp); 244 return (0); 245 } 246 247 cbp = (zfs_snapshot_data_t *)data; 248 249 if (strncmp(zfs_get_name(zhp), cbp->match_name, cbp->len) == 0) { 250 char *nump; 251 int num; 252 253 nump = (char *)(zfs_get_name(zhp) + cbp->len); 254 num = atoi(nump); 255 if (num > cbp->max) 256 cbp->max = num; 257 } 258 259 res = zfs_iter_snapshots(zhp, get_snap_max, data); 260 zfs_close(zhp); 261 return (res); 262 } 263 264 /* 265 * Take a ZFS snapshot to be used for cloning the zone. 266 */ 267 static int 268 take_snapshot(char *source_zone, zfs_handle_t *zhp, char *snapshot_name, 269 int snap_size) 270 { 271 int res; 272 char template[ZFS_MAXNAMELEN]; 273 zfs_snapshot_data_t cb; 274 275 /* 276 * First we need to figure out the next available name for the 277 * zone snapshot. Look through the list of zones snapshots for 278 * this file system to determine the maximum snapshot name. 279 */ 280 if (snprintf(template, sizeof (template), "%s@SUNWzone", 281 zfs_get_name(zhp)) >= sizeof (template)) 282 return (Z_ERR); 283 284 cb.match_name = template; 285 cb.len = strlen(template); 286 cb.max = 0; 287 288 if (zfs_iter_snapshots(zhp, get_snap_max, &cb) != 0) 289 return (Z_ERR); 290 291 cb.max++; 292 293 if (snprintf(snapshot_name, snap_size, "%s@SUNWzone%d", 294 zfs_get_name(zhp), cb.max) >= snap_size) 295 return (Z_ERR); 296 297 if (pre_snapshot(source_zone) != Z_OK) 298 return (Z_ERR); 299 res = zfs_snapshot(g_zfs, snapshot_name, B_FALSE); 300 if (post_snapshot(source_zone) != Z_OK) 301 return (Z_ERR); 302 303 if (res != 0) 304 return (Z_ERR); 305 return (Z_OK); 306 } 307 308 /* 309 * We are using an explicit snapshot from some earlier point in time so 310 * we need to validate it. This involves checking the sw inventory that 311 * we took when we made the snapshot to verify that the current sw config 312 * on the host is still valid to run a zone made from this snapshot. 313 */ 314 static int 315 validate_snapshot(char *snapshot_name, char *snap_path) 316 { 317 int err; 318 zone_dochandle_t handle; 319 zone_dochandle_t athandle = NULL; 320 321 if ((handle = zonecfg_init_handle()) == NULL) { 322 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 323 return (Z_ERR); 324 } 325 326 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) { 327 errno = err; 328 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 329 zonecfg_fini_handle(handle); 330 return (Z_ERR); 331 } 332 333 if ((athandle = zonecfg_init_handle()) == NULL) { 334 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 335 goto done; 336 } 337 338 if ((err = zonecfg_get_attach_handle(snap_path, target_zone, B_TRUE, 339 athandle)) != Z_OK) { 340 if (err == Z_NO_ZONE) 341 (void) fprintf(stderr, gettext("snapshot %s was not " 342 "taken\n\tby a 'zoneadm clone' command. It can " 343 "not be used to clone zones.\n"), snapshot_name); 344 else 345 (void) fprintf(stderr, gettext("snapshot %s is " 346 "out-dated\n\tIt can no longer be used to clone " 347 "zones on this system.\n"), snapshot_name); 348 goto done; 349 } 350 351 /* Get the detach information for the locally defined zone. */ 352 if ((err = zonecfg_get_detach_info(handle, B_FALSE)) != Z_OK) { 353 errno = err; 354 zperror(gettext("getting the attach information failed"), 355 B_TRUE); 356 goto done; 357 } 358 359 if ((err = sw_cmp(handle, athandle, SW_CMP_SILENT)) != Z_OK) 360 (void) fprintf(stderr, gettext("snapshot %s is out-dated\n\t" 361 "It can no longer be used to clone zones on this " 362 "system.\n"), snapshot_name); 363 364 done: 365 zonecfg_fini_handle(handle); 366 if (athandle != NULL) 367 zonecfg_fini_handle(athandle); 368 369 return (err); 370 } 371 372 /* 373 * Remove the sw inventory file from inside this zonepath that we picked up out 374 * of the snapshot. 375 */ 376 static int 377 clean_out_clone() 378 { 379 int err; 380 zone_dochandle_t handle; 381 382 if ((handle = zonecfg_init_handle()) == NULL) { 383 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 384 return (Z_ERR); 385 } 386 387 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) { 388 errno = err; 389 zperror(cmd_to_str(CMD_CLONE), B_TRUE); 390 zonecfg_fini_handle(handle); 391 return (Z_ERR); 392 } 393 394 zonecfg_rm_detached(handle, B_FALSE); 395 zonecfg_fini_handle(handle); 396 397 return (Z_OK); 398 } 399 400 /* 401 * Make a ZFS clone on zonepath from snapshot_name. 402 */ 403 static int 404 clone_snap(char *snapshot_name, char *zonepath) 405 { 406 int res = Z_OK; 407 int err; 408 zfs_handle_t *zhp; 409 zfs_handle_t *clone; 410 411 if ((zhp = zfs_open(g_zfs, snapshot_name, ZFS_TYPE_SNAPSHOT)) == NULL) 412 return (Z_NO_ENTRY); 413 414 (void) printf(gettext("Cloning snapshot %s\n"), snapshot_name); 415 416 err = zfs_clone(zhp, zonepath); 417 zfs_close(zhp); 418 if (err != 0) 419 return (Z_ERR); 420 421 /* create the mountpoint if necessary */ 422 if ((clone = zfs_open(g_zfs, zonepath, ZFS_TYPE_ANY)) == NULL) 423 return (Z_ERR); 424 425 /* 426 * The clone has been created so we need to print a diagnostic 427 * message if one of the following steps fails for some reason. 428 */ 429 if (zfs_mount(clone, NULL, 0) != 0) { 430 (void) fprintf(stderr, gettext("could not mount ZFS clone " 431 "%s\n"), zfs_get_name(clone)); 432 res = Z_ERR; 433 434 } else { 435 if (zfs_prop_set(clone, ZFS_PROP_SHARENFS, "off") != 0) { 436 /* we won't consider this a failure */ 437 (void) fprintf(stderr, gettext("could not turn off the " 438 "'sharenfs' property on ZFS clone %s\n"), 439 zfs_get_name(clone)); 440 } 441 442 if (clean_out_clone() != Z_OK) { 443 (void) fprintf(stderr, gettext("could not remove the " 444 "software inventory from ZFS clone %s\n"), 445 zfs_get_name(clone)); 446 res = Z_ERR; 447 } 448 } 449 450 zfs_close(clone); 451 return (res); 452 } 453 454 /* 455 * This function takes a zonepath and attempts to determine what the ZFS 456 * file system name (not mountpoint) should be for that path. We do not 457 * assume that zonepath is an existing directory or ZFS fs since we use 458 * this function as part of the process of creating a new ZFS fs or clone. 459 * 460 * The way this works is that we look at the parent directory of the zonepath 461 * to see if it is a ZFS fs. If it is, we get the name of that ZFS fs and 462 * append the last component of the zonepath to generate the ZFS name for the 463 * zonepath. This matches the algorithm that ZFS uses for automatically 464 * mounting a new fs after it is created. 465 * 466 * Although a ZFS fs can be mounted anywhere, we don't worry about handling 467 * all of the complexity that a user could possibly configure with arbitrary 468 * mounts since there is no way to generate a ZFS name from a random path in 469 * the file system. We only try to handle the automatic mounts that ZFS does 470 * for each file system. ZFS restricts this so that a new fs must be created 471 * in an existing parent ZFS fs. It then automatically mounts the new fs 472 * directly under the mountpoint for the parent fs using the last component 473 * of the name as the mountpoint directory. 474 * 475 * For example: 476 * Name Mountpoint 477 * space/eng/dev/test/zone1 /project1/eng/dev/test/zone1 478 * 479 * Return Z_OK if the path mapped to a ZFS file system name, otherwise return 480 * Z_ERR. 481 */ 482 static int 483 path2name(char *zonepath, char *zfs_name, int len) 484 { 485 int res; 486 char *p; 487 zfs_handle_t *zhp; 488 489 if ((p = strrchr(zonepath, '/')) == NULL) 490 return (Z_ERR); 491 492 /* 493 * If the parent directory is not its own ZFS fs, then we can't 494 * automatically create a new ZFS fs at the 'zonepath' mountpoint 495 * so return an error. 496 */ 497 *p = '\0'; 498 zhp = mount2zhandle(zonepath); 499 *p = '/'; 500 if (zhp == NULL) 501 return (Z_ERR); 502 503 res = snprintf(zfs_name, len, "%s/%s", zfs_get_name(zhp), p + 1); 504 505 zfs_close(zhp); 506 if (res >= len) 507 return (Z_ERR); 508 509 return (Z_OK); 510 } 511 512 /* 513 * A ZFS file system iterator call-back function used to determine if the 514 * file system has dependents (snapshots & clones). 515 */ 516 /* ARGSUSED */ 517 static int 518 has_dependent(zfs_handle_t *zhp, void *data) 519 { 520 zfs_close(zhp); 521 return (1); 522 } 523 524 /* 525 * Given a snapshot name, get the file system path where the snapshot lives. 526 * A snapshot name is of the form fs_name@snap_name. For example, snapshot 527 * pl/zones/z1@SUNWzone1 would have a path of 528 * /pl/zones/z1/.zfs/snapshot/SUNWzone1. 529 */ 530 static int 531 snap2path(char *snap_name, char *path, int len) 532 { 533 char *p; 534 zfs_handle_t *zhp; 535 char mp[ZFS_MAXPROPLEN]; 536 537 if ((p = strrchr(snap_name, '@')) == NULL) 538 return (Z_ERR); 539 540 /* Get the file system name from the snap_name. */ 541 *p = '\0'; 542 zhp = zfs_open(g_zfs, snap_name, ZFS_TYPE_ANY); 543 *p = '@'; 544 if (zhp == NULL) 545 return (Z_ERR); 546 547 /* Get the file system mount point. */ 548 if (zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, mp, sizeof (mp), NULL, NULL, 549 0, B_FALSE) != 0) { 550 zfs_close(zhp); 551 return (Z_ERR); 552 } 553 zfs_close(zhp); 554 555 p++; 556 if (snprintf(path, len, "%s/.zfs/snapshot/%s", mp, p) >= len) 557 return (Z_ERR); 558 559 return (Z_OK); 560 } 561 562 /* 563 * Clone a pre-existing ZFS snapshot, either by making a direct ZFS clone, if 564 * possible, or by copying the data from the snapshot to the zonepath. 565 */ 566 int 567 clone_snapshot_zfs(char *snap_name, char *zonepath) 568 { 569 int err = Z_OK; 570 char clone_name[MAXPATHLEN]; 571 char snap_path[MAXPATHLEN]; 572 573 if (snap2path(snap_name, snap_path, sizeof (snap_path)) != Z_OK) { 574 (void) fprintf(stderr, gettext("unable to find path for %s.\n"), 575 snap_name); 576 return (Z_ERR); 577 } 578 579 if (validate_snapshot(snap_name, snap_path) != Z_OK) 580 return (Z_NO_ENTRY); 581 582 /* 583 * The zonepath cannot be ZFS cloned, try to copy the data from 584 * within the snapshot to the zonepath. 585 */ 586 if (path2name(zonepath, clone_name, sizeof (clone_name)) != Z_OK) { 587 if ((err = clone_copy(snap_path, zonepath)) == Z_OK) 588 if (clean_out_clone() != Z_OK) 589 (void) fprintf(stderr, 590 gettext("could not remove the " 591 "software inventory from %s\n"), zonepath); 592 593 return (err); 594 } 595 596 if ((err = clone_snap(snap_name, clone_name)) != Z_OK) { 597 if (err != Z_NO_ENTRY) { 598 /* 599 * Cloning the snapshot failed. Fall back to trying 600 * to install the zone by copying from the snapshot. 601 */ 602 if ((err = clone_copy(snap_path, zonepath)) == Z_OK) 603 if (clean_out_clone() != Z_OK) 604 (void) fprintf(stderr, 605 gettext("could not remove the " 606 "software inventory from %s\n"), 607 zonepath); 608 } else { 609 /* 610 * The snapshot is unusable for some reason so restore 611 * the zone state to configured since we were unable to 612 * actually do anything about getting the zone 613 * installed. 614 */ 615 int tmp; 616 617 if ((tmp = zone_set_state(target_zone, 618 ZONE_STATE_CONFIGURED)) != Z_OK) { 619 errno = tmp; 620 zperror2(target_zone, 621 gettext("could not set state")); 622 } 623 } 624 } 625 626 return (err); 627 } 628 629 /* 630 * Attempt to clone a source_zone to a target zonepath by using a ZFS clone. 631 */ 632 int 633 clone_zfs(char *source_zone, char *source_zonepath, char *zonepath) 634 { 635 zfs_handle_t *zhp; 636 char clone_name[MAXPATHLEN]; 637 char snap_name[MAXPATHLEN]; 638 639 /* 640 * Try to get a zfs handle for the source_zonepath. If this fails 641 * the source_zonepath is not ZFS so return an error. 642 */ 643 if ((zhp = mount2zhandle(source_zonepath)) == NULL) 644 return (Z_ERR); 645 646 /* 647 * Check if there is a file system already mounted on zonepath. If so, 648 * we can't clone to the path so we should fall back to copying. 649 */ 650 if (is_mountpnt(zonepath)) { 651 zfs_close(zhp); 652 (void) fprintf(stderr, 653 gettext("A file system is already mounted on %s,\n" 654 "preventing use of a ZFS clone.\n"), zonepath); 655 return (Z_ERR); 656 } 657 658 /* 659 * Instead of using path2name to get the clone name from the zonepath, 660 * we could generate a name from the source zone ZFS name. However, 661 * this would mean we would create the clone under the ZFS fs of the 662 * source instead of what the zonepath says. For example, 663 * 664 * source_zonepath zonepath 665 * /pl/zones/dev/z1 /pl/zones/deploy/z2 666 * 667 * We don't want the clone to be under "dev", we want it under 668 * "deploy", so that we can leverage the normal attribute inheritance 669 * that ZFS provides in the fs hierarchy. 670 */ 671 if (path2name(zonepath, clone_name, sizeof (clone_name)) != Z_OK) { 672 zfs_close(zhp); 673 return (Z_ERR); 674 } 675 676 if (take_snapshot(source_zone, zhp, snap_name, sizeof (snap_name)) 677 != Z_OK) { 678 zfs_close(zhp); 679 return (Z_ERR); 680 } 681 zfs_close(zhp); 682 683 if (clone_snap(snap_name, clone_name) != Z_OK) 684 return (Z_ERR); 685 686 (void) printf(gettext("Instead of copying, a ZFS clone has been " 687 "created for this zone.\n")); 688 689 return (Z_OK); 690 } 691 692 /* 693 * Attempt to create a ZFS file system for the specified zonepath. 694 * We either will successfully create a ZFS file system and get it mounted 695 * on the zonepath or we don't. The caller doesn't care since a regular 696 * directory is used for the zonepath if no ZFS file system is mounted there. 697 */ 698 void 699 create_zfs_zonepath(char *zonepath) 700 { 701 zfs_handle_t *zhp; 702 char zfs_name[MAXPATHLEN]; 703 704 if (path2name(zonepath, zfs_name, sizeof (zfs_name)) != Z_OK) 705 return; 706 707 if (zfs_create(g_zfs, zfs_name, ZFS_TYPE_FILESYSTEM, NULL, NULL) != 0 || 708 (zhp = zfs_open(g_zfs, zfs_name, ZFS_TYPE_ANY)) == NULL) { 709 (void) fprintf(stderr, gettext("cannot create ZFS dataset %s: " 710 "%s\n"), zfs_name, libzfs_error_description(g_zfs)); 711 return; 712 } 713 714 if (zfs_mount(zhp, NULL, 0) != 0) { 715 (void) fprintf(stderr, gettext("cannot mount ZFS dataset %s: " 716 "%s\n"), zfs_name, libzfs_error_description(g_zfs)); 717 (void) zfs_destroy(zhp); 718 } else if (zfs_prop_set(zhp, ZFS_PROP_SHARENFS, "off") != 0) { 719 (void) fprintf(stderr, gettext("file system %s successfully " 720 "created,\nbut could not turn off the 'sharenfs' " 721 "property\n"), zfs_name); 722 } else { 723 if (chmod(zonepath, S_IRWXU) != 0) { 724 (void) fprintf(stderr, gettext("file system %s " 725 "successfully created, but chmod %o failed: %s\n"), 726 zfs_name, S_IRWXU, strerror(errno)); 727 (void) destroy_zfs(zonepath); 728 } else { 729 (void) printf(gettext("A ZFS file system has been " 730 "created for this zone.\n")); 731 } 732 } 733 734 zfs_close(zhp); 735 } 736 737 /* 738 * If the zonepath is a ZFS file system, attempt to destroy it. We return Z_OK 739 * if we were able to zfs_destroy the zonepath, otherwise we return Z_ERR 740 * which means the caller should clean up the zonepath in the traditional 741 * way. 742 */ 743 int 744 destroy_zfs(char *zonepath) 745 { 746 zfs_handle_t *zhp; 747 boolean_t is_clone = B_FALSE; 748 char origin[ZFS_MAXPROPLEN]; 749 750 if ((zhp = mount2zhandle(zonepath)) == NULL) 751 return (Z_ERR); 752 753 /* 754 * We can't destroy the file system if it has dependents. 755 */ 756 if (zfs_iter_dependents(zhp, has_dependent, NULL) != 0 || 757 zfs_unmount(zhp, NULL, 0) != 0) { 758 zfs_close(zhp); 759 return (Z_ERR); 760 } 761 762 /* 763 * This might be a clone. Try to get the snapshot so we can attempt 764 * to destroy that as well. 765 */ 766 if (zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin, sizeof (origin), NULL, 767 NULL, 0, B_FALSE) == 0) 768 is_clone = B_TRUE; 769 770 if (zfs_destroy(zhp) != 0) { 771 /* 772 * If the destroy fails for some reason, try to remount 773 * the file system so that we can use "rm -rf" to clean up 774 * instead. 775 */ 776 (void) zfs_mount(zhp, NULL, 0); 777 zfs_close(zhp); 778 return (Z_ERR); 779 } 780 781 (void) printf(gettext("The ZFS file system for this zone has been " 782 "destroyed.\n")); 783 784 if (is_clone) { 785 zfs_handle_t *ohp; 786 787 /* 788 * Try to clean up the snapshot that the clone was taken from. 789 */ 790 if ((ohp = zfs_open(g_zfs, origin, 791 ZFS_TYPE_SNAPSHOT)) != NULL) { 792 if (zfs_iter_dependents(ohp, has_dependent, NULL) 793 == 0 && zfs_unmount(ohp, NULL, 0) == 0) 794 (void) zfs_destroy(ohp); 795 zfs_close(ohp); 796 } 797 } 798 799 zfs_close(zhp); 800 return (Z_OK); 801 } 802 803 /* 804 * Return true if the path is its own zfs file system. We determine this 805 * by stat-ing the path to see if it is zfs and stat-ing the parent to see 806 * if it is a different fs. 807 */ 808 boolean_t 809 is_zonepath_zfs(char *zonepath) 810 { 811 int res; 812 char *path; 813 char *parent; 814 struct statvfs buf1, buf2; 815 816 if (statvfs(zonepath, &buf1) != 0) 817 return (B_FALSE); 818 819 if (strcmp(buf1.f_basetype, "zfs") != 0) 820 return (B_FALSE); 821 822 if ((path = strdup(zonepath)) == NULL) 823 return (B_FALSE); 824 825 parent = dirname(path); 826 res = statvfs(parent, &buf2); 827 free(path); 828 829 if (res != 0) 830 return (B_FALSE); 831 832 if (buf1.f_fsid == buf2.f_fsid) 833 return (B_FALSE); 834 835 return (B_TRUE); 836 } 837 838 /* 839 * Implement the fast move of a ZFS file system by simply updating the 840 * mountpoint. Since it is file system already, we don't have the 841 * issue of cross-file system copying. 842 */ 843 int 844 move_zfs(char *zonepath, char *new_zonepath) 845 { 846 int ret = Z_ERR; 847 zfs_handle_t *zhp; 848 849 if ((zhp = mount2zhandle(zonepath)) == NULL) 850 return (Z_ERR); 851 852 if (zfs_prop_set(zhp, ZFS_PROP_MOUNTPOINT, new_zonepath) == 0) { 853 /* 854 * Clean up the old mount point. We ignore any failure since 855 * the zone is already successfully mounted on the new path. 856 */ 857 (void) rmdir(zonepath); 858 ret = Z_OK; 859 } 860 861 zfs_close(zhp); 862 863 return (ret); 864 } 865 866 /* 867 * Validate that the given dataset exists on the system, and that neither it nor 868 * its children are zvols. 869 * 870 * Note that we don't do anything with the 'zoned' property here. All 871 * management is done in zoneadmd when the zone is actually rebooted. This 872 * allows us to automatically set the zoned property even when a zone is 873 * rebooted by the administrator. 874 */ 875 int 876 verify_datasets(zone_dochandle_t handle) 877 { 878 int return_code = Z_OK; 879 struct zone_dstab dstab; 880 zfs_handle_t *zhp; 881 char propbuf[ZFS_MAXPROPLEN]; 882 char source[ZFS_MAXNAMELEN]; 883 zfs_source_t srctype; 884 885 if (zonecfg_setdsent(handle) != Z_OK) { 886 /* 887 * TRANSLATION_NOTE 888 * zfs and dataset are literals that should not be translated. 889 */ 890 (void) fprintf(stderr, gettext("could not verify zfs datasets: " 891 "unable to enumerate datasets\n")); 892 return (Z_ERR); 893 } 894 895 while (zonecfg_getdsent(handle, &dstab) == Z_OK) { 896 897 if ((zhp = zfs_open(g_zfs, dstab.zone_dataset_name, 898 ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME)) == NULL) { 899 (void) fprintf(stderr, gettext("could not verify zfs " 900 "dataset %s: %s\n"), dstab.zone_dataset_name, 901 libzfs_error_description(g_zfs)); 902 return_code = Z_ERR; 903 continue; 904 } 905 906 if (zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, propbuf, 907 sizeof (propbuf), &srctype, source, 908 sizeof (source), 0) == 0 && 909 (srctype == ZFS_SRC_INHERITED)) { 910 (void) fprintf(stderr, gettext("could not verify zfs " 911 "dataset %s: mountpoint cannot be inherited\n"), 912 dstab.zone_dataset_name); 913 return_code = Z_ERR; 914 zfs_close(zhp); 915 continue; 916 } 917 918 if (zfs_get_type(zhp) == ZFS_TYPE_VOLUME) { 919 (void) fprintf(stderr, gettext("cannot verify zfs " 920 "dataset %s: volumes cannot be specified as a " 921 "zone dataset resource\n"), 922 dstab.zone_dataset_name); 923 return_code = Z_ERR; 924 } 925 926 if (zfs_iter_children(zhp, check_zvol, NULL) != 0) 927 return_code = Z_ERR; 928 929 zfs_close(zhp); 930 } 931 (void) zonecfg_enddsent(handle); 932 933 return (return_code); 934 } 935 936 /* 937 * Verify that the ZFS dataset exists, and its mountpoint 938 * property is set to "legacy". 939 */ 940 int 941 verify_fs_zfs(struct zone_fstab *fstab) 942 { 943 zfs_handle_t *zhp; 944 char propbuf[ZFS_MAXPROPLEN]; 945 946 if ((zhp = zfs_open(g_zfs, fstab->zone_fs_special, 947 ZFS_TYPE_ANY)) == NULL) { 948 (void) fprintf(stderr, gettext("could not verify fs %s: " 949 "could not access zfs dataset '%s'\n"), 950 fstab->zone_fs_dir, fstab->zone_fs_special); 951 return (Z_ERR); 952 } 953 954 if (zfs_get_type(zhp) != ZFS_TYPE_FILESYSTEM) { 955 (void) fprintf(stderr, gettext("cannot verify fs %s: " 956 "'%s' is not a file system\n"), 957 fstab->zone_fs_dir, fstab->zone_fs_special); 958 zfs_close(zhp); 959 return (Z_ERR); 960 } 961 962 if (zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, propbuf, sizeof (propbuf), 963 NULL, NULL, 0, 0) != 0 || strcmp(propbuf, "legacy") != 0) { 964 (void) fprintf(stderr, gettext("could not verify fs %s: " 965 "zfs '%s' mountpoint is not \"legacy\"\n"), 966 fstab->zone_fs_dir, fstab->zone_fs_special); 967 zfs_close(zhp); 968 return (Z_ERR); 969 } 970 971 zfs_close(zhp); 972 return (Z_OK); 973 } 974 975 int 976 init_zfs(void) 977 { 978 if ((g_zfs = libzfs_init()) == NULL) { 979 (void) fprintf(stderr, gettext("failed to initialize ZFS " 980 "library\n")); 981 return (Z_ERR); 982 } 983 984 return (Z_OK); 985 } 986