xref: /titanic_44/usr/src/cmd/zonecfg/zonecfg.c (revision a65cd518c5d0f30c53594a7022eb0f7d04c98cef)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
25  */
26 
27 /*
28  * zonecfg is a lex/yacc based command interpreter used to manage zone
29  * configurations.  The lexer (see zonecfg_lex.l) builds up tokens, which
30  * the grammar (see zonecfg_grammar.y) builds up into commands, some of
31  * which takes resources and/or properties as arguments.  See the block
32  * comments near the end of zonecfg_grammar.y for how the data structures
33  * which keep track of these resources and properties are built up.
34  *
35  * The resource/property data structures are inserted into a command
36  * structure (see zonecfg.h), which also keeps track of command names,
37  * miscellaneous arguments, and function handlers.  The grammar selects
38  * the appropriate function handler, each of which takes a pointer to a
39  * command structure as its sole argument, and invokes it.  The grammar
40  * itself is "entered" (a la the Matrix) by yyparse(), which is called
41  * from read_input(), our main driving function.  That in turn is called
42  * by one of do_interactive(), cmd_file() or one_command_at_a_time(), each
43  * of which is called from main() depending on how the program was invoked.
44  *
45  * The rest of this module consists of the various function handlers and
46  * their helper functions.  Some of these functions, particularly the
47  * X_to_str() functions, which maps command, resource and property numbers
48  * to strings, are used quite liberally, as doing so results in a better
49  * program w/rt I18N, reducing the need for translation notes.
50  */
51 
52 #include <sys/mntent.h>
53 #include <sys/varargs.h>
54 #include <sys/sysmacros.h>
55 
56 #include <errno.h>
57 #include <fcntl.h>
58 #include <strings.h>
59 #include <unistd.h>
60 #include <ctype.h>
61 #include <stdlib.h>
62 #include <assert.h>
63 #include <sys/stat.h>
64 #include <zone.h>
65 #include <arpa/inet.h>
66 #include <netdb.h>
67 #include <locale.h>
68 #include <libintl.h>
69 #include <alloca.h>
70 #include <signal.h>
71 #include <wait.h>
72 #include <libtecla.h>
73 #include <libzfs.h>
74 #include <sys/brand.h>
75 #include <libbrand.h>
76 #include <sys/systeminfo.h>
77 #include <libdladm.h>
78 #include <libinetutil.h>
79 #include <pwd.h>
80 #include <inet/ip.h>
81 
82 #include <libzonecfg.h>
83 #include "zonecfg.h"
84 
85 #if !defined(TEXT_DOMAIN)		/* should be defined by cc -D */
86 #define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it wasn't */
87 #endif
88 
89 #define	PAGER	"/usr/bin/more"
90 #define	EXEC_PREFIX	"exec "
91 #define	EXEC_LEN	(strlen(EXEC_PREFIX))
92 
93 struct help {
94 	uint_t	cmd_num;
95 	char	*cmd_name;
96 	uint_t	flags;
97 	char	*short_usage;
98 };
99 
100 extern int yyparse(void);
101 extern int lex_lineno;
102 
103 #define	MAX_LINE_LEN	1024
104 #define	MAX_CMD_HIST	1024
105 #define	MAX_CMD_LEN	1024
106 
107 #define	ONE_MB		1048576
108 
109 /*
110  * Each SHELP_ should be a simple string.
111  */
112 
113 #define	SHELP_ADD	"add <resource-type>\n\t(global scope)\n" \
114 	"add <property-name> <property-value>\n\t(resource scope)"
115 #define	SHELP_CANCEL	"cancel"
116 #define	SHELP_CLEAR	"clear <property-name>"
117 #define	SHELP_COMMIT	"commit"
118 #define	SHELP_CREATE	"create [-F] [ -a <path> | -b | -t <template> ]"
119 #define	SHELP_DELETE	"delete [-F]"
120 #define	SHELP_END	"end"
121 #define	SHELP_EXIT	"exit [-F]"
122 #define	SHELP_EXPORT	"export [-f output-file]"
123 #define	SHELP_HELP	"help [commands] [syntax] [usage] [<command-name>]"
124 #define	SHELP_INFO	"info [<resource-type> [property-name=property-value]*]"
125 #define	SHELP_REMOVE	"remove [-F] <resource-type> " \
126 	"[ <property-name>=<property-value> ]*\n" \
127 	"\t(global scope)\n" \
128 	"remove <property-name> <property-value>\n" \
129 	"\t(resource scope)"
130 #define	SHELP_REVERT	"revert [-F]"
131 #define	SHELP_SELECT	"select <resource-type> { <property-name>=" \
132 	"<property-value> }"
133 #define	SHELP_SET	"set <property-name>=<property-value>"
134 #define	SHELP_VERIFY	"verify"
135 
136 static struct help helptab[] = {
137 	{ CMD_ADD,	"add",		HELP_RES_PROPS,	SHELP_ADD, },
138 	{ CMD_CANCEL,	"cancel",	0,		SHELP_CANCEL, },
139 	{ CMD_CLEAR,	"clear",	HELP_PROPS,	SHELP_CLEAR, },
140 	{ CMD_COMMIT,	"commit",	0,		SHELP_COMMIT, },
141 	{ CMD_CREATE,	"create",	0,		SHELP_CREATE, },
142 	{ CMD_DELETE,	"delete",	0,		SHELP_DELETE, },
143 	{ CMD_END,	"end",		0,		SHELP_END, },
144 	{ CMD_EXIT,	"exit",		0,		SHELP_EXIT, },
145 	{ CMD_EXPORT,	"export",	0,		SHELP_EXPORT, },
146 	{ CMD_HELP,	"help",		0,		SHELP_HELP },
147 	{ CMD_INFO,	"info",		HELP_RES_PROPS,	SHELP_INFO, },
148 	{ CMD_REMOVE,	"remove",	HELP_RES_PROPS,	SHELP_REMOVE, },
149 	{ CMD_REVERT,	"revert",	0,		SHELP_REVERT, },
150 	{ CMD_SELECT,	"select",	HELP_RES_PROPS,	SHELP_SELECT, },
151 	{ CMD_SET,	"set",		HELP_PROPS,	SHELP_SET, },
152 	{ CMD_VERIFY,	"verify",	0,		SHELP_VERIFY, },
153 	{ 0 },
154 };
155 
156 #define	MAX_RT_STRLEN	16
157 
158 /* These *must* match the order of the RT_ define's from zonecfg.h */
159 char *res_types[] = {
160 	"unknown",
161 	"zonename",
162 	"zonepath",
163 	"autoboot",
164 	"pool",
165 	"fs",
166 	"net",
167 	"device",
168 	"rctl",
169 	"attr",
170 	"dataset",
171 	"limitpriv",
172 	"bootargs",
173 	"brand",
174 	"dedicated-cpu",
175 	"capped-memory",
176 	ALIAS_MAXLWPS,
177 	ALIAS_MAXSHMMEM,
178 	ALIAS_MAXSHMIDS,
179 	ALIAS_MAXMSGIDS,
180 	ALIAS_MAXSEMIDS,
181 	ALIAS_SHARES,
182 	"scheduling-class",
183 	"ip-type",
184 	"capped-cpu",
185 	"hostid",
186 	"admin",
187 	"fs-allowed",
188 	ALIAS_MAXPROCS,
189 	NULL
190 };
191 
192 /* These *must* match the order of the PT_ define's from zonecfg.h */
193 char *prop_types[] = {
194 	"unknown",
195 	"zonename",
196 	"zonepath",
197 	"autoboot",
198 	"pool",
199 	"dir",
200 	"special",
201 	"type",
202 	"options",
203 	"address",
204 	"physical",
205 	"name",
206 	"value",
207 	"match",
208 	"priv",
209 	"limit",
210 	"action",
211 	"raw",
212 	"limitpriv",
213 	"bootargs",
214 	"brand",
215 	"ncpus",
216 	"importance",
217 	"swap",
218 	"locked",
219 	ALIAS_SHARES,
220 	ALIAS_MAXLWPS,
221 	ALIAS_MAXSHMMEM,
222 	ALIAS_MAXSHMIDS,
223 	ALIAS_MAXMSGIDS,
224 	ALIAS_MAXSEMIDS,
225 	ALIAS_MAXLOCKEDMEM,
226 	ALIAS_MAXSWAP,
227 	"scheduling-class",
228 	"ip-type",
229 	"defrouter",
230 	"hostid",
231 	"user",
232 	"auths",
233 	"fs-allowed",
234 	ALIAS_MAXPROCS,
235 	"allowed-address",
236 	NULL
237 };
238 
239 /* These *must* match the order of the PROP_VAL_ define's from zonecfg.h */
240 static char *prop_val_types[] = {
241 	"simple",
242 	"complex",
243 	"list",
244 };
245 
246 /*
247  * The various _cmds[] lists below are for command tab-completion.
248  */
249 
250 /*
251  * remove has a space afterwards because it has qualifiers; the other commands
252  * that have qualifiers (add, select, etc.) don't need a space here because
253  * they have their own _cmds[] lists below.
254  */
255 static const char *global_scope_cmds[] = {
256 	"add",
257 	"clear",
258 	"commit",
259 	"create",
260 	"delete",
261 	"exit",
262 	"export",
263 	"help",
264 	"info",
265 	"remove ",
266 	"revert",
267 	"select",
268 	"set",
269 	"verify",
270 	NULL
271 };
272 
273 static const char *add_cmds[] = {
274 	"add fs",
275 	"add net",
276 	"add device",
277 	"add rctl",
278 	"add attr",
279 	"add dataset",
280 	"add dedicated-cpu",
281 	"add capped-cpu",
282 	"add capped-memory",
283 	"add admin",
284 	NULL
285 };
286 
287 static const char *clear_cmds[] = {
288 	"clear autoboot",
289 	"clear pool",
290 	"clear limitpriv",
291 	"clear bootargs",
292 	"clear scheduling-class",
293 	"clear ip-type",
294 	"clear " ALIAS_MAXLWPS,
295 	"clear " ALIAS_MAXSHMMEM,
296 	"clear " ALIAS_MAXSHMIDS,
297 	"clear " ALIAS_MAXMSGIDS,
298 	"clear " ALIAS_MAXSEMIDS,
299 	"clear " ALIAS_SHARES,
300 	"clear " ALIAS_MAXPROCS,
301 	NULL
302 };
303 
304 static const char *remove_cmds[] = {
305 	"remove fs ",
306 	"remove net ",
307 	"remove device ",
308 	"remove rctl ",
309 	"remove attr ",
310 	"remove dataset ",
311 	"remove dedicated-cpu ",
312 	"remove capped-cpu ",
313 	"remove capped-memory ",
314 	"remove admin ",
315 	NULL
316 };
317 
318 static const char *select_cmds[] = {
319 	"select fs ",
320 	"select net ",
321 	"select device ",
322 	"select rctl ",
323 	"select attr ",
324 	"select dataset ",
325 	"select dedicated-cpu",
326 	"select capped-cpu",
327 	"select capped-memory",
328 	"select admin",
329 	NULL
330 };
331 
332 static const char *set_cmds[] = {
333 	"set zonename=",
334 	"set zonepath=",
335 	"set brand=",
336 	"set autoboot=",
337 	"set pool=",
338 	"set limitpriv=",
339 	"set bootargs=",
340 	"set scheduling-class=",
341 	"set ip-type=",
342 	"set " ALIAS_MAXLWPS "=",
343 	"set " ALIAS_MAXSHMMEM "=",
344 	"set " ALIAS_MAXSHMIDS "=",
345 	"set " ALIAS_MAXMSGIDS "=",
346 	"set " ALIAS_MAXSEMIDS "=",
347 	"set " ALIAS_SHARES "=",
348 	"set hostid=",
349 	"set fs-allowed=",
350 	"set " ALIAS_MAXPROCS "=",
351 	NULL
352 };
353 
354 static const char *info_cmds[] = {
355 	"info fs ",
356 	"info net ",
357 	"info device ",
358 	"info rctl ",
359 	"info attr ",
360 	"info dataset ",
361 	"info capped-memory",
362 	"info dedicated-cpu",
363 	"info capped-cpu",
364 	"info zonename",
365 	"info zonepath",
366 	"info autoboot",
367 	"info pool",
368 	"info limitpriv",
369 	"info bootargs",
370 	"info brand",
371 	"info scheduling-class",
372 	"info ip-type",
373 	"info max-lwps",
374 	"info max-shm-memory",
375 	"info max-shm-ids",
376 	"info max-msg-ids",
377 	"info max-sem-ids",
378 	"info cpu-shares",
379 	"info hostid",
380 	"info admin",
381 	"info fs-allowed",
382 	"info max-processes",
383 	NULL
384 };
385 
386 static const char *fs_res_scope_cmds[] = {
387 	"add options ",
388 	"cancel",
389 	"end",
390 	"exit",
391 	"help",
392 	"info",
393 	"remove options ",
394 	"set dir=",
395 	"set raw=",
396 	"set special=",
397 	"set type=",
398 	"clear raw",
399 	NULL
400 };
401 
402 static const char *net_res_scope_cmds[] = {
403 	"cancel",
404 	"end",
405 	"exit",
406 	"help",
407 	"info",
408 	"set address=",
409 	"set physical=",
410 	"set defrouter=",
411 	NULL
412 };
413 
414 static const char *device_res_scope_cmds[] = {
415 	"cancel",
416 	"end",
417 	"exit",
418 	"help",
419 	"info",
420 	"set match=",
421 	NULL
422 };
423 
424 static const char *attr_res_scope_cmds[] = {
425 	"cancel",
426 	"end",
427 	"exit",
428 	"help",
429 	"info",
430 	"set name=",
431 	"set type=",
432 	"set value=",
433 	NULL
434 };
435 
436 static const char *rctl_res_scope_cmds[] = {
437 	"add value ",
438 	"cancel",
439 	"end",
440 	"exit",
441 	"help",
442 	"info",
443 	"remove value ",
444 	"set name=",
445 	NULL
446 };
447 
448 static const char *dataset_res_scope_cmds[] = {
449 	"cancel",
450 	"end",
451 	"exit",
452 	"help",
453 	"info",
454 	"set name=",
455 	NULL
456 };
457 
458 static const char *pset_res_scope_cmds[] = {
459 	"cancel",
460 	"end",
461 	"exit",
462 	"help",
463 	"info",
464 	"set ncpus=",
465 	"set importance=",
466 	"clear importance",
467 	NULL
468 };
469 
470 static const char *pcap_res_scope_cmds[] = {
471 	"cancel",
472 	"end",
473 	"exit",
474 	"help",
475 	"info",
476 	"set ncpus=",
477 	NULL
478 };
479 
480 static const char *mcap_res_scope_cmds[] = {
481 	"cancel",
482 	"end",
483 	"exit",
484 	"help",
485 	"info",
486 	"set physical=",
487 	"set swap=",
488 	"set locked=",
489 	"clear physical",
490 	"clear swap",
491 	"clear locked",
492 	NULL
493 };
494 
495 static const char *admin_res_scope_cmds[] = {
496 	"cancel",
497 	"end",
498 	"exit",
499 	"help",
500 	"info",
501 	"set user=",
502 	"set auths=",
503 	NULL
504 };
505 
506 struct xif {
507 	struct xif	*xif_next;
508 	char		xif_name[LIFNAMSIZ];
509 	boolean_t	xif_has_address;
510 	boolean_t	xif_has_defrouter;
511 };
512 
513 /* Global variables */
514 
515 /* list of network interfaces specified for exclusive IP zone */
516 struct xif *xif;
517 
518 /* set early in main(), never modified thereafter, used all over the place */
519 static char *execname;
520 
521 /* set in main(), used all over the place */
522 static zone_dochandle_t handle;
523 
524 /* used all over the place */
525 static char zone[ZONENAME_MAX];
526 static char revert_zone[ZONENAME_MAX];
527 
528 /* global brand operations */
529 static brand_handle_t brand;
530 
531 /* set in modifying functions, checked in read_input() */
532 static boolean_t need_to_commit = B_FALSE;
533 boolean_t saw_error;
534 
535 /* set in yacc parser, checked in read_input() */
536 boolean_t newline_terminated;
537 
538 /* set in main(), checked in lex error handler */
539 boolean_t cmd_file_mode;
540 
541 /* set in exit_func(), checked in read_input() */
542 static boolean_t time_to_exit = B_FALSE, force_exit = B_FALSE;
543 
544 /* used in short_usage() and zerr() */
545 static char *cmd_file_name = NULL;
546 
547 /* checked in read_input() and other places */
548 static boolean_t ok_to_prompt = B_FALSE;
549 
550 /* set and checked in initialize() */
551 static boolean_t got_handle = B_FALSE;
552 
553 /* initialized in do_interactive(), checked in initialize() */
554 static boolean_t interactive_mode;
555 
556 /* set if configuring the global zone */
557 static boolean_t global_zone = B_FALSE;
558 
559 /* set in main(), checked in multiple places */
560 static boolean_t read_only_mode;
561 
562 /* scope is outer/global or inner/resource */
563 static boolean_t global_scope = B_TRUE;
564 static int resource_scope;	/* should be in the RT_ list from zonecfg.h */
565 static int end_op = -1;		/* operation on end is either add or modify */
566 
567 int num_prop_vals;		/* for grammar */
568 
569 /*
570  * These are for keeping track of resources as they are specified as part of
571  * the multi-step process.  They should be initialized by add_resource() or
572  * select_func() and filled in by add_property() or set_func().
573  */
574 static struct zone_fstab	old_fstab, in_progress_fstab;
575 static struct zone_nwiftab	old_nwiftab, in_progress_nwiftab;
576 static struct zone_devtab	old_devtab, in_progress_devtab;
577 static struct zone_rctltab	old_rctltab, in_progress_rctltab;
578 static struct zone_attrtab	old_attrtab, in_progress_attrtab;
579 static struct zone_dstab	old_dstab, in_progress_dstab;
580 static struct zone_psettab	old_psettab, in_progress_psettab;
581 static struct zone_mcaptab	old_mcaptab, in_progress_mcaptab;
582 static struct zone_admintab	old_admintab, in_progress_admintab;
583 
584 static GetLine *gl;	/* The gl_get_line() resource object */
585 
586 static void bytes_to_units(char *str, char *buf, int bufsize);
587 
588 /* Functions begin here */
589 
590 static boolean_t
591 initial_match(const char *line1, const char *line2, int word_end)
592 {
593 	if (word_end <= 0)
594 		return (B_TRUE);
595 	return (strncmp(line1, line2, word_end) == 0);
596 }
597 
598 static int
599 add_stuff(WordCompletion *cpl, const char *line1, const char **list,
600     int word_end)
601 {
602 	int i, err;
603 
604 	for (i = 0; list[i] != NULL; i++) {
605 		if (initial_match(line1, list[i], word_end)) {
606 			err = cpl_add_completion(cpl, line1, 0, word_end,
607 			    list[i] + word_end, "", "");
608 			if (err != 0)
609 				return (err);
610 		}
611 	}
612 	return (0);
613 }
614 
615 static
616 /* ARGSUSED */
617 CPL_MATCH_FN(cmd_cpl_fn)
618 {
619 	if (global_scope) {
620 		/*
621 		 * The MAX/MIN tests below are to make sure we have at least
622 		 * enough characters to distinguish from other prefixes (MAX)
623 		 * but only check MIN(what we have, what we're checking).
624 		 */
625 		if (strncmp(line, "add ", MAX(MIN(word_end, 4), 1)) == 0)
626 			return (add_stuff(cpl, line, add_cmds, word_end));
627 		if (strncmp(line, "clear ", MAX(MIN(word_end, 6), 2)) == 0)
628 			return (add_stuff(cpl, line, clear_cmds, word_end));
629 		if (strncmp(line, "select ", MAX(MIN(word_end, 7), 3)) == 0)
630 			return (add_stuff(cpl, line, select_cmds, word_end));
631 		if (strncmp(line, "set ", MAX(MIN(word_end, 4), 3)) == 0)
632 			return (add_stuff(cpl, line, set_cmds, word_end));
633 		if (strncmp(line, "remove ", MAX(MIN(word_end, 7), 1)) == 0)
634 			return (add_stuff(cpl, line, remove_cmds, word_end));
635 		if (strncmp(line, "info ", MAX(MIN(word_end, 5), 1)) == 0)
636 			return (add_stuff(cpl, line, info_cmds, word_end));
637 		return (add_stuff(cpl, line, global_scope_cmds, word_end));
638 	}
639 	switch (resource_scope) {
640 	case RT_FS:
641 		return (add_stuff(cpl, line, fs_res_scope_cmds, word_end));
642 	case RT_NET:
643 		return (add_stuff(cpl, line, net_res_scope_cmds, word_end));
644 	case RT_DEVICE:
645 		return (add_stuff(cpl, line, device_res_scope_cmds, word_end));
646 	case RT_RCTL:
647 		return (add_stuff(cpl, line, rctl_res_scope_cmds, word_end));
648 	case RT_ATTR:
649 		return (add_stuff(cpl, line, attr_res_scope_cmds, word_end));
650 	case RT_DATASET:
651 		return (add_stuff(cpl, line, dataset_res_scope_cmds, word_end));
652 	case RT_DCPU:
653 		return (add_stuff(cpl, line, pset_res_scope_cmds, word_end));
654 	case RT_PCAP:
655 		return (add_stuff(cpl, line, pcap_res_scope_cmds, word_end));
656 	case RT_MCAP:
657 		return (add_stuff(cpl, line, mcap_res_scope_cmds, word_end));
658 	case RT_ADMIN:
659 		return (add_stuff(cpl, line, admin_res_scope_cmds, word_end));
660 	}
661 	return (0);
662 }
663 
664 /*
665  * For the main CMD_func() functions below, several of them call getopt()
666  * then check optind against argc to make sure an extra parameter was not
667  * passed in.  The reason this is not caught in the grammar is that the
668  * grammar just checks for a miscellaneous TOKEN, which is *expected* to
669  * be "-F" (for example), but could be anything.  So (for example) this
670  * check will prevent "create bogus".
671  */
672 
673 cmd_t *
674 alloc_cmd(void)
675 {
676 	return (calloc(1, sizeof (cmd_t)));
677 }
678 
679 void
680 free_cmd(cmd_t *cmd)
681 {
682 	int i;
683 
684 	for (i = 0; i < MAX_EQ_PROP_PAIRS; i++)
685 		if (cmd->cmd_property_ptr[i] != NULL) {
686 			property_value_ptr_t pp = cmd->cmd_property_ptr[i];
687 
688 			switch (pp->pv_type) {
689 			case PROP_VAL_SIMPLE:
690 				free(pp->pv_simple);
691 				break;
692 			case PROP_VAL_COMPLEX:
693 				free_complex(pp->pv_complex);
694 				break;
695 			case PROP_VAL_LIST:
696 				free_list(pp->pv_list);
697 				break;
698 			}
699 		}
700 	for (i = 0; i < cmd->cmd_argc; i++)
701 		free(cmd->cmd_argv[i]);
702 	free(cmd);
703 }
704 
705 complex_property_ptr_t
706 alloc_complex(void)
707 {
708 	return (calloc(1, sizeof (complex_property_t)));
709 }
710 
711 void
712 free_complex(complex_property_ptr_t complex)
713 {
714 	if (complex == NULL)
715 		return;
716 	free_complex(complex->cp_next);
717 	if (complex->cp_value != NULL)
718 		free(complex->cp_value);
719 	free(complex);
720 }
721 
722 list_property_ptr_t
723 alloc_list(void)
724 {
725 	return (calloc(1, sizeof (list_property_t)));
726 }
727 
728 void
729 free_list(list_property_ptr_t list)
730 {
731 	if (list == NULL)
732 		return;
733 	if (list->lp_simple != NULL)
734 		free(list->lp_simple);
735 	free_complex(list->lp_complex);
736 	free_list(list->lp_next);
737 	free(list);
738 }
739 
740 void
741 free_outer_list(list_property_ptr_t list)
742 {
743 	if (list == NULL)
744 		return;
745 	free_outer_list(list->lp_next);
746 	free(list);
747 }
748 
749 static struct zone_rctlvaltab *
750 alloc_rctlvaltab(void)
751 {
752 	return (calloc(1, sizeof (struct zone_rctlvaltab)));
753 }
754 
755 static char *
756 rt_to_str(int res_type)
757 {
758 	assert(res_type >= RT_MIN && res_type <= RT_MAX);
759 	return (res_types[res_type]);
760 }
761 
762 static char *
763 pt_to_str(int prop_type)
764 {
765 	assert(prop_type >= PT_MIN && prop_type <= PT_MAX);
766 	return (prop_types[prop_type]);
767 }
768 
769 static char *
770 pvt_to_str(int pv_type)
771 {
772 	assert(pv_type >= PROP_VAL_MIN && pv_type <= PROP_VAL_MAX);
773 	return (prop_val_types[pv_type]);
774 }
775 
776 static char *
777 cmd_to_str(int cmd_num)
778 {
779 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
780 	return (helptab[cmd_num].cmd_name);
781 }
782 
783 /* PRINTFLIKE1 */
784 static void
785 zerr(const char *fmt, ...)
786 {
787 	va_list alist;
788 	static int last_lineno;
789 
790 	/* lex_lineno has already been incremented in the lexer; compensate */
791 	if (cmd_file_mode && lex_lineno > last_lineno) {
792 		if (strcmp(cmd_file_name, "-") == 0)
793 			(void) fprintf(stderr, gettext("On line %d:\n"),
794 			    lex_lineno - 1);
795 		else
796 			(void) fprintf(stderr, gettext("On line %d of %s:\n"),
797 			    lex_lineno - 1, cmd_file_name);
798 		last_lineno = lex_lineno;
799 	}
800 	va_start(alist, fmt);
801 	(void) vfprintf(stderr, fmt, alist);
802 	(void) fprintf(stderr, "\n");
803 	va_end(alist);
804 }
805 
806 /*
807  * This is a separate function rather than a set of define's because of the
808  * gettext() wrapping.
809  */
810 
811 /*
812  * TRANSLATION_NOTE
813  * Each string below should have \t follow \n whenever needed; the
814  * initial \t and the terminal \n will be provided by the calling function.
815  */
816 
817 static char *
818 long_help(int cmd_num)
819 {
820 	static char line[1024];	/* arbitrary large amount */
821 
822 	assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
823 	switch (cmd_num) {
824 		case CMD_HELP:
825 			return (gettext("Prints help message."));
826 		case CMD_CREATE:
827 			(void) snprintf(line, sizeof (line),
828 			    gettext("Creates a configuration for the "
829 			    "specified zone.  %s should be\n\tused to "
830 			    "begin configuring a new zone.  If overwriting an "
831 			    "existing\n\tconfiguration, the -F flag can be "
832 			    "used to force the action.  If\n\t-t template is "
833 			    "given, creates a configuration identical to the\n"
834 			    "\tspecified template, except that the zone name "
835 			    "is changed from\n\ttemplate to zonename.  '%s -a' "
836 			    "creates a configuration from a\n\tdetached "
837 			    "zonepath.  '%s -b' results in a blank "
838 			    "configuration.\n\t'%s' with no arguments applies "
839 			    "the Sun default settings."),
840 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE),
841 			    cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE));
842 			return (line);
843 		case CMD_EXIT:
844 			return (gettext("Exits the program.  The -F flag can "
845 			    "be used to force the action."));
846 		case CMD_EXPORT:
847 			return (gettext("Prints configuration to standard "
848 			    "output, or to output-file if\n\tspecified, in "
849 			    "a form suitable for use in a command-file."));
850 		case CMD_ADD:
851 			return (gettext("Add specified resource to "
852 			    "configuration."));
853 		case CMD_DELETE:
854 			return (gettext("Deletes the specified zone.  The -F "
855 			    "flag can be used to force the\n\taction."));
856 		case CMD_REMOVE:
857 			return (gettext("Remove specified resource from "
858 			    "configuration.  The -F flag can be used\n\tto "
859 			    "force the action."));
860 		case CMD_SELECT:
861 			(void) snprintf(line, sizeof (line),
862 			    gettext("Selects a resource to modify.  "
863 			    "Resource modification is completed\n\twith the "
864 			    "command \"%s\".  The property name/value pairs "
865 			    "must uniquely\n\tidentify a resource.  Note that "
866 			    "the curly braces ('{', '}') mean one\n\tor more "
867 			    "of whatever is between them."),
868 			    cmd_to_str(CMD_END));
869 			return (line);
870 		case CMD_SET:
871 			return (gettext("Sets property values."));
872 		case CMD_CLEAR:
873 			return (gettext("Clears property values."));
874 		case CMD_INFO:
875 			return (gettext("Displays information about the "
876 			    "current configuration.  If resource\n\ttype is "
877 			    "specified, displays only information about "
878 			    "resources of\n\tthe relevant type.  If resource "
879 			    "id is specified, displays only\n\tinformation "
880 			    "about that resource."));
881 		case CMD_VERIFY:
882 			return (gettext("Verifies current configuration "
883 			    "for correctness (some resource types\n\thave "
884 			    "required properties)."));
885 		case CMD_COMMIT:
886 			(void) snprintf(line, sizeof (line),
887 			    gettext("Commits current configuration.  "
888 			    "Configuration must be committed to\n\tbe used by "
889 			    "%s.  Until the configuration is committed, "
890 			    "changes \n\tcan be removed with the %s "
891 			    "command.  This operation is\n\tattempted "
892 			    "automatically upon completion of a %s "
893 			    "session."), "zoneadm", cmd_to_str(CMD_REVERT),
894 			    "zonecfg");
895 			return (line);
896 		case CMD_REVERT:
897 			return (gettext("Reverts configuration back to the "
898 			    "last committed state.  The -F flag\n\tcan be "
899 			    "used to force the action."));
900 		case CMD_CANCEL:
901 			return (gettext("Cancels resource/property "
902 			    "specification."));
903 		case CMD_END:
904 			return (gettext("Ends resource/property "
905 			    "specification."));
906 	}
907 	/* NOTREACHED */
908 	return (NULL);
909 }
910 
911 /*
912  * Called with verbose TRUE when help is explicitly requested, FALSE for
913  * unexpected errors.
914  */
915 
916 void
917 usage(boolean_t verbose, uint_t flags)
918 {
919 	FILE *fp = verbose ? stdout : stderr;
920 	FILE *newfp;
921 	boolean_t need_to_close = B_FALSE;
922 	char *pager, *space;
923 	int i;
924 	struct stat statbuf;
925 
926 	/* don't page error output */
927 	if (verbose && interactive_mode) {
928 		if ((pager = getenv("PAGER")) == NULL)
929 			pager = PAGER;
930 
931 		space = strchr(pager, ' ');
932 		if (space)
933 			*space = '\0';
934 		if (stat(pager, &statbuf) == 0) {
935 			if (space)
936 				*space = ' ';
937 			if ((newfp = popen(pager, "w")) != NULL) {
938 				need_to_close = B_TRUE;
939 				fp = newfp;
940 			}
941 		} else {
942 			zerr(gettext("PAGER %s does not exist (%s)."),
943 			    pager, strerror(errno));
944 		}
945 	}
946 
947 	if (flags & HELP_META) {
948 		(void) fprintf(fp, gettext("More help is available for the "
949 		    "following:\n"));
950 		(void) fprintf(fp, "\n\tcommands ('%s commands')\n",
951 		    cmd_to_str(CMD_HELP));
952 		(void) fprintf(fp, "\tsyntax ('%s syntax')\n",
953 		    cmd_to_str(CMD_HELP));
954 		(void) fprintf(fp, "\tusage ('%s usage')\n\n",
955 		    cmd_to_str(CMD_HELP));
956 		(void) fprintf(fp, gettext("You may also obtain help on any "
957 		    "command by typing '%s <command-name>.'\n"),
958 		    cmd_to_str(CMD_HELP));
959 	}
960 	if (flags & HELP_RES_SCOPE) {
961 		switch (resource_scope) {
962 		case RT_FS:
963 			(void) fprintf(fp, gettext("The '%s' resource scope is "
964 			    "used to configure a file-system.\n"),
965 			    rt_to_str(resource_scope));
966 			(void) fprintf(fp, gettext("Valid commands:\n"));
967 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
968 			    pt_to_str(PT_DIR), gettext("<path>"));
969 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
970 			    pt_to_str(PT_SPECIAL), gettext("<path>"));
971 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
972 			    pt_to_str(PT_RAW), gettext("<raw-device>"));
973 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
974 			    pt_to_str(PT_TYPE), gettext("<file-system type>"));
975 			(void) fprintf(fp, "\t%s %s %s\n", cmd_to_str(CMD_ADD),
976 			    pt_to_str(PT_OPTIONS),
977 			    gettext("<file-system options>"));
978 			(void) fprintf(fp, "\t%s %s %s\n",
979 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_OPTIONS),
980 			    gettext("<file-system options>"));
981 			(void) fprintf(fp, gettext("Consult the file-system "
982 			    "specific manual page, such as mount_ufs(1M), "
983 			    "for\ndetails about file-system options.  Note "
984 			    "that any file-system options with an\nembedded "
985 			    "'=' character must be enclosed in double quotes, "
986 			    /*CSTYLED*/
987 			    "such as \"%s=5\".\n"), MNTOPT_RETRY);
988 			break;
989 		case RT_NET:
990 			(void) fprintf(fp, gettext("The '%s' resource scope is "
991 			    "used to configure a network interface.\n"),
992 			    rt_to_str(resource_scope));
993 			(void) fprintf(fp, gettext("Valid commands:\n"));
994 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
995 			    pt_to_str(PT_ADDRESS), gettext("<IP-address>"));
996 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
997 			    pt_to_str(PT_ALLOWED_ADDRESS),
998 			    gettext("<IP-address>"));
999 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1000 			    pt_to_str(PT_PHYSICAL), gettext("<interface>"));
1001 			(void) fprintf(fp, gettext("See ifconfig(1M) for "
1002 			    "details of the <interface> string.\n"));
1003 			(void) fprintf(fp, gettext("%s %s is valid "
1004 			    "if the %s property is set to %s, otherwise it "
1005 			    "must not be set.\n"),
1006 			    cmd_to_str(CMD_SET), pt_to_str(PT_ADDRESS),
1007 			    pt_to_str(PT_IPTYPE), gettext("shared"));
1008 			(void) fprintf(fp, gettext("%s %s is valid "
1009 			    "if the %s property is set to %s, otherwise it "
1010 			    "must not be set.\n"),
1011 			    cmd_to_str(CMD_SET), pt_to_str(PT_ALLOWED_ADDRESS),
1012 			    pt_to_str(PT_IPTYPE), gettext("exclusive"));
1013 			(void) fprintf(fp, gettext("\t%s %s=%s\n%s %s "
1014 			    "is valid if the %s or %s property is set, "
1015 			    "otherwise it must not be set\n"),
1016 			    cmd_to_str(CMD_SET),
1017 			    pt_to_str(PT_DEFROUTER), gettext("<IP-address>"),
1018 			    cmd_to_str(CMD_SET), pt_to_str(PT_DEFROUTER),
1019 			    gettext(pt_to_str(PT_ADDRESS)),
1020 			    gettext(pt_to_str(PT_ALLOWED_ADDRESS)));
1021 			break;
1022 		case RT_DEVICE:
1023 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1024 			    "used to configure a device node.\n"),
1025 			    rt_to_str(resource_scope));
1026 			(void) fprintf(fp, gettext("Valid commands:\n"));
1027 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1028 			    pt_to_str(PT_MATCH), gettext("<device-path>"));
1029 			break;
1030 		case RT_RCTL:
1031 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1032 			    "used to configure a resource control.\n"),
1033 			    rt_to_str(resource_scope));
1034 			(void) fprintf(fp, gettext("Valid commands:\n"));
1035 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1036 			    pt_to_str(PT_NAME), gettext("<string>"));
1037 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1038 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1039 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1040 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1041 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1042 			(void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1043 			    cmd_to_str(CMD_REMOVE), pt_to_str(PT_VALUE),
1044 			    pt_to_str(PT_PRIV), gettext("<priv-value>"),
1045 			    pt_to_str(PT_LIMIT), gettext("<number>"),
1046 			    pt_to_str(PT_ACTION), gettext("<action-value>"));
1047 			(void) fprintf(fp, "%s\n\t%s := privileged\n"
1048 			    "\t%s := none | deny\n", gettext("Where"),
1049 			    gettext("<priv-value>"), gettext("<action-value>"));
1050 			break;
1051 		case RT_ATTR:
1052 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1053 			    "used to configure a generic attribute.\n"),
1054 			    rt_to_str(resource_scope));
1055 			(void) fprintf(fp, gettext("Valid commands:\n"));
1056 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1057 			    pt_to_str(PT_NAME), gettext("<name>"));
1058 			(void) fprintf(fp, "\t%s %s=boolean\n",
1059 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1060 			(void) fprintf(fp, "\t%s %s=true | false\n",
1061 			    cmd_to_str(CMD_SET), pt_to_str(PT_VALUE));
1062 			(void) fprintf(fp, gettext("or\n"));
1063 			(void) fprintf(fp, "\t%s %s=int\n", cmd_to_str(CMD_SET),
1064 			    pt_to_str(PT_TYPE));
1065 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1066 			    pt_to_str(PT_VALUE), gettext("<integer>"));
1067 			(void) fprintf(fp, gettext("or\n"));
1068 			(void) fprintf(fp, "\t%s %s=string\n",
1069 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1070 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1071 			    pt_to_str(PT_VALUE), gettext("<string>"));
1072 			(void) fprintf(fp, gettext("or\n"));
1073 			(void) fprintf(fp, "\t%s %s=uint\n",
1074 			    cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1075 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1076 			    pt_to_str(PT_VALUE), gettext("<unsigned integer>"));
1077 			break;
1078 		case RT_DATASET:
1079 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1080 			    "used to export ZFS datasets.\n"),
1081 			    rt_to_str(resource_scope));
1082 			(void) fprintf(fp, gettext("Valid commands:\n"));
1083 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1084 			    pt_to_str(PT_NAME), gettext("<name>"));
1085 			break;
1086 		case RT_DCPU:
1087 			(void) fprintf(fp, gettext("The '%s' resource scope "
1088 			    "configures the 'pools' facility to dedicate\na "
1089 			    "subset of the system's processors to this zone "
1090 			    "while it is running.\n"),
1091 			    rt_to_str(resource_scope));
1092 			(void) fprintf(fp, gettext("Valid commands:\n"));
1093 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1094 			    pt_to_str(PT_NCPUS),
1095 			    gettext("<unsigned integer | range>"));
1096 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1097 			    pt_to_str(PT_IMPORTANCE),
1098 			    gettext("<unsigned integer>"));
1099 			break;
1100 		case RT_PCAP:
1101 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1102 			    "used to set an upper limit (a cap) on the\n"
1103 			    "percentage of CPU that can be used by this zone.  "
1104 			    "A '%s' value of 1\ncorresponds to one cpu.  The "
1105 			    "value can be set higher than 1, up to the total\n"
1106 			    "number of CPUs on the system.  The value can "
1107 			    "also be less than 1,\nrepresenting a fraction of "
1108 			    "a cpu.\n"),
1109 			    rt_to_str(resource_scope), pt_to_str(PT_NCPUS));
1110 			(void) fprintf(fp, gettext("Valid commands:\n"));
1111 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1112 			    pt_to_str(PT_NCPUS), gettext("<unsigned decimal>"));
1113 			break;
1114 		case RT_MCAP:
1115 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1116 			    "used to set an upper limit (a cap) on the\n"
1117 			    "amount of physical memory, swap space and locked "
1118 			    "memory that can be used by\nthis zone.\n"),
1119 			    rt_to_str(resource_scope));
1120 			(void) fprintf(fp, gettext("Valid commands:\n"));
1121 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1122 			    pt_to_str(PT_PHYSICAL),
1123 			    gettext("<qualified unsigned decimal>"));
1124 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1125 			    pt_to_str(PT_SWAP),
1126 			    gettext("<qualified unsigned decimal>"));
1127 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1128 			    pt_to_str(PT_LOCKED),
1129 			    gettext("<qualified unsigned decimal>"));
1130 			break;
1131 		case RT_ADMIN:
1132 			(void) fprintf(fp, gettext("The '%s' resource scope is "
1133 			    "used to delegate specific zone management\n"
1134 			    "rights to users and roles. These rights are "
1135 			    "only applicable to this zone.\n"),
1136 			    rt_to_str(resource_scope));
1137 			(void) fprintf(fp, gettext("Valid commands:\n"));
1138 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1139 			    pt_to_str(PT_USER),
1140 			    gettext("<single user or role name>"));
1141 			(void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1142 			    pt_to_str(PT_AUTHS),
1143 			    gettext("<comma separated list>"));
1144 			break;
1145 		}
1146 		(void) fprintf(fp, gettext("And from any resource scope, you "
1147 		    "can:\n"));
1148 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_END),
1149 		    gettext("(to conclude this operation)"));
1150 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_CANCEL),
1151 		    gettext("(to cancel this operation)"));
1152 		(void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_EXIT),
1153 		    gettext("(to exit the zonecfg utility)"));
1154 	}
1155 	if (flags & HELP_USAGE) {
1156 		(void) fprintf(fp, "%s:\t%s %s\n", gettext("usage"),
1157 		    execname, cmd_to_str(CMD_HELP));
1158 		(void) fprintf(fp, "\t%s -z <zone>\t\t\t(%s)\n",
1159 		    execname, gettext("interactive"));
1160 		(void) fprintf(fp, "\t%s -z <zone> <command>\n", execname);
1161 		(void) fprintf(fp, "\t%s -z <zone> -f <command-file>\n",
1162 		    execname);
1163 	}
1164 	if (flags & HELP_SUBCMDS) {
1165 		(void) fprintf(fp, "%s:\n\n", gettext("Commands"));
1166 		for (i = 0; i <= CMD_MAX; i++) {
1167 			(void) fprintf(fp, "%s\n", helptab[i].short_usage);
1168 			if (verbose)
1169 				(void) fprintf(fp, "\t%s\n\n", long_help(i));
1170 		}
1171 	}
1172 	if (flags & HELP_SYNTAX) {
1173 		if (!verbose)
1174 			(void) fprintf(fp, "\n");
1175 		(void) fprintf(fp, "<zone> := [A-Za-z0-9][A-Za-z0-9_.-]*\n");
1176 		(void) fprintf(fp, gettext("\t(except the reserved words "
1177 		    "'%s' and anything starting with '%s')\n"), "global",
1178 		    "SUNW");
1179 		(void) fprintf(fp,
1180 		    gettext("\tName must be less than %d characters.\n"),
1181 		    ZONENAME_MAX);
1182 		if (verbose)
1183 			(void) fprintf(fp, "\n");
1184 	}
1185 	if (flags & HELP_NETADDR) {
1186 		(void) fprintf(fp, gettext("\n<net-addr> :="));
1187 		(void) fprintf(fp,
1188 		    gettext("\t<IPv4-address>[/<IPv4-prefix-length>] |\n"));
1189 		(void) fprintf(fp,
1190 		    gettext("\t\t<IPv6-address>/<IPv6-prefix-length> |\n"));
1191 		(void) fprintf(fp,
1192 		    gettext("\t\t<hostname>[/<IPv4-prefix-length>]\n"));
1193 		(void) fprintf(fp, gettext("See inet(3SOCKET) for IPv4 and "
1194 		    "IPv6 address syntax.\n"));
1195 		(void) fprintf(fp, gettext("<IPv4-prefix-length> := [0-32]\n"));
1196 		(void) fprintf(fp,
1197 		    gettext("<IPv6-prefix-length> := [0-128]\n"));
1198 		(void) fprintf(fp,
1199 		    gettext("<hostname> := [A-Za-z0-9][A-Za-z0-9-.]*\n"));
1200 	}
1201 	if (flags & HELP_RESOURCES) {
1202 		(void) fprintf(fp, "<%s> := %s | %s | %s | %s | %s |\n\t"
1203 		    "%s | %s | %s | %s | %s\n\n",
1204 		    gettext("resource type"), rt_to_str(RT_FS),
1205 		    rt_to_str(RT_NET), rt_to_str(RT_DEVICE),
1206 		    rt_to_str(RT_RCTL), rt_to_str(RT_ATTR),
1207 		    rt_to_str(RT_DATASET), rt_to_str(RT_DCPU),
1208 		    rt_to_str(RT_PCAP), rt_to_str(RT_MCAP),
1209 		    rt_to_str(RT_ADMIN));
1210 	}
1211 	if (flags & HELP_PROPS) {
1212 		(void) fprintf(fp, gettext("For resource type ... there are "
1213 		    "property types ...:\n"));
1214 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1215 		    pt_to_str(PT_ZONENAME));
1216 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1217 		    pt_to_str(PT_ZONEPATH));
1218 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1219 		    pt_to_str(PT_BRAND));
1220 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1221 		    pt_to_str(PT_AUTOBOOT));
1222 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1223 		    pt_to_str(PT_BOOTARGS));
1224 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1225 		    pt_to_str(PT_POOL));
1226 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1227 		    pt_to_str(PT_LIMITPRIV));
1228 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1229 		    pt_to_str(PT_SCHED));
1230 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1231 		    pt_to_str(PT_IPTYPE));
1232 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1233 		    pt_to_str(PT_HOSTID));
1234 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1235 		    pt_to_str(PT_FS_ALLOWED));
1236 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1237 		    pt_to_str(PT_MAXLWPS));
1238 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1239 		    pt_to_str(PT_MAXPROCS));
1240 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1241 		    pt_to_str(PT_MAXSHMMEM));
1242 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1243 		    pt_to_str(PT_MAXSHMIDS));
1244 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1245 		    pt_to_str(PT_MAXMSGIDS));
1246 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1247 		    pt_to_str(PT_MAXSEMIDS));
1248 		(void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1249 		    pt_to_str(PT_SHARES));
1250 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s, %s, %s\n",
1251 		    rt_to_str(RT_FS), pt_to_str(PT_DIR),
1252 		    pt_to_str(PT_SPECIAL), pt_to_str(PT_RAW),
1253 		    pt_to_str(PT_TYPE), pt_to_str(PT_OPTIONS));
1254 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s|%s\n", rt_to_str(RT_NET),
1255 		    pt_to_str(PT_ADDRESS), pt_to_str(PT_ALLOWED_ADDRESS),
1256 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_DEFROUTER));
1257 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DEVICE),
1258 		    pt_to_str(PT_MATCH));
1259 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_RCTL),
1260 		    pt_to_str(PT_NAME), pt_to_str(PT_VALUE));
1261 		(void) fprintf(fp, "\t%s\t\t%s, %s, %s\n", rt_to_str(RT_ATTR),
1262 		    pt_to_str(PT_NAME), pt_to_str(PT_TYPE),
1263 		    pt_to_str(PT_VALUE));
1264 		(void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DATASET),
1265 		    pt_to_str(PT_NAME));
1266 		(void) fprintf(fp, "\t%s\t%s, %s\n", rt_to_str(RT_DCPU),
1267 		    pt_to_str(PT_NCPUS), pt_to_str(PT_IMPORTANCE));
1268 		(void) fprintf(fp, "\t%s\t%s\n", rt_to_str(RT_PCAP),
1269 		    pt_to_str(PT_NCPUS));
1270 		(void) fprintf(fp, "\t%s\t%s, %s, %s\n", rt_to_str(RT_MCAP),
1271 		    pt_to_str(PT_PHYSICAL), pt_to_str(PT_SWAP),
1272 		    pt_to_str(PT_LOCKED));
1273 		(void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_ADMIN),
1274 		    pt_to_str(PT_USER), pt_to_str(PT_AUTHS));
1275 	}
1276 	if (need_to_close)
1277 		(void) pclose(fp);
1278 }
1279 
1280 static void
1281 zone_perror(char *prefix, int err, boolean_t set_saw)
1282 {
1283 	zerr("%s: %s", prefix, zonecfg_strerror(err));
1284 	if (set_saw)
1285 		saw_error = B_TRUE;
1286 }
1287 
1288 /*
1289  * zone_perror() expects a single string, but for remove and select
1290  * we have both the command and the resource type, so this wrapper
1291  * function serves the same purpose in a slightly different way.
1292  */
1293 
1294 static void
1295 z_cmd_rt_perror(int cmd_num, int res_num, int err, boolean_t set_saw)
1296 {
1297 	zerr("%s %s: %s", cmd_to_str(cmd_num), rt_to_str(res_num),
1298 	    zonecfg_strerror(err));
1299 	if (set_saw)
1300 		saw_error = B_TRUE;
1301 }
1302 
1303 /* returns Z_OK if successful, Z_foo from <libzonecfg.h> otherwise */
1304 static int
1305 initialize(boolean_t handle_expected)
1306 {
1307 	int err;
1308 	char brandname[MAXNAMELEN];
1309 
1310 	if (zonecfg_check_handle(handle) != Z_OK) {
1311 		if ((err = zonecfg_get_handle(zone, handle)) == Z_OK) {
1312 			got_handle = B_TRUE;
1313 			if (zonecfg_get_brand(handle, brandname,
1314 			    sizeof (brandname)) != Z_OK) {
1315 				zerr("Zone %s is inconsistent: missing "
1316 				    "brand attribute", zone);
1317 				exit(Z_ERR);
1318 			}
1319 			if ((brand = brand_open(brandname)) == NULL) {
1320 				zerr("Zone %s uses non-existent brand \"%s\"."
1321 				    "  Unable to continue", zone, brandname);
1322 				exit(Z_ERR);
1323 			}
1324 			/*
1325 			 * If the user_attr file is newer than
1326 			 * the zone config file, the admins
1327 			 * may need to be updated since the
1328 			 * RBAC files are authoritative for
1329 			 * authorization checks.
1330 			 */
1331 			err = zonecfg_update_userauths(handle, zone);
1332 			if (err == Z_OK) {
1333 				zerr(gettext("The administrative rights "
1334 				    "were updated to match "
1335 				    "the current RBAC configuration.\n"
1336 				    "Use \"info admin\" and \"revert\" to "
1337 				    "compare with the previous settings."));
1338 				need_to_commit = B_TRUE;
1339 			} else if (err != Z_NO_ENTRY) {
1340 				zerr(gettext("failed to update "
1341 				    "admin  rights."));
1342 				exit(Z_ERR);
1343 			} else if (need_to_commit) {
1344 				zerr(gettext("admin rights were updated "
1345 				    "to match RBAC configuration."));
1346 			}
1347 
1348 		} else if (global_zone && err == Z_NO_ZONE && !got_handle &&
1349 		    !read_only_mode) {
1350 			/*
1351 			 * We implicitly create the global zone config if it
1352 			 * doesn't exist.
1353 			 */
1354 			zone_dochandle_t tmphandle;
1355 
1356 			if ((tmphandle = zonecfg_init_handle()) == NULL) {
1357 				zone_perror(execname, Z_NOMEM, B_TRUE);
1358 				exit(Z_ERR);
1359 			}
1360 
1361 			err = zonecfg_get_template_handle("SUNWblank", zone,
1362 			    tmphandle);
1363 
1364 			if (err != Z_OK) {
1365 				zonecfg_fini_handle(tmphandle);
1366 				zone_perror("SUNWblank", err, B_TRUE);
1367 				return (err);
1368 			}
1369 
1370 			need_to_commit = B_TRUE;
1371 			zonecfg_fini_handle(handle);
1372 			handle = tmphandle;
1373 			got_handle = B_TRUE;
1374 
1375 		} else {
1376 			zone_perror(zone, err, handle_expected || got_handle);
1377 			if (err == Z_NO_ZONE && !got_handle &&
1378 			    interactive_mode && !read_only_mode)
1379 				(void) printf(gettext("Use '%s' to begin "
1380 				    "configuring a new zone.\n"),
1381 				    cmd_to_str(CMD_CREATE));
1382 			return (err);
1383 		}
1384 	}
1385 	return (Z_OK);
1386 }
1387 
1388 static boolean_t
1389 state_atleast(zone_state_t state)
1390 {
1391 	zone_state_t state_num;
1392 	int err;
1393 
1394 	if ((err = zone_get_state(zone, &state_num)) != Z_OK) {
1395 		/* all states are greater than "non-existent" */
1396 		if (err == Z_NO_ZONE)
1397 			return (B_FALSE);
1398 		zerr(gettext("Unexpectedly failed to determine state "
1399 		    "of zone %s: %s"), zone, zonecfg_strerror(err));
1400 		exit(Z_ERR);
1401 	}
1402 	return (state_num >= state);
1403 }
1404 
1405 /*
1406  * short_usage() is for bad syntax: getopt() issues, too many arguments, etc.
1407  */
1408 
1409 void
1410 short_usage(int command)
1411 {
1412 	/* lex_lineno has already been incremented in the lexer; compensate */
1413 	if (cmd_file_mode) {
1414 		if (strcmp(cmd_file_name, "-") == 0)
1415 			(void) fprintf(stderr,
1416 			    gettext("syntax error on line %d\n"),
1417 			    lex_lineno - 1);
1418 		else
1419 			(void) fprintf(stderr,
1420 			    gettext("syntax error on line %d of %s\n"),
1421 			    lex_lineno - 1, cmd_file_name);
1422 	}
1423 	(void) fprintf(stderr, "%s:\n%s\n", gettext("usage"),
1424 	    helptab[command].short_usage);
1425 	saw_error = B_TRUE;
1426 }
1427 
1428 /*
1429  * long_usage() is for bad semantics: e.g., wrong property type for a given
1430  * resource type.  It is also used by longer_usage() below.
1431  */
1432 
1433 void
1434 long_usage(uint_t cmd_num, boolean_t set_saw)
1435 {
1436 	(void) fprintf(set_saw ? stderr : stdout, "%s:\n%s\n", gettext("usage"),
1437 	    helptab[cmd_num].short_usage);
1438 	(void) fprintf(set_saw ? stderr : stdout, "\t%s\n", long_help(cmd_num));
1439 	if (set_saw)
1440 		saw_error = B_TRUE;
1441 }
1442 
1443 /*
1444  * longer_usage() is for 'help foo' and 'foo -?': call long_usage() and also
1445  * any extra usage() flags as appropriate for whatever command.
1446  */
1447 
1448 void
1449 longer_usage(uint_t cmd_num)
1450 {
1451 	long_usage(cmd_num, B_FALSE);
1452 	if (helptab[cmd_num].flags != 0) {
1453 		(void) printf("\n");
1454 		usage(B_TRUE, helptab[cmd_num].flags);
1455 	}
1456 }
1457 
1458 /*
1459  * scope_usage() is simply used when a command is called from the wrong scope.
1460  */
1461 
1462 static void
1463 scope_usage(uint_t cmd_num)
1464 {
1465 	zerr(gettext("The %s command only makes sense in the %s scope."),
1466 	    cmd_to_str(cmd_num),
1467 	    global_scope ?  gettext("resource") : gettext("global"));
1468 	saw_error = B_TRUE;
1469 }
1470 
1471 /*
1472  * On input, B_TRUE => yes, B_FALSE => no.
1473  * On return, B_TRUE => 1, B_FALSE => no, could not ask => -1.
1474  */
1475 
1476 static int
1477 ask_yesno(boolean_t default_answer, const char *question)
1478 {
1479 	char line[64];	/* should be enough to answer yes or no */
1480 
1481 	if (!ok_to_prompt) {
1482 		saw_error = B_TRUE;
1483 		return (-1);
1484 	}
1485 	for (;;) {
1486 		if (printf("%s (%s)? ", question,
1487 		    default_answer ? "[y]/n" : "y/[n]") < 0)
1488 			return (-1);
1489 		if (fgets(line, sizeof (line), stdin) == NULL)
1490 			return (-1);
1491 
1492 		if (line[0] == '\n')
1493 			return (default_answer ? 1 : 0);
1494 		if (tolower(line[0]) == 'y')
1495 			return (1);
1496 		if (tolower(line[0]) == 'n')
1497 			return (0);
1498 	}
1499 }
1500 
1501 /*
1502  * Prints warning if zone already exists.
1503  * In interactive mode, prompts if we should continue anyway and returns Z_OK
1504  * if so, Z_ERR if not.  In non-interactive mode, exits with Z_ERR.
1505  *
1506  * Note that if a zone exists and its state is >= INSTALLED, an error message
1507  * will be printed and this function will return Z_ERR regardless of mode.
1508  */
1509 
1510 static int
1511 check_if_zone_already_exists(boolean_t force)
1512 {
1513 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
1514 	zone_dochandle_t tmphandle;
1515 	int res, answer;
1516 
1517 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1518 		zone_perror(execname, Z_NOMEM, B_TRUE);
1519 		exit(Z_ERR);
1520 	}
1521 	res = zonecfg_get_handle(zone, tmphandle);
1522 	zonecfg_fini_handle(tmphandle);
1523 	if (res != Z_OK)
1524 		return (Z_OK);
1525 
1526 	if (state_atleast(ZONE_STATE_INSTALLED)) {
1527 		zerr(gettext("Zone %s already installed; %s not allowed."),
1528 		    zone, cmd_to_str(CMD_CREATE));
1529 		return (Z_ERR);
1530 	}
1531 
1532 	if (force) {
1533 		(void) printf(gettext("Zone %s already exists; overwriting.\n"),
1534 		    zone);
1535 		return (Z_OK);
1536 	}
1537 	(void) snprintf(line, sizeof (line),
1538 	    gettext("Zone %s already exists; %s anyway"), zone,
1539 	    cmd_to_str(CMD_CREATE));
1540 	if ((answer = ask_yesno(B_FALSE, line)) == -1) {
1541 		zerr(gettext("Zone exists, input not from terminal and -F not "
1542 		    "specified:\n%s command ignored, exiting."),
1543 		    cmd_to_str(CMD_CREATE));
1544 		exit(Z_ERR);
1545 	}
1546 	return (answer == 1 ? Z_OK : Z_ERR);
1547 }
1548 
1549 static boolean_t
1550 zone_is_read_only(int cmd_num)
1551 {
1552 	if (strncmp(zone, "SUNW", 4) == 0) {
1553 		zerr(gettext("%s: zones beginning with SUNW are read-only."),
1554 		    zone);
1555 		saw_error = B_TRUE;
1556 		return (B_TRUE);
1557 	}
1558 	if (read_only_mode) {
1559 		zerr(gettext("%s: cannot %s in read-only mode."), zone,
1560 		    cmd_to_str(cmd_num));
1561 		saw_error = B_TRUE;
1562 		return (B_TRUE);
1563 	}
1564 	return (B_FALSE);
1565 }
1566 
1567 /*
1568  * Create a new configuration.
1569  */
1570 void
1571 create_func(cmd_t *cmd)
1572 {
1573 	int err, arg;
1574 	char zone_template[ZONENAME_MAX];
1575 	char attach_path[MAXPATHLEN];
1576 	zone_dochandle_t tmphandle;
1577 	boolean_t force = B_FALSE;
1578 	boolean_t attach = B_FALSE;
1579 	boolean_t arg_err = B_FALSE;
1580 
1581 	assert(cmd != NULL);
1582 
1583 	/* This is the default if no arguments are given. */
1584 	(void) strlcpy(zone_template, "SUNWdefault", sizeof (zone_template));
1585 
1586 	optind = 0;
1587 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?a:bFt:"))
1588 	    != EOF) {
1589 		switch (arg) {
1590 		case '?':
1591 			if (optopt == '?')
1592 				longer_usage(CMD_CREATE);
1593 			else
1594 				short_usage(CMD_CREATE);
1595 			arg_err = B_TRUE;
1596 			break;
1597 		case 'a':
1598 			(void) strlcpy(attach_path, optarg,
1599 			    sizeof (attach_path));
1600 			attach = B_TRUE;
1601 			break;
1602 		case 'b':
1603 			(void) strlcpy(zone_template, "SUNWblank",
1604 			    sizeof (zone_template));
1605 			break;
1606 		case 'F':
1607 			force = B_TRUE;
1608 			break;
1609 		case 't':
1610 			(void) strlcpy(zone_template, optarg,
1611 			    sizeof (zone_template));
1612 			break;
1613 		default:
1614 			short_usage(CMD_CREATE);
1615 			arg_err = B_TRUE;
1616 			break;
1617 		}
1618 	}
1619 	if (arg_err)
1620 		return;
1621 
1622 	if (optind != cmd->cmd_argc) {
1623 		short_usage(CMD_CREATE);
1624 		return;
1625 	}
1626 
1627 	if (zone_is_read_only(CMD_CREATE))
1628 		return;
1629 
1630 	if (check_if_zone_already_exists(force) != Z_OK)
1631 		return;
1632 
1633 	/*
1634 	 * Get a temporary handle first.  If that fails, the old handle
1635 	 * will not be lost.  Then finish whichever one we don't need,
1636 	 * to avoid leaks.  Then get the handle for zone_template, and
1637 	 * set the name to zone: this "copy, rename" method is how
1638 	 * create -[b|t] works.
1639 	 */
1640 	if ((tmphandle = zonecfg_init_handle()) == NULL) {
1641 		zone_perror(execname, Z_NOMEM, B_TRUE);
1642 		exit(Z_ERR);
1643 	}
1644 
1645 	if (attach)
1646 		err = zonecfg_get_attach_handle(attach_path, ZONE_DETACHED,
1647 		    zone, B_FALSE, tmphandle);
1648 	else
1649 		err = zonecfg_get_template_handle(zone_template, zone,
1650 		    tmphandle);
1651 
1652 	if (err != Z_OK) {
1653 		zonecfg_fini_handle(tmphandle);
1654 		if (attach && err == Z_NO_ZONE)
1655 			(void) fprintf(stderr, gettext("invalid path to "
1656 			    "detached zone\n"));
1657 		else if (attach && err == Z_INVALID_DOCUMENT)
1658 			(void) fprintf(stderr, gettext("Cannot attach to an "
1659 			    "earlier release of the operating system\n"));
1660 		else
1661 			zone_perror(zone_template, err, B_TRUE);
1662 		return;
1663 	}
1664 
1665 	need_to_commit = B_TRUE;
1666 	zonecfg_fini_handle(handle);
1667 	handle = tmphandle;
1668 	got_handle = B_TRUE;
1669 }
1670 
1671 /*
1672  * This malloc()'s memory, which must be freed by the caller.
1673  */
1674 static char *
1675 quoteit(char *instr)
1676 {
1677 	char *outstr;
1678 	size_t outstrsize = strlen(instr) + 3;	/* 2 quotes + '\0' */
1679 
1680 	if ((outstr = malloc(outstrsize)) == NULL) {
1681 		zone_perror(zone, Z_NOMEM, B_FALSE);
1682 		exit(Z_ERR);
1683 	}
1684 	if (strchr(instr, ' ') == NULL) {
1685 		(void) strlcpy(outstr, instr, outstrsize);
1686 		return (outstr);
1687 	}
1688 	(void) snprintf(outstr, outstrsize, "\"%s\"", instr);
1689 	return (outstr);
1690 }
1691 
1692 static void
1693 export_prop(FILE *of, int prop_num, char *prop_id)
1694 {
1695 	char *quote_str;
1696 
1697 	if (strlen(prop_id) == 0)
1698 		return;
1699 	quote_str = quoteit(prop_id);
1700 	(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1701 	    pt_to_str(prop_num), quote_str);
1702 	free(quote_str);
1703 }
1704 
1705 void
1706 export_func(cmd_t *cmd)
1707 {
1708 	struct zone_nwiftab nwiftab;
1709 	struct zone_fstab fstab;
1710 	struct zone_devtab devtab;
1711 	struct zone_attrtab attrtab;
1712 	struct zone_rctltab rctltab;
1713 	struct zone_dstab dstab;
1714 	struct zone_psettab psettab;
1715 	struct zone_mcaptab mcaptab;
1716 	struct zone_rctlvaltab *valptr;
1717 	struct zone_admintab admintab;
1718 	int err, arg;
1719 	char zonepath[MAXPATHLEN], outfile[MAXPATHLEN], pool[MAXNAMELEN];
1720 	char bootargs[BOOTARGS_MAX];
1721 	char sched[MAXNAMELEN];
1722 	char brand[MAXNAMELEN];
1723 	char hostidp[HW_HOSTID_LEN];
1724 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
1725 	char *limitpriv;
1726 	FILE *of;
1727 	boolean_t autoboot;
1728 	zone_iptype_t iptype;
1729 	boolean_t need_to_close = B_FALSE;
1730 	boolean_t arg_err = B_FALSE;
1731 
1732 	assert(cmd != NULL);
1733 
1734 	outfile[0] = '\0';
1735 	optind = 0;
1736 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?f:")) != EOF) {
1737 		switch (arg) {
1738 		case '?':
1739 			if (optopt == '?')
1740 				longer_usage(CMD_EXPORT);
1741 			else
1742 				short_usage(CMD_EXPORT);
1743 			arg_err = B_TRUE;
1744 			break;
1745 		case 'f':
1746 			(void) strlcpy(outfile, optarg, sizeof (outfile));
1747 			break;
1748 		default:
1749 			short_usage(CMD_EXPORT);
1750 			arg_err = B_TRUE;
1751 			break;
1752 		}
1753 	}
1754 	if (arg_err)
1755 		return;
1756 
1757 	if (optind != cmd->cmd_argc) {
1758 		short_usage(CMD_EXPORT);
1759 		return;
1760 	}
1761 	if (strlen(outfile) == 0) {
1762 		of = stdout;
1763 	} else {
1764 		if ((of = fopen(outfile, "w")) == NULL) {
1765 			zerr(gettext("opening file %s: %s"),
1766 			    outfile, strerror(errno));
1767 			goto done;
1768 		}
1769 		setbuf(of, NULL);
1770 		need_to_close = B_TRUE;
1771 	}
1772 
1773 	if ((err = initialize(B_TRUE)) != Z_OK)
1774 		goto done;
1775 
1776 	(void) fprintf(of, "%s -b\n", cmd_to_str(CMD_CREATE));
1777 
1778 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK &&
1779 	    strlen(zonepath) > 0)
1780 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1781 		    pt_to_str(PT_ZONEPATH), zonepath);
1782 
1783 	if ((zone_get_brand(zone, brand, sizeof (brand)) == Z_OK) &&
1784 	    (strcmp(brand, NATIVE_BRAND_NAME) != 0))
1785 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1786 		    pt_to_str(PT_BRAND), brand);
1787 
1788 	if (zonecfg_get_autoboot(handle, &autoboot) == Z_OK)
1789 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1790 		    pt_to_str(PT_AUTOBOOT), autoboot ? "true" : "false");
1791 
1792 	if (zonecfg_get_bootargs(handle, bootargs, sizeof (bootargs)) == Z_OK &&
1793 	    strlen(bootargs) > 0) {
1794 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1795 		    pt_to_str(PT_BOOTARGS), bootargs);
1796 	}
1797 
1798 	if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
1799 	    strlen(pool) > 0)
1800 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1801 		    pt_to_str(PT_POOL), pool);
1802 
1803 	if (zonecfg_get_limitpriv(handle, &limitpriv) == Z_OK &&
1804 	    strlen(limitpriv) > 0) {
1805 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1806 		    pt_to_str(PT_LIMITPRIV), limitpriv);
1807 		free(limitpriv);
1808 	}
1809 
1810 	if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
1811 	    strlen(sched) > 0)
1812 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1813 		    pt_to_str(PT_SCHED), sched);
1814 
1815 	if (zonecfg_get_iptype(handle, &iptype) == Z_OK) {
1816 		switch (iptype) {
1817 		case ZS_SHARED:
1818 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1819 			    pt_to_str(PT_IPTYPE), "shared");
1820 			break;
1821 		case ZS_EXCLUSIVE:
1822 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1823 			    pt_to_str(PT_IPTYPE), "exclusive");
1824 			break;
1825 		}
1826 	}
1827 
1828 	if (zonecfg_get_hostid(handle, hostidp, sizeof (hostidp)) == Z_OK) {
1829 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1830 		    pt_to_str(PT_HOSTID), hostidp);
1831 	}
1832 
1833 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
1834 	    sizeof (fsallowedp)) == Z_OK) {
1835 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1836 		    pt_to_str(PT_FS_ALLOWED), fsallowedp);
1837 	}
1838 
1839 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
1840 		zone_perror(zone, err, B_FALSE);
1841 		goto done;
1842 	}
1843 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1844 		zone_fsopt_t *optptr;
1845 
1846 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1847 		    rt_to_str(RT_FS));
1848 		export_prop(of, PT_DIR, fstab.zone_fs_dir);
1849 		export_prop(of, PT_SPECIAL, fstab.zone_fs_special);
1850 		export_prop(of, PT_RAW, fstab.zone_fs_raw);
1851 		export_prop(of, PT_TYPE, fstab.zone_fs_type);
1852 		for (optptr = fstab.zone_fs_options; optptr != NULL;
1853 		    optptr = optptr->zone_fsopt_next) {
1854 			/*
1855 			 * Simple property values with embedded equal signs
1856 			 * need to be quoted to prevent the lexer from
1857 			 * mis-parsing them as complex name=value pairs.
1858 			 */
1859 			if (strchr(optptr->zone_fsopt_opt, '='))
1860 				(void) fprintf(of, "%s %s \"%s\"\n",
1861 				    cmd_to_str(CMD_ADD),
1862 				    pt_to_str(PT_OPTIONS),
1863 				    optptr->zone_fsopt_opt);
1864 			else
1865 				(void) fprintf(of, "%s %s %s\n",
1866 				    cmd_to_str(CMD_ADD),
1867 				    pt_to_str(PT_OPTIONS),
1868 				    optptr->zone_fsopt_opt);
1869 		}
1870 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1871 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
1872 	}
1873 	(void) zonecfg_endfsent(handle);
1874 
1875 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
1876 		zone_perror(zone, err, B_FALSE);
1877 		goto done;
1878 	}
1879 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
1880 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1881 		    rt_to_str(RT_NET));
1882 		export_prop(of, PT_ADDRESS, nwiftab.zone_nwif_address);
1883 		export_prop(of, PT_ALLOWED_ADDRESS,
1884 		    nwiftab.zone_nwif_allowed_address);
1885 		export_prop(of, PT_PHYSICAL, nwiftab.zone_nwif_physical);
1886 		export_prop(of, PT_DEFROUTER, nwiftab.zone_nwif_defrouter);
1887 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1888 	}
1889 	(void) zonecfg_endnwifent(handle);
1890 
1891 	if ((err = zonecfg_setdevent(handle)) != Z_OK) {
1892 		zone_perror(zone, err, B_FALSE);
1893 		goto done;
1894 	}
1895 	while (zonecfg_getdevent(handle, &devtab) == Z_OK) {
1896 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1897 		    rt_to_str(RT_DEVICE));
1898 		export_prop(of, PT_MATCH, devtab.zone_dev_match);
1899 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1900 	}
1901 	(void) zonecfg_enddevent(handle);
1902 
1903 	if (zonecfg_getmcapent(handle, &mcaptab) == Z_OK) {
1904 		char buf[128];
1905 
1906 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1907 		    rt_to_str(RT_MCAP));
1908 		bytes_to_units(mcaptab.zone_physmem_cap, buf, sizeof (buf));
1909 		(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1910 		    pt_to_str(PT_PHYSICAL), buf);
1911 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1912 	}
1913 
1914 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
1915 		zone_perror(zone, err, B_FALSE);
1916 		goto done;
1917 	}
1918 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
1919 		(void) fprintf(of, "%s rctl\n", cmd_to_str(CMD_ADD));
1920 		export_prop(of, PT_NAME, rctltab.zone_rctl_name);
1921 		for (valptr = rctltab.zone_rctl_valptr; valptr != NULL;
1922 		    valptr = valptr->zone_rctlval_next) {
1923 			fprintf(of, "%s %s (%s=%s,%s=%s,%s=%s)\n",
1924 			    cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1925 			    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
1926 			    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
1927 			    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
1928 		}
1929 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1930 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
1931 	}
1932 	(void) zonecfg_endrctlent(handle);
1933 
1934 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
1935 		zone_perror(zone, err, B_FALSE);
1936 		goto done;
1937 	}
1938 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
1939 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1940 		    rt_to_str(RT_ATTR));
1941 		export_prop(of, PT_NAME, attrtab.zone_attr_name);
1942 		export_prop(of, PT_TYPE, attrtab.zone_attr_type);
1943 		export_prop(of, PT_VALUE, attrtab.zone_attr_value);
1944 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1945 	}
1946 	(void) zonecfg_endattrent(handle);
1947 
1948 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
1949 		zone_perror(zone, err, B_FALSE);
1950 		goto done;
1951 	}
1952 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
1953 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1954 		    rt_to_str(RT_DATASET));
1955 		export_prop(of, PT_NAME, dstab.zone_dataset_name);
1956 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1957 	}
1958 	(void) zonecfg_enddsent(handle);
1959 
1960 	if (zonecfg_getpsetent(handle, &psettab) == Z_OK) {
1961 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1962 		    rt_to_str(RT_DCPU));
1963 		if (strcmp(psettab.zone_ncpu_min, psettab.zone_ncpu_max) == 0)
1964 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1965 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_max);
1966 		else
1967 			(void) fprintf(of, "%s %s=%s-%s\n", cmd_to_str(CMD_SET),
1968 			    pt_to_str(PT_NCPUS), psettab.zone_ncpu_min,
1969 			    psettab.zone_ncpu_max);
1970 		if (psettab.zone_importance[0] != '\0')
1971 			(void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1972 			    pt_to_str(PT_IMPORTANCE), psettab.zone_importance);
1973 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1974 	}
1975 
1976 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
1977 		zone_perror(zone, err, B_FALSE);
1978 		goto done;
1979 	}
1980 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
1981 		(void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1982 		    rt_to_str(RT_ADMIN));
1983 		export_prop(of, PT_USER, admintab.zone_admin_user);
1984 		export_prop(of, PT_AUTHS, admintab.zone_admin_auths);
1985 		(void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1986 	}
1987 	(void) zonecfg_endadminent(handle);
1988 
1989 	/*
1990 	 * There is nothing to export for pcap since this resource is just
1991 	 * a container for an rctl alias.
1992 	 */
1993 
1994 done:
1995 	if (need_to_close)
1996 		(void) fclose(of);
1997 }
1998 
1999 void
2000 exit_func(cmd_t *cmd)
2001 {
2002 	int arg, answer;
2003 	boolean_t arg_err = B_FALSE;
2004 
2005 	optind = 0;
2006 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2007 		switch (arg) {
2008 		case '?':
2009 			longer_usage(CMD_EXIT);
2010 			arg_err = B_TRUE;
2011 			break;
2012 		case 'F':
2013 			force_exit = B_TRUE;
2014 			break;
2015 		default:
2016 			short_usage(CMD_EXIT);
2017 			arg_err = B_TRUE;
2018 			break;
2019 		}
2020 	}
2021 	if (arg_err)
2022 		return;
2023 
2024 	if (optind < cmd->cmd_argc) {
2025 		short_usage(CMD_EXIT);
2026 		return;
2027 	}
2028 
2029 	if (global_scope || force_exit) {
2030 		time_to_exit = B_TRUE;
2031 		return;
2032 	}
2033 
2034 	answer = ask_yesno(B_FALSE, "Resource incomplete; really quit");
2035 	if (answer == -1) {
2036 		zerr(gettext("Resource incomplete, input "
2037 		    "not from terminal and -F not specified:\n%s command "
2038 		    "ignored, but exiting anyway."), cmd_to_str(CMD_EXIT));
2039 		exit(Z_ERR);
2040 	} else if (answer == 1) {
2041 		time_to_exit = B_TRUE;
2042 	}
2043 	/* (answer == 0) => just return */
2044 }
2045 
2046 static int
2047 validate_zonepath_syntax(char *path)
2048 {
2049 	if (path[0] != '/') {
2050 		zerr(gettext("%s is not an absolute path."), path);
2051 		return (Z_ERR);
2052 	}
2053 	/* If path is all slashes, then fail */
2054 	if (strspn(path, "/") == strlen(path)) {
2055 		zerr(gettext("/ is not allowed as a %s."),
2056 		    pt_to_str(PT_ZONEPATH));
2057 		return (Z_ERR);
2058 	}
2059 	return (Z_OK);
2060 }
2061 
2062 static void
2063 add_resource(cmd_t *cmd)
2064 {
2065 	int type;
2066 	struct zone_psettab tmp_psettab;
2067 	struct zone_mcaptab tmp_mcaptab;
2068 	uint64_t tmp;
2069 	uint64_t tmp_mcap;
2070 	char pool[MAXNAMELEN];
2071 
2072 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
2073 		long_usage(CMD_ADD, B_TRUE);
2074 		goto bad;
2075 	}
2076 
2077 	switch (type) {
2078 	case RT_FS:
2079 		bzero(&in_progress_fstab, sizeof (in_progress_fstab));
2080 		return;
2081 	case RT_NET:
2082 		bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
2083 		return;
2084 	case RT_DEVICE:
2085 		bzero(&in_progress_devtab, sizeof (in_progress_devtab));
2086 		return;
2087 	case RT_RCTL:
2088 		if (global_zone)
2089 			zerr(gettext("WARNING: Setting a global zone resource "
2090 			    "control too low could deny\nservice "
2091 			    "to even the root user; "
2092 			    "this could render the system impossible\n"
2093 			    "to administer.  Please use caution."));
2094 		bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
2095 		return;
2096 	case RT_ATTR:
2097 		bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
2098 		return;
2099 	case RT_DATASET:
2100 		bzero(&in_progress_dstab, sizeof (in_progress_dstab));
2101 		return;
2102 	case RT_DCPU:
2103 		/* Make sure there isn't already a cpu-set or cpu-cap entry. */
2104 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2105 			zerr(gettext("The %s resource already exists."),
2106 			    rt_to_str(RT_DCPU));
2107 			goto bad;
2108 		}
2109 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) !=
2110 		    Z_NO_ENTRY) {
2111 			zerr(gettext("The %s resource already exists."),
2112 			    rt_to_str(RT_PCAP));
2113 			goto bad;
2114 		}
2115 
2116 		/* Make sure the pool property isn't set. */
2117 		if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
2118 		    strlen(pool) > 0) {
2119 			zerr(gettext("The %s property is already set.  "
2120 			    "A persistent pool is incompatible with\nthe %s "
2121 			    "resource."),
2122 			    pt_to_str(PT_POOL), rt_to_str(RT_DCPU));
2123 			goto bad;
2124 		}
2125 
2126 		bzero(&in_progress_psettab, sizeof (in_progress_psettab));
2127 		return;
2128 	case RT_PCAP:
2129 		/*
2130 		 * Make sure there isn't already a cpu-set or incompatible
2131 		 * cpu-cap rctls.
2132 		 */
2133 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2134 			zerr(gettext("The %s resource already exists."),
2135 			    rt_to_str(RT_DCPU));
2136 			goto bad;
2137 		}
2138 
2139 		switch (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp)) {
2140 		case Z_ALIAS_DISALLOW:
2141 			zone_perror(rt_to_str(RT_PCAP), Z_ALIAS_DISALLOW,
2142 			    B_FALSE);
2143 			goto bad;
2144 
2145 		case Z_OK:
2146 			zerr(gettext("The %s resource already exists."),
2147 			    rt_to_str(RT_PCAP));
2148 			goto bad;
2149 
2150 		default:
2151 			break;
2152 		}
2153 		return;
2154 	case RT_MCAP:
2155 		/*
2156 		 * Make sure there isn't already a mem-cap entry or max-swap
2157 		 * or max-locked rctl.
2158 		 */
2159 		if (zonecfg_lookup_mcap(handle, &tmp_mcaptab) == Z_OK ||
2160 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp_mcap)
2161 		    == Z_OK ||
2162 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
2163 		    &tmp_mcap) == Z_OK) {
2164 			zerr(gettext("The %s resource or a related resource "
2165 			    "control already exists."), rt_to_str(RT_MCAP));
2166 			goto bad;
2167 		}
2168 		if (global_zone)
2169 			zerr(gettext("WARNING: Setting a global zone memory "
2170 			    "cap too low could deny\nservice "
2171 			    "to even the root user; "
2172 			    "this could render the system impossible\n"
2173 			    "to administer.  Please use caution."));
2174 		bzero(&in_progress_mcaptab, sizeof (in_progress_mcaptab));
2175 		return;
2176 	case RT_ADMIN:
2177 		bzero(&in_progress_admintab, sizeof (in_progress_admintab));
2178 		return;
2179 	default:
2180 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
2181 		long_usage(CMD_ADD, B_TRUE);
2182 		usage(B_FALSE, HELP_RESOURCES);
2183 	}
2184 bad:
2185 	global_scope = B_TRUE;
2186 	end_op = -1;
2187 }
2188 
2189 static void
2190 do_complex_rctl_val(complex_property_ptr_t cp)
2191 {
2192 	struct zone_rctlvaltab *rctlvaltab;
2193 	complex_property_ptr_t cx;
2194 	boolean_t seen_priv = B_FALSE, seen_limit = B_FALSE,
2195 	    seen_action = B_FALSE;
2196 	rctlblk_t *rctlblk;
2197 	int err;
2198 
2199 	if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
2200 		zone_perror(zone, Z_NOMEM, B_TRUE);
2201 		exit(Z_ERR);
2202 	}
2203 	for (cx = cp; cx != NULL; cx = cx->cp_next) {
2204 		switch (cx->cp_type) {
2205 		case PT_PRIV:
2206 			if (seen_priv) {
2207 				zerr(gettext("%s already specified"),
2208 				    pt_to_str(PT_PRIV));
2209 				goto bad;
2210 			}
2211 			(void) strlcpy(rctlvaltab->zone_rctlval_priv,
2212 			    cx->cp_value,
2213 			    sizeof (rctlvaltab->zone_rctlval_priv));
2214 			seen_priv = B_TRUE;
2215 			break;
2216 		case PT_LIMIT:
2217 			if (seen_limit) {
2218 				zerr(gettext("%s already specified"),
2219 				    pt_to_str(PT_LIMIT));
2220 				goto bad;
2221 			}
2222 			(void) strlcpy(rctlvaltab->zone_rctlval_limit,
2223 			    cx->cp_value,
2224 			    sizeof (rctlvaltab->zone_rctlval_limit));
2225 			seen_limit = B_TRUE;
2226 			break;
2227 		case PT_ACTION:
2228 			if (seen_action) {
2229 				zerr(gettext("%s already specified"),
2230 				    pt_to_str(PT_ACTION));
2231 				goto bad;
2232 			}
2233 			(void) strlcpy(rctlvaltab->zone_rctlval_action,
2234 			    cx->cp_value,
2235 			    sizeof (rctlvaltab->zone_rctlval_action));
2236 			seen_action = B_TRUE;
2237 			break;
2238 		default:
2239 			zone_perror(pt_to_str(PT_VALUE),
2240 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2241 			long_usage(CMD_ADD, B_TRUE);
2242 			usage(B_FALSE, HELP_PROPS);
2243 			zonecfg_free_rctl_value_list(rctlvaltab);
2244 			return;
2245 		}
2246 	}
2247 	if (!seen_priv)
2248 		zerr(gettext("%s not specified"), pt_to_str(PT_PRIV));
2249 	if (!seen_limit)
2250 		zerr(gettext("%s not specified"), pt_to_str(PT_LIMIT));
2251 	if (!seen_action)
2252 		zerr(gettext("%s not specified"), pt_to_str(PT_ACTION));
2253 	if (!seen_priv || !seen_limit || !seen_action)
2254 		goto bad;
2255 	rctlvaltab->zone_rctlval_next = NULL;
2256 	rctlblk = alloca(rctlblk_size());
2257 	/*
2258 	 * Make sure the rctl value looks roughly correct; we won't know if
2259 	 * it's truly OK until we verify the configuration on the target
2260 	 * system.
2261 	 */
2262 	if (zonecfg_construct_rctlblk(rctlvaltab, rctlblk) != Z_OK ||
2263 	    !zonecfg_valid_rctlblk(rctlblk)) {
2264 		zerr(gettext("Invalid %s %s specification"), rt_to_str(RT_RCTL),
2265 		    pt_to_str(PT_VALUE));
2266 		goto bad;
2267 	}
2268 	err = zonecfg_add_rctl_value(&in_progress_rctltab, rctlvaltab);
2269 	if (err != Z_OK)
2270 		zone_perror(pt_to_str(PT_VALUE), err, B_TRUE);
2271 	return;
2272 
2273 bad:
2274 	zonecfg_free_rctl_value_list(rctlvaltab);
2275 }
2276 
2277 static void
2278 add_property(cmd_t *cmd)
2279 {
2280 	char *prop_id;
2281 	int err, res_type, prop_type;
2282 	property_value_ptr_t pp;
2283 	list_property_ptr_t l;
2284 
2285 	res_type = resource_scope;
2286 	prop_type = cmd->cmd_prop_name[0];
2287 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
2288 		long_usage(CMD_ADD, B_TRUE);
2289 		return;
2290 	}
2291 
2292 	if (cmd->cmd_prop_nv_pairs != 1) {
2293 		long_usage(CMD_ADD, B_TRUE);
2294 		return;
2295 	}
2296 
2297 	if (initialize(B_TRUE) != Z_OK)
2298 		return;
2299 
2300 	switch (res_type) {
2301 	case RT_FS:
2302 		if (prop_type != PT_OPTIONS) {
2303 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2304 			    B_TRUE);
2305 			long_usage(CMD_ADD, B_TRUE);
2306 			usage(B_FALSE, HELP_PROPS);
2307 			return;
2308 		}
2309 		pp = cmd->cmd_property_ptr[0];
2310 		if (pp->pv_type != PROP_VAL_SIMPLE &&
2311 		    pp->pv_type != PROP_VAL_LIST) {
2312 			zerr(gettext("A %s or %s value was expected here."),
2313 			    pvt_to_str(PROP_VAL_SIMPLE),
2314 			    pvt_to_str(PROP_VAL_LIST));
2315 			saw_error = B_TRUE;
2316 			return;
2317 		}
2318 		if (pp->pv_type == PROP_VAL_SIMPLE) {
2319 			if (pp->pv_simple == NULL) {
2320 				long_usage(CMD_ADD, B_TRUE);
2321 				return;
2322 			}
2323 			prop_id = pp->pv_simple;
2324 			err = zonecfg_add_fs_option(&in_progress_fstab,
2325 			    prop_id);
2326 			if (err != Z_OK)
2327 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
2328 		} else {
2329 			list_property_ptr_t list;
2330 
2331 			for (list = pp->pv_list; list != NULL;
2332 			    list = list->lp_next) {
2333 				prop_id = list->lp_simple;
2334 				if (prop_id == NULL)
2335 					break;
2336 				err = zonecfg_add_fs_option(
2337 				    &in_progress_fstab, prop_id);
2338 				if (err != Z_OK)
2339 					zone_perror(pt_to_str(prop_type), err,
2340 					    B_TRUE);
2341 			}
2342 		}
2343 		return;
2344 	case RT_RCTL:
2345 		if (prop_type != PT_VALUE) {
2346 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2347 			    B_TRUE);
2348 			long_usage(CMD_ADD, B_TRUE);
2349 			usage(B_FALSE, HELP_PROPS);
2350 			return;
2351 		}
2352 		pp = cmd->cmd_property_ptr[0];
2353 		if (pp->pv_type != PROP_VAL_COMPLEX &&
2354 		    pp->pv_type != PROP_VAL_LIST) {
2355 			zerr(gettext("A %s or %s value was expected here."),
2356 			    pvt_to_str(PROP_VAL_COMPLEX),
2357 			    pvt_to_str(PROP_VAL_LIST));
2358 			saw_error = B_TRUE;
2359 			return;
2360 		}
2361 		if (pp->pv_type == PROP_VAL_COMPLEX) {
2362 			do_complex_rctl_val(pp->pv_complex);
2363 			return;
2364 		}
2365 		for (l = pp->pv_list; l != NULL; l = l->lp_next)
2366 			do_complex_rctl_val(l->lp_complex);
2367 		return;
2368 	default:
2369 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
2370 		long_usage(CMD_ADD, B_TRUE);
2371 		usage(B_FALSE, HELP_RESOURCES);
2372 		return;
2373 	}
2374 }
2375 
2376 static boolean_t
2377 gz_invalid_resource(int type)
2378 {
2379 	return (global_zone && (type == RT_FS ||
2380 	    type == RT_NET || type == RT_DEVICE || type == RT_ATTR ||
2381 	    type == RT_DATASET));
2382 }
2383 
2384 static boolean_t
2385 gz_invalid_rt_property(int type)
2386 {
2387 	return (global_zone && (type == RT_ZONENAME || type == RT_ZONEPATH ||
2388 	    type == RT_AUTOBOOT || type == RT_LIMITPRIV ||
2389 	    type == RT_BOOTARGS || type == RT_BRAND || type == RT_SCHED ||
2390 	    type == RT_IPTYPE || type == RT_HOSTID || type == RT_FS_ALLOWED));
2391 }
2392 
2393 static boolean_t
2394 gz_invalid_property(int type)
2395 {
2396 	return (global_zone && (type == PT_ZONENAME || type == PT_ZONEPATH ||
2397 	    type == PT_AUTOBOOT || type == PT_LIMITPRIV ||
2398 	    type == PT_BOOTARGS || type == PT_BRAND || type == PT_SCHED ||
2399 	    type == PT_IPTYPE || type == PT_HOSTID || type == PT_FS_ALLOWED));
2400 }
2401 
2402 void
2403 add_func(cmd_t *cmd)
2404 {
2405 	int arg;
2406 	boolean_t arg_err = B_FALSE;
2407 
2408 	assert(cmd != NULL);
2409 
2410 	optind = 0;
2411 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
2412 		switch (arg) {
2413 		case '?':
2414 			longer_usage(CMD_ADD);
2415 			arg_err = B_TRUE;
2416 			break;
2417 		default:
2418 			short_usage(CMD_ADD);
2419 			arg_err = B_TRUE;
2420 			break;
2421 		}
2422 	}
2423 	if (arg_err)
2424 		return;
2425 
2426 	if (optind != cmd->cmd_argc) {
2427 		short_usage(CMD_ADD);
2428 		return;
2429 	}
2430 
2431 	if (zone_is_read_only(CMD_ADD))
2432 		return;
2433 
2434 	if (initialize(B_TRUE) != Z_OK)
2435 		return;
2436 	if (global_scope) {
2437 		if (gz_invalid_resource(cmd->cmd_res_type)) {
2438 			zerr(gettext("Cannot add a %s resource to the "
2439 			    "global zone."), rt_to_str(cmd->cmd_res_type));
2440 			saw_error = B_TRUE;
2441 			return;
2442 		}
2443 
2444 		global_scope = B_FALSE;
2445 		resource_scope = cmd->cmd_res_type;
2446 		end_op = CMD_ADD;
2447 		add_resource(cmd);
2448 	} else
2449 		add_property(cmd);
2450 }
2451 
2452 /*
2453  * This routine has an unusual implementation, because it tries very
2454  * hard to succeed in the face of a variety of failure modes.
2455  * The most common and most vexing occurs when the index file and
2456  * the /etc/zones/<zonename.xml> file are not both present.  In
2457  * this case, delete must eradicate as much of the zone state as is left
2458  * so that the user can later create a new zone with the same name.
2459  */
2460 void
2461 delete_func(cmd_t *cmd)
2462 {
2463 	int err, arg, answer;
2464 	char line[ZONENAME_MAX + 128];	/* enough to ask a question */
2465 	boolean_t force = B_FALSE;
2466 	boolean_t arg_err = B_FALSE;
2467 
2468 	optind = 0;
2469 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2470 		switch (arg) {
2471 		case '?':
2472 			longer_usage(CMD_DELETE);
2473 			arg_err = B_TRUE;
2474 			break;
2475 		case 'F':
2476 			force = B_TRUE;
2477 			break;
2478 		default:
2479 			short_usage(CMD_DELETE);
2480 			arg_err = B_TRUE;
2481 			break;
2482 		}
2483 	}
2484 	if (arg_err)
2485 		return;
2486 
2487 	if (optind != cmd->cmd_argc) {
2488 		short_usage(CMD_DELETE);
2489 		return;
2490 	}
2491 
2492 	if (zone_is_read_only(CMD_DELETE))
2493 		return;
2494 
2495 	if (!force) {
2496 		/*
2497 		 * Initialize sets up the global called "handle" and warns the
2498 		 * user if the zone is not configured.  In force mode, we don't
2499 		 * trust that evaluation, and hence skip it.  (We don't need the
2500 		 * handle to be loaded anyway, since zonecfg_destroy is done by
2501 		 * zonename). However, we also have to take care to emulate the
2502 		 * messages spit out by initialize; see below.
2503 		 */
2504 		if (initialize(B_TRUE) != Z_OK)
2505 			return;
2506 
2507 		(void) snprintf(line, sizeof (line),
2508 		    gettext("Are you sure you want to delete zone %s"), zone);
2509 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
2510 			zerr(gettext("Input not from terminal and -F not "
2511 			    "specified:\n%s command ignored, exiting."),
2512 			    cmd_to_str(CMD_DELETE));
2513 			exit(Z_ERR);
2514 		}
2515 		if (answer != 1)
2516 			return;
2517 	}
2518 
2519 	/*
2520 	 * This function removes the authorizations from user_attr
2521 	 * that correspond to those specified in the configuration
2522 	 */
2523 	if (initialize(B_TRUE) == Z_OK) {
2524 		(void) zonecfg_deauthorize_users(handle, zone);
2525 	}
2526 	if ((err = zonecfg_destroy(zone, force)) != Z_OK) {
2527 		if ((err == Z_BAD_ZONE_STATE) && !force) {
2528 			zerr(gettext("Zone %s not in %s state; %s not "
2529 			    "allowed.  Use -F to force %s."),
2530 			    zone, zone_state_str(ZONE_STATE_CONFIGURED),
2531 			    cmd_to_str(CMD_DELETE), cmd_to_str(CMD_DELETE));
2532 		} else {
2533 			zone_perror(zone, err, B_TRUE);
2534 		}
2535 	}
2536 	need_to_commit = B_FALSE;
2537 
2538 	/*
2539 	 * Emulate initialize's messaging; if there wasn't a valid handle to
2540 	 * begin with, then user had typed delete (or delete -F) multiple
2541 	 * times.  So we emit a message.
2542 	 *
2543 	 * We only do this in the 'force' case because normally, initialize()
2544 	 * takes care of this for us.
2545 	 */
2546 	if (force && zonecfg_check_handle(handle) != Z_OK && interactive_mode)
2547 		(void) printf(gettext("Use '%s' to begin "
2548 		    "configuring a new zone.\n"), cmd_to_str(CMD_CREATE));
2549 
2550 	/*
2551 	 * Time for a new handle: finish the old one off first
2552 	 * then get a new one properly to avoid leaks.
2553 	 */
2554 	if (got_handle) {
2555 		zonecfg_fini_handle(handle);
2556 		if ((handle = zonecfg_init_handle()) == NULL) {
2557 			zone_perror(execname, Z_NOMEM, B_TRUE);
2558 			exit(Z_ERR);
2559 		}
2560 		if ((err = zonecfg_get_handle(zone, handle)) != Z_OK) {
2561 			/* If there was no zone before, that's OK */
2562 			if (err != Z_NO_ZONE)
2563 				zone_perror(zone, err, B_TRUE);
2564 			got_handle = B_FALSE;
2565 		}
2566 	}
2567 }
2568 
2569 static int
2570 fill_in_fstab(cmd_t *cmd, struct zone_fstab *fstab, boolean_t fill_in_only)
2571 {
2572 	int err, i;
2573 	property_value_ptr_t pp;
2574 
2575 	if ((err = initialize(B_TRUE)) != Z_OK)
2576 		return (err);
2577 
2578 	bzero(fstab, sizeof (*fstab));
2579 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2580 		pp = cmd->cmd_property_ptr[i];
2581 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2582 			zerr(gettext("A simple value was expected here."));
2583 			saw_error = B_TRUE;
2584 			return (Z_INSUFFICIENT_SPEC);
2585 		}
2586 		switch (cmd->cmd_prop_name[i]) {
2587 		case PT_DIR:
2588 			(void) strlcpy(fstab->zone_fs_dir, pp->pv_simple,
2589 			    sizeof (fstab->zone_fs_dir));
2590 			break;
2591 		case PT_SPECIAL:
2592 			(void) strlcpy(fstab->zone_fs_special, pp->pv_simple,
2593 			    sizeof (fstab->zone_fs_special));
2594 			break;
2595 		case PT_RAW:
2596 			(void) strlcpy(fstab->zone_fs_raw, pp->pv_simple,
2597 			    sizeof (fstab->zone_fs_raw));
2598 			break;
2599 		case PT_TYPE:
2600 			(void) strlcpy(fstab->zone_fs_type, pp->pv_simple,
2601 			    sizeof (fstab->zone_fs_type));
2602 			break;
2603 		default:
2604 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2605 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2606 			return (Z_INSUFFICIENT_SPEC);
2607 		}
2608 	}
2609 	if (fill_in_only)
2610 		return (Z_OK);
2611 	return (zonecfg_lookup_filesystem(handle, fstab));
2612 }
2613 
2614 static int
2615 fill_in_nwiftab(cmd_t *cmd, struct zone_nwiftab *nwiftab,
2616     boolean_t fill_in_only)
2617 {
2618 	int err, i;
2619 	property_value_ptr_t pp;
2620 
2621 	if ((err = initialize(B_TRUE)) != Z_OK)
2622 		return (err);
2623 
2624 	bzero(nwiftab, sizeof (*nwiftab));
2625 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2626 		pp = cmd->cmd_property_ptr[i];
2627 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2628 			zerr(gettext("A simple value was expected here."));
2629 			saw_error = B_TRUE;
2630 			return (Z_INSUFFICIENT_SPEC);
2631 		}
2632 		switch (cmd->cmd_prop_name[i]) {
2633 		case PT_ADDRESS:
2634 			(void) strlcpy(nwiftab->zone_nwif_address,
2635 			    pp->pv_simple, sizeof (nwiftab->zone_nwif_address));
2636 			break;
2637 		case PT_ALLOWED_ADDRESS:
2638 			(void) strlcpy(nwiftab->zone_nwif_allowed_address,
2639 			    pp->pv_simple,
2640 			    sizeof (nwiftab->zone_nwif_allowed_address));
2641 			break;
2642 		case PT_PHYSICAL:
2643 			(void) strlcpy(nwiftab->zone_nwif_physical,
2644 			    pp->pv_simple,
2645 			    sizeof (nwiftab->zone_nwif_physical));
2646 			break;
2647 		case PT_DEFROUTER:
2648 			(void) strlcpy(nwiftab->zone_nwif_defrouter,
2649 			    pp->pv_simple,
2650 			    sizeof (nwiftab->zone_nwif_defrouter));
2651 			break;
2652 		default:
2653 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2654 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2655 			return (Z_INSUFFICIENT_SPEC);
2656 		}
2657 	}
2658 	if (fill_in_only)
2659 		return (Z_OK);
2660 	err = zonecfg_lookup_nwif(handle, nwiftab);
2661 	return (err);
2662 }
2663 
2664 static int
2665 fill_in_devtab(cmd_t *cmd, struct zone_devtab *devtab, boolean_t fill_in_only)
2666 {
2667 	int err, i;
2668 	property_value_ptr_t pp;
2669 
2670 	if ((err = initialize(B_TRUE)) != Z_OK)
2671 		return (err);
2672 
2673 	bzero(devtab, sizeof (*devtab));
2674 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2675 		pp = cmd->cmd_property_ptr[i];
2676 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2677 			zerr(gettext("A simple value was expected here."));
2678 			saw_error = B_TRUE;
2679 			return (Z_INSUFFICIENT_SPEC);
2680 		}
2681 		switch (cmd->cmd_prop_name[i]) {
2682 		case PT_MATCH:
2683 			(void) strlcpy(devtab->zone_dev_match, pp->pv_simple,
2684 			    sizeof (devtab->zone_dev_match));
2685 			break;
2686 		default:
2687 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2688 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2689 			return (Z_INSUFFICIENT_SPEC);
2690 		}
2691 	}
2692 	if (fill_in_only)
2693 		return (Z_OK);
2694 	err = zonecfg_lookup_dev(handle, devtab);
2695 	return (err);
2696 }
2697 
2698 static int
2699 fill_in_rctltab(cmd_t *cmd, struct zone_rctltab *rctltab,
2700     boolean_t fill_in_only)
2701 {
2702 	int err, i;
2703 	property_value_ptr_t pp;
2704 
2705 	if ((err = initialize(B_TRUE)) != Z_OK)
2706 		return (err);
2707 
2708 	bzero(rctltab, sizeof (*rctltab));
2709 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2710 		pp = cmd->cmd_property_ptr[i];
2711 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2712 			zerr(gettext("A simple value was expected here."));
2713 			saw_error = B_TRUE;
2714 			return (Z_INSUFFICIENT_SPEC);
2715 		}
2716 		switch (cmd->cmd_prop_name[i]) {
2717 		case PT_NAME:
2718 			(void) strlcpy(rctltab->zone_rctl_name, pp->pv_simple,
2719 			    sizeof (rctltab->zone_rctl_name));
2720 			break;
2721 		default:
2722 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2723 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2724 			return (Z_INSUFFICIENT_SPEC);
2725 		}
2726 	}
2727 	if (fill_in_only)
2728 		return (Z_OK);
2729 	err = zonecfg_lookup_rctl(handle, rctltab);
2730 	return (err);
2731 }
2732 
2733 static int
2734 fill_in_attrtab(cmd_t *cmd, struct zone_attrtab *attrtab,
2735     boolean_t fill_in_only)
2736 {
2737 	int err, i;
2738 	property_value_ptr_t pp;
2739 
2740 	if ((err = initialize(B_TRUE)) != Z_OK)
2741 		return (err);
2742 
2743 	bzero(attrtab, sizeof (*attrtab));
2744 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2745 		pp = cmd->cmd_property_ptr[i];
2746 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2747 			zerr(gettext("A simple value was expected here."));
2748 			saw_error = B_TRUE;
2749 			return (Z_INSUFFICIENT_SPEC);
2750 		}
2751 		switch (cmd->cmd_prop_name[i]) {
2752 		case PT_NAME:
2753 			(void) strlcpy(attrtab->zone_attr_name, pp->pv_simple,
2754 			    sizeof (attrtab->zone_attr_name));
2755 			break;
2756 		case PT_TYPE:
2757 			(void) strlcpy(attrtab->zone_attr_type, pp->pv_simple,
2758 			    sizeof (attrtab->zone_attr_type));
2759 			break;
2760 		case PT_VALUE:
2761 			(void) strlcpy(attrtab->zone_attr_value, pp->pv_simple,
2762 			    sizeof (attrtab->zone_attr_value));
2763 			break;
2764 		default:
2765 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2766 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2767 			return (Z_INSUFFICIENT_SPEC);
2768 		}
2769 	}
2770 	if (fill_in_only)
2771 		return (Z_OK);
2772 	err = zonecfg_lookup_attr(handle, attrtab);
2773 	return (err);
2774 }
2775 
2776 static int
2777 fill_in_dstab(cmd_t *cmd, struct zone_dstab *dstab, boolean_t fill_in_only)
2778 {
2779 	int err, i;
2780 	property_value_ptr_t pp;
2781 
2782 	if ((err = initialize(B_TRUE)) != Z_OK)
2783 		return (err);
2784 
2785 	dstab->zone_dataset_name[0] = '\0';
2786 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2787 		pp = cmd->cmd_property_ptr[i];
2788 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2789 			zerr(gettext("A simple value was expected here."));
2790 			saw_error = B_TRUE;
2791 			return (Z_INSUFFICIENT_SPEC);
2792 		}
2793 		switch (cmd->cmd_prop_name[i]) {
2794 		case PT_NAME:
2795 			(void) strlcpy(dstab->zone_dataset_name, pp->pv_simple,
2796 			    sizeof (dstab->zone_dataset_name));
2797 			break;
2798 		default:
2799 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2800 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2801 			return (Z_INSUFFICIENT_SPEC);
2802 		}
2803 	}
2804 	if (fill_in_only)
2805 		return (Z_OK);
2806 	return (zonecfg_lookup_ds(handle, dstab));
2807 }
2808 
2809 static int
2810 fill_in_admintab(cmd_t *cmd, struct zone_admintab *admintab,
2811     boolean_t fill_in_only)
2812 {
2813 	int err, i;
2814 	property_value_ptr_t pp;
2815 
2816 	if ((err = initialize(B_TRUE)) != Z_OK)
2817 		return (err);
2818 
2819 	bzero(admintab, sizeof (*admintab));
2820 	for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2821 		pp = cmd->cmd_property_ptr[i];
2822 		if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2823 			zerr(gettext("A simple value was expected here."));
2824 			saw_error = B_TRUE;
2825 			return (Z_INSUFFICIENT_SPEC);
2826 		}
2827 		switch (cmd->cmd_prop_name[i]) {
2828 		case PT_USER:
2829 			(void) strlcpy(admintab->zone_admin_user, pp->pv_simple,
2830 			    sizeof (admintab->zone_admin_user));
2831 			break;
2832 		case PT_AUTHS:
2833 			(void) strlcpy(admintab->zone_admin_auths,
2834 			    pp->pv_simple, sizeof (admintab->zone_admin_auths));
2835 			break;
2836 		default:
2837 			zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2838 			    Z_NO_PROPERTY_TYPE, B_TRUE);
2839 			return (Z_INSUFFICIENT_SPEC);
2840 		}
2841 	}
2842 	if (fill_in_only)
2843 		return (Z_OK);
2844 	err = zonecfg_lookup_admin(handle, admintab);
2845 	return (err);
2846 }
2847 
2848 static void
2849 remove_aliased_rctl(int type, char *name)
2850 {
2851 	int err;
2852 	uint64_t tmp;
2853 
2854 	if ((err = zonecfg_get_aliased_rctl(handle, name, &tmp)) != Z_OK) {
2855 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2856 		    zonecfg_strerror(err));
2857 		saw_error = B_TRUE;
2858 		return;
2859 	}
2860 	if ((err = zonecfg_rm_aliased_rctl(handle, name)) != Z_OK) {
2861 		zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2862 		    zonecfg_strerror(err));
2863 		saw_error = B_TRUE;
2864 	} else {
2865 		need_to_commit = B_TRUE;
2866 	}
2867 }
2868 
2869 static boolean_t
2870 prompt_remove_resource(cmd_t *cmd, char *rsrc)
2871 {
2872 	int num;
2873 	int answer;
2874 	int arg;
2875 	boolean_t force = B_FALSE;
2876 	char prompt[128];
2877 	boolean_t arg_err = B_FALSE;
2878 
2879 	optind = 0;
2880 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
2881 		switch (arg) {
2882 		case 'F':
2883 			force = B_TRUE;
2884 			break;
2885 		default:
2886 			arg_err = B_TRUE;
2887 			break;
2888 		}
2889 	}
2890 	if (arg_err)
2891 		return (B_FALSE);
2892 
2893 
2894 	num = zonecfg_num_resources(handle, rsrc);
2895 
2896 	if (num == 0) {
2897 		z_cmd_rt_perror(CMD_REMOVE, cmd->cmd_res_type, Z_NO_ENTRY,
2898 		    B_TRUE);
2899 		return (B_FALSE);
2900 	}
2901 	if (num > 1 && !force) {
2902 		if (!interactive_mode) {
2903 			zerr(gettext("There are multiple instances of this "
2904 			    "resource.  Either qualify the resource to\n"
2905 			    "remove a single instance or use the -F option to "
2906 			    "remove all instances."));
2907 			saw_error = B_TRUE;
2908 			return (B_FALSE);
2909 		}
2910 		(void) snprintf(prompt, sizeof (prompt), gettext(
2911 		    "Are you sure you want to remove ALL '%s' resources"),
2912 		    rsrc);
2913 		answer = ask_yesno(B_FALSE, prompt);
2914 		if (answer == -1) {
2915 			zerr(gettext("Resource incomplete."));
2916 			return (B_FALSE);
2917 		}
2918 		if (answer != 1)
2919 			return (B_FALSE);
2920 	}
2921 	return (B_TRUE);
2922 }
2923 
2924 static void
2925 remove_fs(cmd_t *cmd)
2926 {
2927 	int err;
2928 
2929 	/* traditional, qualified fs removal */
2930 	if (cmd->cmd_prop_nv_pairs > 0) {
2931 		struct zone_fstab fstab;
2932 
2933 		if ((err = fill_in_fstab(cmd, &fstab, B_FALSE)) != Z_OK) {
2934 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
2935 			return;
2936 		}
2937 		if ((err = zonecfg_delete_filesystem(handle, &fstab)) != Z_OK)
2938 			z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
2939 		else
2940 			need_to_commit = B_TRUE;
2941 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
2942 		return;
2943 	}
2944 
2945 	/*
2946 	 * unqualified fs removal.  remove all fs's but prompt if more
2947 	 * than one.
2948 	 */
2949 	if (!prompt_remove_resource(cmd, "fs"))
2950 		return;
2951 
2952 	if ((err = zonecfg_del_all_resources(handle, "fs")) != Z_OK)
2953 		z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
2954 	else
2955 		need_to_commit = B_TRUE;
2956 }
2957 
2958 static void
2959 remove_net(cmd_t *cmd)
2960 {
2961 	int err;
2962 
2963 	/* traditional, qualified net removal */
2964 	if (cmd->cmd_prop_nv_pairs > 0) {
2965 		struct zone_nwiftab nwiftab;
2966 
2967 		if ((err = fill_in_nwiftab(cmd, &nwiftab, B_FALSE)) != Z_OK) {
2968 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
2969 			return;
2970 		}
2971 		if ((err = zonecfg_delete_nwif(handle, &nwiftab)) != Z_OK)
2972 			z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
2973 		else
2974 			need_to_commit = B_TRUE;
2975 		return;
2976 	}
2977 
2978 	/*
2979 	 * unqualified net removal.  remove all nets but prompt if more
2980 	 * than one.
2981 	 */
2982 	if (!prompt_remove_resource(cmd, "net"))
2983 		return;
2984 
2985 	if ((err = zonecfg_del_all_resources(handle, "net")) != Z_OK)
2986 		z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
2987 	else
2988 		need_to_commit = B_TRUE;
2989 }
2990 
2991 static void
2992 remove_device(cmd_t *cmd)
2993 {
2994 	int err;
2995 
2996 	/* traditional, qualified device removal */
2997 	if (cmd->cmd_prop_nv_pairs > 0) {
2998 		struct zone_devtab devtab;
2999 
3000 		if ((err = fill_in_devtab(cmd, &devtab, B_FALSE)) != Z_OK) {
3001 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3002 			return;
3003 		}
3004 		if ((err = zonecfg_delete_dev(handle, &devtab)) != Z_OK)
3005 			z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3006 		else
3007 			need_to_commit = B_TRUE;
3008 		return;
3009 	}
3010 
3011 	/*
3012 	 * unqualified device removal.  remove all devices but prompt if more
3013 	 * than one.
3014 	 */
3015 	if (!prompt_remove_resource(cmd, "device"))
3016 		return;
3017 
3018 	if ((err = zonecfg_del_all_resources(handle, "device")) != Z_OK)
3019 		z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3020 	else
3021 		need_to_commit = B_TRUE;
3022 }
3023 
3024 static void
3025 remove_attr(cmd_t *cmd)
3026 {
3027 	int err;
3028 
3029 	/* traditional, qualified attr removal */
3030 	if (cmd->cmd_prop_nv_pairs > 0) {
3031 		struct zone_attrtab attrtab;
3032 
3033 		if ((err = fill_in_attrtab(cmd, &attrtab, B_FALSE)) != Z_OK) {
3034 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3035 			return;
3036 		}
3037 		if ((err = zonecfg_delete_attr(handle, &attrtab)) != Z_OK)
3038 			z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3039 		else
3040 			need_to_commit = B_TRUE;
3041 		return;
3042 	}
3043 
3044 	/*
3045 	 * unqualified attr removal.  remove all attrs but prompt if more
3046 	 * than one.
3047 	 */
3048 	if (!prompt_remove_resource(cmd, "attr"))
3049 		return;
3050 
3051 	if ((err = zonecfg_del_all_resources(handle, "attr")) != Z_OK)
3052 		z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3053 	else
3054 		need_to_commit = B_TRUE;
3055 }
3056 
3057 static void
3058 remove_dataset(cmd_t *cmd)
3059 {
3060 	int err;
3061 
3062 	/* traditional, qualified dataset removal */
3063 	if (cmd->cmd_prop_nv_pairs > 0) {
3064 		struct zone_dstab dstab;
3065 
3066 		if ((err = fill_in_dstab(cmd, &dstab, B_FALSE)) != Z_OK) {
3067 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3068 			return;
3069 		}
3070 		if ((err = zonecfg_delete_ds(handle, &dstab)) != Z_OK)
3071 			z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3072 		else
3073 			need_to_commit = B_TRUE;
3074 		return;
3075 	}
3076 
3077 	/*
3078 	 * unqualified dataset removal.  remove all datasets but prompt if more
3079 	 * than one.
3080 	 */
3081 	if (!prompt_remove_resource(cmd, "dataset"))
3082 		return;
3083 
3084 	if ((err = zonecfg_del_all_resources(handle, "dataset")) != Z_OK)
3085 		z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3086 	else
3087 		need_to_commit = B_TRUE;
3088 }
3089 
3090 static void
3091 remove_rctl(cmd_t *cmd)
3092 {
3093 	int err;
3094 
3095 	/* traditional, qualified rctl removal */
3096 	if (cmd->cmd_prop_nv_pairs > 0) {
3097 		struct zone_rctltab rctltab;
3098 
3099 		if ((err = fill_in_rctltab(cmd, &rctltab, B_FALSE)) != Z_OK) {
3100 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3101 			return;
3102 		}
3103 		if ((err = zonecfg_delete_rctl(handle, &rctltab)) != Z_OK)
3104 			z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3105 		else
3106 			need_to_commit = B_TRUE;
3107 		zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3108 		return;
3109 	}
3110 
3111 	/*
3112 	 * unqualified rctl removal.  remove all rctls but prompt if more
3113 	 * than one.
3114 	 */
3115 	if (!prompt_remove_resource(cmd, "rctl"))
3116 		return;
3117 
3118 	if ((err = zonecfg_del_all_resources(handle, "rctl")) != Z_OK)
3119 		z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3120 	else
3121 		need_to_commit = B_TRUE;
3122 }
3123 
3124 static void
3125 remove_pset()
3126 {
3127 	int err;
3128 	struct zone_psettab psettab;
3129 
3130 	if ((err = zonecfg_lookup_pset(handle, &psettab)) != Z_OK) {
3131 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3132 		return;
3133 	}
3134 	if ((err = zonecfg_delete_pset(handle)) != Z_OK)
3135 		z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3136 	else
3137 		need_to_commit = B_TRUE;
3138 }
3139 
3140 static void
3141 remove_pcap()
3142 {
3143 	int err;
3144 	uint64_t tmp;
3145 
3146 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) != Z_OK) {
3147 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_PCAP),
3148 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3149 		saw_error = B_TRUE;
3150 		return;
3151 	}
3152 
3153 	if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_CPUCAP)) != Z_OK)
3154 		z_cmd_rt_perror(CMD_REMOVE, RT_PCAP, err, B_TRUE);
3155 	else
3156 		need_to_commit = B_TRUE;
3157 }
3158 
3159 static void
3160 remove_mcap()
3161 {
3162 	int err, res1, res2, res3;
3163 	uint64_t tmp;
3164 	struct zone_mcaptab mcaptab;
3165 	boolean_t revert = B_FALSE;
3166 
3167 	res1 = zonecfg_lookup_mcap(handle, &mcaptab);
3168 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp);
3169 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &tmp);
3170 
3171 	/* if none of these exist, there is no resource to remove */
3172 	if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
3173 		zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_MCAP),
3174 		    zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3175 		saw_error = B_TRUE;
3176 		return;
3177 	}
3178 	if (res1 == Z_OK) {
3179 		if ((err = zonecfg_delete_mcap(handle)) != Z_OK) {
3180 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3181 			revert = B_TRUE;
3182 		} else {
3183 			need_to_commit = B_TRUE;
3184 		}
3185 	}
3186 	if (res2 == Z_OK) {
3187 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXSWAP))
3188 		    != Z_OK) {
3189 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3190 			revert = B_TRUE;
3191 		} else {
3192 			need_to_commit = B_TRUE;
3193 		}
3194 	}
3195 	if (res3 == Z_OK) {
3196 		if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM))
3197 		    != Z_OK) {
3198 			z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3199 			revert = B_TRUE;
3200 		} else {
3201 			need_to_commit = B_TRUE;
3202 		}
3203 	}
3204 
3205 	if (revert)
3206 		need_to_commit = B_FALSE;
3207 }
3208 
3209 static void
3210 remove_admin(cmd_t *cmd)
3211 {
3212 	int err;
3213 
3214 	/* traditional, qualified attr removal */
3215 	if (cmd->cmd_prop_nv_pairs > 0) {
3216 		struct zone_admintab admintab;
3217 
3218 		if ((err = fill_in_admintab(cmd, &admintab, B_FALSE)) != Z_OK) {
3219 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3220 			    err, B_TRUE);
3221 			return;
3222 		}
3223 		if ((err = zonecfg_delete_admin(handle, &admintab,
3224 		    zone))
3225 		    != Z_OK)
3226 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3227 			    err, B_TRUE);
3228 		else
3229 			need_to_commit = B_TRUE;
3230 		return;
3231 	} else {
3232 		/*
3233 		 * unqualified admin removal.
3234 		 * remove all admins but prompt if more
3235 		 * than one.
3236 		 */
3237 		if (!prompt_remove_resource(cmd, "admin"))
3238 			return;
3239 
3240 		if ((err = zonecfg_delete_admins(handle, zone))
3241 		    != Z_OK)
3242 			z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3243 			    err, B_TRUE);
3244 		else
3245 			need_to_commit = B_TRUE;
3246 	}
3247 }
3248 
3249 static void
3250 remove_resource(cmd_t *cmd)
3251 {
3252 	int type;
3253 	int arg;
3254 	boolean_t arg_err = B_FALSE;
3255 
3256 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3257 		long_usage(CMD_REMOVE, B_TRUE);
3258 		return;
3259 	}
3260 
3261 	optind = 0;
3262 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
3263 		switch (arg) {
3264 		case '?':
3265 			longer_usage(CMD_REMOVE);
3266 			arg_err = B_TRUE;
3267 			break;
3268 		case 'F':
3269 			break;
3270 		default:
3271 			short_usage(CMD_REMOVE);
3272 			arg_err = B_TRUE;
3273 			break;
3274 		}
3275 	}
3276 	if (arg_err)
3277 		return;
3278 
3279 	if (initialize(B_TRUE) != Z_OK)
3280 		return;
3281 
3282 	switch (type) {
3283 	case RT_FS:
3284 		remove_fs(cmd);
3285 		return;
3286 	case RT_NET:
3287 		remove_net(cmd);
3288 		return;
3289 	case RT_DEVICE:
3290 		remove_device(cmd);
3291 		return;
3292 	case RT_RCTL:
3293 		remove_rctl(cmd);
3294 		return;
3295 	case RT_ATTR:
3296 		remove_attr(cmd);
3297 		return;
3298 	case RT_DATASET:
3299 		remove_dataset(cmd);
3300 		return;
3301 	case RT_DCPU:
3302 		remove_pset();
3303 		return;
3304 	case RT_PCAP:
3305 		remove_pcap();
3306 		return;
3307 	case RT_MCAP:
3308 		remove_mcap();
3309 		return;
3310 	case RT_ADMIN:
3311 		remove_admin(cmd);
3312 		return;
3313 	default:
3314 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3315 		long_usage(CMD_REMOVE, B_TRUE);
3316 		usage(B_FALSE, HELP_RESOURCES);
3317 		return;
3318 	}
3319 }
3320 
3321 static void
3322 remove_property(cmd_t *cmd)
3323 {
3324 	char *prop_id;
3325 	int err, res_type, prop_type;
3326 	property_value_ptr_t pp;
3327 	struct zone_rctlvaltab *rctlvaltab;
3328 	complex_property_ptr_t cx;
3329 
3330 	res_type = resource_scope;
3331 	prop_type = cmd->cmd_prop_name[0];
3332 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3333 		long_usage(CMD_REMOVE, B_TRUE);
3334 		return;
3335 	}
3336 
3337 	if (cmd->cmd_prop_nv_pairs != 1) {
3338 		long_usage(CMD_ADD, B_TRUE);
3339 		return;
3340 	}
3341 
3342 	if (initialize(B_TRUE) != Z_OK)
3343 		return;
3344 
3345 	switch (res_type) {
3346 	case RT_FS:
3347 		if (prop_type != PT_OPTIONS) {
3348 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3349 			    B_TRUE);
3350 			long_usage(CMD_REMOVE, B_TRUE);
3351 			usage(B_FALSE, HELP_PROPS);
3352 			return;
3353 		}
3354 		pp = cmd->cmd_property_ptr[0];
3355 		if (pp->pv_type == PROP_VAL_COMPLEX) {
3356 			zerr(gettext("A %s or %s value was expected here."),
3357 			    pvt_to_str(PROP_VAL_SIMPLE),
3358 			    pvt_to_str(PROP_VAL_LIST));
3359 			saw_error = B_TRUE;
3360 			return;
3361 		}
3362 		if (pp->pv_type == PROP_VAL_SIMPLE) {
3363 			if (pp->pv_simple == NULL) {
3364 				long_usage(CMD_ADD, B_TRUE);
3365 				return;
3366 			}
3367 			prop_id = pp->pv_simple;
3368 			err = zonecfg_remove_fs_option(&in_progress_fstab,
3369 			    prop_id);
3370 			if (err != Z_OK)
3371 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
3372 		} else {
3373 			list_property_ptr_t list;
3374 
3375 			for (list = pp->pv_list; list != NULL;
3376 			    list = list->lp_next) {
3377 				prop_id = list->lp_simple;
3378 				if (prop_id == NULL)
3379 					break;
3380 				err = zonecfg_remove_fs_option(
3381 				    &in_progress_fstab, prop_id);
3382 				if (err != Z_OK)
3383 					zone_perror(pt_to_str(prop_type), err,
3384 					    B_TRUE);
3385 			}
3386 		}
3387 		return;
3388 	case RT_RCTL:
3389 		if (prop_type != PT_VALUE) {
3390 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3391 			    B_TRUE);
3392 			long_usage(CMD_REMOVE, B_TRUE);
3393 			usage(B_FALSE, HELP_PROPS);
3394 			return;
3395 		}
3396 		pp = cmd->cmd_property_ptr[0];
3397 		if (pp->pv_type != PROP_VAL_COMPLEX) {
3398 			zerr(gettext("A %s value was expected here."),
3399 			    pvt_to_str(PROP_VAL_COMPLEX));
3400 			saw_error = B_TRUE;
3401 			return;
3402 		}
3403 		if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
3404 			zone_perror(zone, Z_NOMEM, B_TRUE);
3405 			exit(Z_ERR);
3406 		}
3407 		for (cx = pp->pv_complex; cx != NULL; cx = cx->cp_next) {
3408 			switch (cx->cp_type) {
3409 			case PT_PRIV:
3410 				(void) strlcpy(rctlvaltab->zone_rctlval_priv,
3411 				    cx->cp_value,
3412 				    sizeof (rctlvaltab->zone_rctlval_priv));
3413 				break;
3414 			case PT_LIMIT:
3415 				(void) strlcpy(rctlvaltab->zone_rctlval_limit,
3416 				    cx->cp_value,
3417 				    sizeof (rctlvaltab->zone_rctlval_limit));
3418 				break;
3419 			case PT_ACTION:
3420 				(void) strlcpy(rctlvaltab->zone_rctlval_action,
3421 				    cx->cp_value,
3422 				    sizeof (rctlvaltab->zone_rctlval_action));
3423 				break;
3424 			default:
3425 				zone_perror(pt_to_str(prop_type),
3426 				    Z_NO_PROPERTY_TYPE, B_TRUE);
3427 				long_usage(CMD_ADD, B_TRUE);
3428 				usage(B_FALSE, HELP_PROPS);
3429 				zonecfg_free_rctl_value_list(rctlvaltab);
3430 				return;
3431 			}
3432 		}
3433 		rctlvaltab->zone_rctlval_next = NULL;
3434 		err = zonecfg_remove_rctl_value(&in_progress_rctltab,
3435 		    rctlvaltab);
3436 		if (err != Z_OK)
3437 			zone_perror(pt_to_str(prop_type), err, B_TRUE);
3438 		zonecfg_free_rctl_value_list(rctlvaltab);
3439 		return;
3440 	case RT_NET:
3441 		if (prop_type != PT_DEFROUTER) {
3442 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3443 			    B_TRUE);
3444 			long_usage(CMD_REMOVE, B_TRUE);
3445 			usage(B_FALSE, HELP_PROPS);
3446 			return;
3447 		} else {
3448 			bzero(&in_progress_nwiftab.zone_nwif_defrouter,
3449 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
3450 			return;
3451 		}
3452 	default:
3453 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
3454 		long_usage(CMD_REMOVE, B_TRUE);
3455 		usage(B_FALSE, HELP_RESOURCES);
3456 		return;
3457 	}
3458 }
3459 
3460 void
3461 remove_func(cmd_t *cmd)
3462 {
3463 	if (zone_is_read_only(CMD_REMOVE))
3464 		return;
3465 
3466 	assert(cmd != NULL);
3467 
3468 	if (global_scope) {
3469 		if (gz_invalid_resource(cmd->cmd_res_type)) {
3470 			zerr(gettext("%s is not a valid resource for the "
3471 			    "global zone."), rt_to_str(cmd->cmd_res_type));
3472 			saw_error = B_TRUE;
3473 			return;
3474 		}
3475 		remove_resource(cmd);
3476 	} else {
3477 		remove_property(cmd);
3478 	}
3479 }
3480 
3481 static void
3482 clear_property(cmd_t *cmd)
3483 {
3484 	int res_type, prop_type;
3485 
3486 	res_type = resource_scope;
3487 	prop_type = cmd->cmd_res_type;
3488 	if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3489 		long_usage(CMD_CLEAR, B_TRUE);
3490 		return;
3491 	}
3492 
3493 	if (initialize(B_TRUE) != Z_OK)
3494 		return;
3495 
3496 	switch (res_type) {
3497 	case RT_FS:
3498 		if (prop_type == PT_RAW) {
3499 			in_progress_fstab.zone_fs_raw[0] = '\0';
3500 			need_to_commit = B_TRUE;
3501 			return;
3502 		}
3503 		break;
3504 	case RT_DCPU:
3505 		if (prop_type == PT_IMPORTANCE) {
3506 			in_progress_psettab.zone_importance[0] = '\0';
3507 			need_to_commit = B_TRUE;
3508 			return;
3509 		}
3510 		break;
3511 	case RT_MCAP:
3512 		switch (prop_type) {
3513 		case PT_PHYSICAL:
3514 			in_progress_mcaptab.zone_physmem_cap[0] = '\0';
3515 			need_to_commit = B_TRUE;
3516 			return;
3517 		case PT_SWAP:
3518 			remove_aliased_rctl(PT_SWAP, ALIAS_MAXSWAP);
3519 			return;
3520 		case PT_LOCKED:
3521 			remove_aliased_rctl(PT_LOCKED, ALIAS_MAXLOCKEDMEM);
3522 			return;
3523 		}
3524 		break;
3525 	default:
3526 		break;
3527 	}
3528 
3529 	zone_perror(pt_to_str(prop_type), Z_CLEAR_DISALLOW, B_TRUE);
3530 }
3531 
3532 static void
3533 clear_global(cmd_t *cmd)
3534 {
3535 	int err, type;
3536 
3537 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3538 		long_usage(CMD_CLEAR, B_TRUE);
3539 		return;
3540 	}
3541 
3542 	if (initialize(B_TRUE) != Z_OK)
3543 		return;
3544 
3545 	switch (type) {
3546 	case PT_ZONENAME:
3547 		/* FALLTHRU */
3548 	case PT_ZONEPATH:
3549 		/* FALLTHRU */
3550 	case PT_BRAND:
3551 		zone_perror(pt_to_str(type), Z_CLEAR_DISALLOW, B_TRUE);
3552 		return;
3553 	case PT_AUTOBOOT:
3554 		/* false is default; we'll treat as equivalent to clearing */
3555 		if ((err = zonecfg_set_autoboot(handle, B_FALSE)) != Z_OK)
3556 			z_cmd_rt_perror(CMD_CLEAR, RT_AUTOBOOT, err, B_TRUE);
3557 		else
3558 			need_to_commit = B_TRUE;
3559 		return;
3560 	case PT_POOL:
3561 		if ((err = zonecfg_set_pool(handle, NULL)) != Z_OK)
3562 			z_cmd_rt_perror(CMD_CLEAR, RT_POOL, err, B_TRUE);
3563 		else
3564 			need_to_commit = B_TRUE;
3565 		return;
3566 	case PT_LIMITPRIV:
3567 		if ((err = zonecfg_set_limitpriv(handle, NULL)) != Z_OK)
3568 			z_cmd_rt_perror(CMD_CLEAR, RT_LIMITPRIV, err, B_TRUE);
3569 		else
3570 			need_to_commit = B_TRUE;
3571 		return;
3572 	case PT_BOOTARGS:
3573 		if ((err = zonecfg_set_bootargs(handle, NULL)) != Z_OK)
3574 			z_cmd_rt_perror(CMD_CLEAR, RT_BOOTARGS, err, B_TRUE);
3575 		else
3576 			need_to_commit = B_TRUE;
3577 		return;
3578 	case PT_SCHED:
3579 		if ((err = zonecfg_set_sched(handle, NULL)) != Z_OK)
3580 			z_cmd_rt_perror(CMD_CLEAR, RT_SCHED, err, B_TRUE);
3581 		else
3582 			need_to_commit = B_TRUE;
3583 		return;
3584 	case PT_IPTYPE:
3585 		/* shared is default; we'll treat as equivalent to clearing */
3586 		if ((err = zonecfg_set_iptype(handle, ZS_SHARED)) != Z_OK)
3587 			z_cmd_rt_perror(CMD_CLEAR, RT_IPTYPE, err, B_TRUE);
3588 		else
3589 			need_to_commit = B_TRUE;
3590 		return;
3591 	case PT_MAXLWPS:
3592 		remove_aliased_rctl(PT_MAXLWPS, ALIAS_MAXLWPS);
3593 		return;
3594 	case PT_MAXPROCS:
3595 		remove_aliased_rctl(PT_MAXPROCS, ALIAS_MAXPROCS);
3596 		return;
3597 	case PT_MAXSHMMEM:
3598 		remove_aliased_rctl(PT_MAXSHMMEM, ALIAS_MAXSHMMEM);
3599 		return;
3600 	case PT_MAXSHMIDS:
3601 		remove_aliased_rctl(PT_MAXSHMIDS, ALIAS_MAXSHMIDS);
3602 		return;
3603 	case PT_MAXMSGIDS:
3604 		remove_aliased_rctl(PT_MAXMSGIDS, ALIAS_MAXMSGIDS);
3605 		return;
3606 	case PT_MAXSEMIDS:
3607 		remove_aliased_rctl(PT_MAXSEMIDS, ALIAS_MAXSEMIDS);
3608 		return;
3609 	case PT_SHARES:
3610 		remove_aliased_rctl(PT_SHARES, ALIAS_SHARES);
3611 		return;
3612 	case PT_HOSTID:
3613 		if ((err = zonecfg_set_hostid(handle, NULL)) != Z_OK)
3614 			z_cmd_rt_perror(CMD_CLEAR, RT_HOSTID, err, B_TRUE);
3615 		else
3616 			need_to_commit = B_TRUE;
3617 		return;
3618 	case PT_FS_ALLOWED:
3619 		if ((err = zonecfg_set_fs_allowed(handle, NULL)) != Z_OK)
3620 			z_cmd_rt_perror(CMD_CLEAR, RT_FS_ALLOWED, err, B_TRUE);
3621 		else
3622 			need_to_commit = B_TRUE;
3623 		return;
3624 	default:
3625 		zone_perror(pt_to_str(type), Z_NO_PROPERTY_TYPE, B_TRUE);
3626 		long_usage(CMD_CLEAR, B_TRUE);
3627 		usage(B_FALSE, HELP_PROPS);
3628 		return;
3629 	}
3630 }
3631 
3632 void
3633 clear_func(cmd_t *cmd)
3634 {
3635 	if (zone_is_read_only(CMD_CLEAR))
3636 		return;
3637 
3638 	assert(cmd != NULL);
3639 
3640 	if (global_scope) {
3641 		if (gz_invalid_property(cmd->cmd_res_type)) {
3642 			zerr(gettext("%s is not a valid property for the "
3643 			    "global zone."), pt_to_str(cmd->cmd_res_type));
3644 			saw_error = B_TRUE;
3645 			return;
3646 		}
3647 
3648 		clear_global(cmd);
3649 	} else {
3650 		clear_property(cmd);
3651 	}
3652 }
3653 
3654 void
3655 select_func(cmd_t *cmd)
3656 {
3657 	int type, err, res;
3658 	uint64_t limit;
3659 	uint64_t tmp;
3660 
3661 	if (zone_is_read_only(CMD_SELECT))
3662 		return;
3663 
3664 	assert(cmd != NULL);
3665 
3666 	if (global_scope) {
3667 		global_scope = B_FALSE;
3668 		resource_scope = cmd->cmd_res_type;
3669 		end_op = CMD_SELECT;
3670 	} else {
3671 		scope_usage(CMD_SELECT);
3672 		return;
3673 	}
3674 
3675 	if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3676 		long_usage(CMD_SELECT, B_TRUE);
3677 		return;
3678 	}
3679 
3680 	if (initialize(B_TRUE) != Z_OK)
3681 		return;
3682 
3683 	switch (type) {
3684 	case RT_FS:
3685 		if ((err = fill_in_fstab(cmd, &old_fstab, B_FALSE)) != Z_OK) {
3686 			z_cmd_rt_perror(CMD_SELECT, RT_FS, err, B_TRUE);
3687 			global_scope = B_TRUE;
3688 		}
3689 		bcopy(&old_fstab, &in_progress_fstab,
3690 		    sizeof (struct zone_fstab));
3691 		return;
3692 	case RT_NET:
3693 		if ((err = fill_in_nwiftab(cmd, &old_nwiftab, B_FALSE))
3694 		    != Z_OK) {
3695 			z_cmd_rt_perror(CMD_SELECT, RT_NET, err, B_TRUE);
3696 			global_scope = B_TRUE;
3697 		}
3698 		bcopy(&old_nwiftab, &in_progress_nwiftab,
3699 		    sizeof (struct zone_nwiftab));
3700 		return;
3701 	case RT_DEVICE:
3702 		if ((err = fill_in_devtab(cmd, &old_devtab, B_FALSE)) != Z_OK) {
3703 			z_cmd_rt_perror(CMD_SELECT, RT_DEVICE, err, B_TRUE);
3704 			global_scope = B_TRUE;
3705 		}
3706 		bcopy(&old_devtab, &in_progress_devtab,
3707 		    sizeof (struct zone_devtab));
3708 		return;
3709 	case RT_RCTL:
3710 		if ((err = fill_in_rctltab(cmd, &old_rctltab, B_FALSE))
3711 		    != Z_OK) {
3712 			z_cmd_rt_perror(CMD_SELECT, RT_RCTL, err, B_TRUE);
3713 			global_scope = B_TRUE;
3714 		}
3715 		bcopy(&old_rctltab, &in_progress_rctltab,
3716 		    sizeof (struct zone_rctltab));
3717 		return;
3718 	case RT_ATTR:
3719 		if ((err = fill_in_attrtab(cmd, &old_attrtab, B_FALSE))
3720 		    != Z_OK) {
3721 			z_cmd_rt_perror(CMD_SELECT, RT_ATTR, err, B_TRUE);
3722 			global_scope = B_TRUE;
3723 		}
3724 		bcopy(&old_attrtab, &in_progress_attrtab,
3725 		    sizeof (struct zone_attrtab));
3726 		return;
3727 	case RT_DATASET:
3728 		if ((err = fill_in_dstab(cmd, &old_dstab, B_FALSE)) != Z_OK) {
3729 			z_cmd_rt_perror(CMD_SELECT, RT_DATASET, err, B_TRUE);
3730 			global_scope = B_TRUE;
3731 		}
3732 		bcopy(&old_dstab, &in_progress_dstab,
3733 		    sizeof (struct zone_dstab));
3734 		return;
3735 	case RT_DCPU:
3736 		if ((err = zonecfg_lookup_pset(handle, &old_psettab)) != Z_OK) {
3737 			z_cmd_rt_perror(CMD_SELECT, RT_DCPU, err, B_TRUE);
3738 			global_scope = B_TRUE;
3739 		}
3740 		bcopy(&old_psettab, &in_progress_psettab,
3741 		    sizeof (struct zone_psettab));
3742 		return;
3743 	case RT_PCAP:
3744 		if ((err = zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp))
3745 		    != Z_OK) {
3746 			z_cmd_rt_perror(CMD_SELECT, RT_PCAP, err, B_TRUE);
3747 			global_scope = B_TRUE;
3748 		}
3749 		return;
3750 	case RT_MCAP:
3751 		/* if none of these exist, there is no resource to select */
3752 		if ((res = zonecfg_lookup_mcap(handle, &old_mcaptab)) != Z_OK &&
3753 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &limit)
3754 		    != Z_OK &&
3755 		    zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &limit)
3756 		    != Z_OK) {
3757 			z_cmd_rt_perror(CMD_SELECT, RT_MCAP, Z_NO_RESOURCE_TYPE,
3758 			    B_TRUE);
3759 			global_scope = B_TRUE;
3760 		}
3761 		if (res == Z_OK)
3762 			bcopy(&old_mcaptab, &in_progress_mcaptab,
3763 			    sizeof (struct zone_mcaptab));
3764 		else
3765 			bzero(&in_progress_mcaptab,
3766 			    sizeof (in_progress_mcaptab));
3767 		return;
3768 	case RT_ADMIN:
3769 		if ((err = fill_in_admintab(cmd, &old_admintab, B_FALSE))
3770 		    != Z_OK) {
3771 			z_cmd_rt_perror(CMD_SELECT, RT_ADMIN, err,
3772 			    B_TRUE);
3773 			global_scope = B_TRUE;
3774 		}
3775 		bcopy(&old_admintab, &in_progress_admintab,
3776 		    sizeof (struct zone_admintab));
3777 		return;
3778 	default:
3779 		zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3780 		long_usage(CMD_SELECT, B_TRUE);
3781 		usage(B_FALSE, HELP_RESOURCES);
3782 		return;
3783 	}
3784 }
3785 
3786 /*
3787  * Network "addresses" can be one of the following forms:
3788  *	<IPv4 address>
3789  *	<IPv4 address>/<prefix length>
3790  *	<IPv6 address>/<prefix length>
3791  *	<host name>
3792  *	<host name>/<prefix length>
3793  * In other words, the "/" followed by a prefix length is allowed but not
3794  * required for IPv4 addresses and host names, and required for IPv6 addresses.
3795  * If a prefix length is given, it must be in the allowable range: 0 to 32 for
3796  * IPv4 addresses and host names, 0 to 128 for IPv6 addresses.
3797  * Host names must start with an alpha-numeric character, and all subsequent
3798  * characters must be either alpha-numeric or "-".
3799  *
3800  * In some cases, e.g., the nexthop for the defrouter, the context indicates
3801  * that this is the IPV4_ABITS or IPV6_ABITS netmask, in which case we don't
3802  * require the /<prefix length> (and should ignore it if provided).
3803  */
3804 
3805 static int
3806 validate_net_address_syntax(char *address, boolean_t ishost)
3807 {
3808 	char *slashp, part1[MAXHOSTNAMELEN];
3809 	struct in6_addr in6;
3810 	struct in_addr in4;
3811 	int prefixlen, i;
3812 
3813 	/*
3814 	 * Copy the part before any '/' into part1 or copy the whole
3815 	 * thing if there is no '/'.
3816 	 */
3817 	if ((slashp = strchr(address, '/')) != NULL) {
3818 		*slashp = '\0';
3819 		(void) strlcpy(part1, address, sizeof (part1));
3820 		*slashp = '/';
3821 		prefixlen = atoi(++slashp);
3822 	} else {
3823 		(void) strlcpy(part1, address, sizeof (part1));
3824 	}
3825 
3826 	if (ishost && slashp != NULL) {
3827 		zerr(gettext("Warning: prefix length in %s is not required and "
3828 		    "will be ignored. The default host-prefix length "
3829 		    "will be used"), address);
3830 	}
3831 
3832 
3833 	if (inet_pton(AF_INET6, part1, &in6) == 1) {
3834 		if (ishost) {
3835 			prefixlen = IPV6_ABITS;
3836 		} else if (slashp == NULL) {
3837 			zerr(gettext("%s: IPv6 addresses "
3838 			    "require /prefix-length suffix."), address);
3839 			return (Z_ERR);
3840 		}
3841 		if (prefixlen < 0 || prefixlen > 128) {
3842 			zerr(gettext("%s: IPv6 address "
3843 			    "prefix lengths must be 0 - 128."), address);
3844 			return (Z_ERR);
3845 		}
3846 		return (Z_OK);
3847 	}
3848 
3849 	/* At this point, any /prefix must be for IPv4. */
3850 	if (ishost)
3851 		prefixlen = IPV4_ABITS;
3852 	else if (slashp != NULL) {
3853 		if (prefixlen < 0 || prefixlen > 32) {
3854 			zerr(gettext("%s: IPv4 address "
3855 			    "prefix lengths must be 0 - 32."), address);
3856 			return (Z_ERR);
3857 		}
3858 	}
3859 
3860 	if (inet_pton(AF_INET, part1, &in4) == 1)
3861 		return (Z_OK);
3862 
3863 	/* address may also be a host name */
3864 	if (!isalnum(part1[0])) {
3865 		zerr(gettext("%s: bogus host name or network address syntax"),
3866 		    part1);
3867 		saw_error = B_TRUE;
3868 		usage(B_FALSE, HELP_NETADDR);
3869 		return (Z_ERR);
3870 	}
3871 	for (i = 1; part1[i]; i++)
3872 		if (!isalnum(part1[i]) && part1[i] != '-' && part1[i] != '.') {
3873 			zerr(gettext("%s: bogus host name or "
3874 			    "network address syntax"), part1);
3875 			saw_error = B_TRUE;
3876 			usage(B_FALSE, HELP_NETADDR);
3877 			return (Z_ERR);
3878 		}
3879 	return (Z_OK);
3880 }
3881 
3882 static int
3883 validate_net_physical_syntax(const char *ifname)
3884 {
3885 	ifspec_t ifnameprop;
3886 	zone_iptype_t iptype;
3887 
3888 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
3889 		zerr(gettext("zone configuration has an invalid or nonexistent "
3890 		    "ip-type property"));
3891 		return (Z_ERR);
3892 	}
3893 	switch (iptype) {
3894 	case ZS_SHARED:
3895 		if (ifparse_ifspec(ifname, &ifnameprop) == B_FALSE) {
3896 			zerr(gettext("%s: invalid physical interface name"),
3897 			    ifname);
3898 			return (Z_ERR);
3899 		}
3900 		if (ifnameprop.ifsp_lunvalid) {
3901 			zerr(gettext("%s: LUNs not allowed in physical "
3902 			    "interface names"), ifname);
3903 			return (Z_ERR);
3904 		}
3905 		break;
3906 	case ZS_EXCLUSIVE:
3907 		if (dladm_valid_linkname(ifname) == B_FALSE) {
3908 			if (strchr(ifname, ':') != NULL)
3909 				zerr(gettext("%s: physical interface name "
3910 				    "required; logical interface name not "
3911 				    "allowed"), ifname);
3912 			else
3913 				zerr(gettext("%s: invalid physical interface "
3914 				    "name"), ifname);
3915 			return (Z_ERR);
3916 		}
3917 		break;
3918 	}
3919 	return (Z_OK);
3920 }
3921 
3922 static boolean_t
3923 valid_fs_type(const char *type)
3924 {
3925 	/*
3926 	 * Is this a valid path component?
3927 	 */
3928 	if (strlen(type) + 1 > MAXNAMELEN)
3929 		return (B_FALSE);
3930 	/*
3931 	 * Make sure a bad value for "type" doesn't make
3932 	 * /usr/lib/fs/<type>/mount turn into something else.
3933 	 */
3934 	if (strchr(type, '/') != NULL || type[0] == '\0' ||
3935 	    strcmp(type, ".") == 0 || strcmp(type, "..") == 0)
3936 		return (B_FALSE);
3937 	/*
3938 	 * More detailed verification happens later by zoneadm(1m).
3939 	 */
3940 	return (B_TRUE);
3941 }
3942 
3943 static boolean_t
3944 allow_exclusive()
3945 {
3946 	brand_handle_t	bh;
3947 	char		brand[MAXNAMELEN];
3948 	boolean_t	ret;
3949 
3950 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
3951 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
3952 		return (B_FALSE);
3953 	}
3954 	if ((bh = brand_open(brand)) == NULL) {
3955 		zerr("%s: %s\n", zone, gettext("unknown brand."));
3956 		return (B_FALSE);
3957 	}
3958 	ret = brand_allow_exclusive_ip(bh);
3959 	brand_close(bh);
3960 	if (!ret)
3961 		zerr(gettext("%s cannot be '%s' when %s is '%s'."),
3962 		    pt_to_str(PT_IPTYPE), "exclusive",
3963 		    pt_to_str(PT_BRAND), brand);
3964 	return (ret);
3965 }
3966 
3967 static void
3968 set_aliased_rctl(char *alias, int prop_type, char *s)
3969 {
3970 	uint64_t limit;
3971 	int err;
3972 	char tmp[128];
3973 
3974 	if (global_zone && strcmp(alias, ALIAS_SHARES) != 0)
3975 		zerr(gettext("WARNING: Setting a global zone resource "
3976 		    "control too low could deny\nservice "
3977 		    "to even the root user; "
3978 		    "this could render the system impossible\n"
3979 		    "to administer.  Please use caution."));
3980 
3981 	/* convert memory based properties */
3982 	if (prop_type == PT_MAXSHMMEM) {
3983 		if (!zonecfg_valid_memlimit(s, &limit)) {
3984 			zerr(gettext("A non-negative number with a required "
3985 			    "scale suffix (K, M, G or T) was expected\nhere."));
3986 			saw_error = B_TRUE;
3987 			return;
3988 		}
3989 
3990 		(void) snprintf(tmp, sizeof (tmp), "%llu", limit);
3991 		s = tmp;
3992 	}
3993 
3994 	if (!zonecfg_aliased_rctl_ok(handle, alias)) {
3995 		zone_perror(pt_to_str(prop_type), Z_ALIAS_DISALLOW, B_FALSE);
3996 		saw_error = B_TRUE;
3997 	} else if (!zonecfg_valid_alias_limit(alias, s, &limit)) {
3998 		zerr(gettext("%s property is out of range."),
3999 		    pt_to_str(prop_type));
4000 		saw_error = B_TRUE;
4001 	} else if ((err = zonecfg_set_aliased_rctl(handle, alias, limit))
4002 	    != Z_OK) {
4003 		zone_perror(zone, err, B_TRUE);
4004 		saw_error = B_TRUE;
4005 	} else {
4006 		need_to_commit = B_TRUE;
4007 	}
4008 }
4009 
4010 static void
4011 set_in_progress_nwiftab_address(char *prop_id, int prop_type)
4012 {
4013 	if (prop_type == PT_ADDRESS) {
4014 		(void) strlcpy(in_progress_nwiftab.zone_nwif_address, prop_id,
4015 		    sizeof (in_progress_nwiftab.zone_nwif_address));
4016 	} else {
4017 		assert(prop_type == PT_ALLOWED_ADDRESS);
4018 		(void) strlcpy(in_progress_nwiftab.zone_nwif_allowed_address,
4019 		    prop_id,
4020 		    sizeof (in_progress_nwiftab.zone_nwif_allowed_address));
4021 	}
4022 }
4023 
4024 void
4025 set_func(cmd_t *cmd)
4026 {
4027 	char *prop_id;
4028 	int arg, err, res_type, prop_type;
4029 	property_value_ptr_t pp;
4030 	boolean_t autoboot;
4031 	zone_iptype_t iptype;
4032 	boolean_t force_set = B_FALSE;
4033 	size_t physmem_size = sizeof (in_progress_mcaptab.zone_physmem_cap);
4034 	uint64_t mem_cap, mem_limit;
4035 	float cap;
4036 	char *unitp;
4037 	struct zone_psettab tmp_psettab;
4038 	boolean_t arg_err = B_FALSE;
4039 
4040 	if (zone_is_read_only(CMD_SET))
4041 		return;
4042 
4043 	assert(cmd != NULL);
4044 
4045 	optind = opterr = 0;
4046 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
4047 		switch (arg) {
4048 		case 'F':
4049 			force_set = B_TRUE;
4050 			break;
4051 		default:
4052 			if (optopt == '?')
4053 				longer_usage(CMD_SET);
4054 			else
4055 				short_usage(CMD_SET);
4056 			arg_err = B_TRUE;
4057 			break;
4058 		}
4059 	}
4060 	if (arg_err)
4061 		return;
4062 
4063 	prop_type = cmd->cmd_prop_name[0];
4064 	if (global_scope) {
4065 		if (gz_invalid_property(prop_type)) {
4066 			zerr(gettext("%s is not a valid property for the "
4067 			    "global zone."), pt_to_str(prop_type));
4068 			saw_error = B_TRUE;
4069 			return;
4070 		}
4071 
4072 		if (prop_type == PT_ZONENAME) {
4073 			res_type = RT_ZONENAME;
4074 		} else if (prop_type == PT_ZONEPATH) {
4075 			res_type = RT_ZONEPATH;
4076 		} else if (prop_type == PT_AUTOBOOT) {
4077 			res_type = RT_AUTOBOOT;
4078 		} else if (prop_type == PT_BRAND) {
4079 			res_type = RT_BRAND;
4080 		} else if (prop_type == PT_POOL) {
4081 			res_type = RT_POOL;
4082 		} else if (prop_type == PT_LIMITPRIV) {
4083 			res_type = RT_LIMITPRIV;
4084 		} else if (prop_type == PT_BOOTARGS) {
4085 			res_type = RT_BOOTARGS;
4086 		} else if (prop_type == PT_SCHED) {
4087 			res_type = RT_SCHED;
4088 		} else if (prop_type == PT_IPTYPE) {
4089 			res_type = RT_IPTYPE;
4090 		} else if (prop_type == PT_MAXLWPS) {
4091 			res_type = RT_MAXLWPS;
4092 		} else if (prop_type == PT_MAXPROCS) {
4093 			res_type = RT_MAXPROCS;
4094 		} else if (prop_type == PT_MAXSHMMEM) {
4095 			res_type = RT_MAXSHMMEM;
4096 		} else if (prop_type == PT_MAXSHMIDS) {
4097 			res_type = RT_MAXSHMIDS;
4098 		} else if (prop_type == PT_MAXMSGIDS) {
4099 			res_type = RT_MAXMSGIDS;
4100 		} else if (prop_type == PT_MAXSEMIDS) {
4101 			res_type = RT_MAXSEMIDS;
4102 		} else if (prop_type == PT_SHARES) {
4103 			res_type = RT_SHARES;
4104 		} else if (prop_type == PT_HOSTID) {
4105 			res_type = RT_HOSTID;
4106 		} else if (prop_type == PT_FS_ALLOWED) {
4107 			res_type = RT_FS_ALLOWED;
4108 		} else {
4109 			zerr(gettext("Cannot set a resource-specific property "
4110 			    "from the global scope."));
4111 			saw_error = B_TRUE;
4112 			return;
4113 		}
4114 	} else {
4115 		res_type = resource_scope;
4116 	}
4117 
4118 	if (force_set) {
4119 		if (res_type != RT_ZONEPATH) {
4120 			zerr(gettext("Only zonepath setting can be forced."));
4121 			saw_error = B_TRUE;
4122 			return;
4123 		}
4124 		if (!zonecfg_in_alt_root()) {
4125 			zerr(gettext("Zonepath is changeable only in an "
4126 			    "alternate root."));
4127 			saw_error = B_TRUE;
4128 			return;
4129 		}
4130 	}
4131 
4132 	pp = cmd->cmd_property_ptr[0];
4133 	/*
4134 	 * A nasty expression but not that complicated:
4135 	 * 1. fs options are simple or list (tested below)
4136 	 * 2. rctl value's are complex or list (tested below)
4137 	 * Anything else should be simple.
4138 	 */
4139 	if (!(res_type == RT_FS && prop_type == PT_OPTIONS) &&
4140 	    !(res_type == RT_RCTL && prop_type == PT_VALUE) &&
4141 	    (pp->pv_type != PROP_VAL_SIMPLE ||
4142 	    (prop_id = pp->pv_simple) == NULL)) {
4143 		zerr(gettext("A %s value was expected here."),
4144 		    pvt_to_str(PROP_VAL_SIMPLE));
4145 		saw_error = B_TRUE;
4146 		return;
4147 	}
4148 	if (prop_type == PT_UNKNOWN) {
4149 		long_usage(CMD_SET, B_TRUE);
4150 		return;
4151 	}
4152 
4153 	/*
4154 	 * Special case: the user can change the zone name prior to 'create';
4155 	 * if the zone already exists, we fall through letting initialize()
4156 	 * and the rest of the logic run.
4157 	 */
4158 	if (res_type == RT_ZONENAME && got_handle == B_FALSE &&
4159 	    !state_atleast(ZONE_STATE_CONFIGURED)) {
4160 		if ((err = zonecfg_validate_zonename(prop_id)) != Z_OK) {
4161 			zone_perror(prop_id, err, B_TRUE);
4162 			usage(B_FALSE, HELP_SYNTAX);
4163 			return;
4164 		}
4165 		(void) strlcpy(zone, prop_id, sizeof (zone));
4166 		return;
4167 	}
4168 
4169 	if (initialize(B_TRUE) != Z_OK)
4170 		return;
4171 
4172 	switch (res_type) {
4173 	case RT_ZONENAME:
4174 		if ((err = zonecfg_set_name(handle, prop_id)) != Z_OK) {
4175 			/*
4176 			 * Use prop_id instead of 'zone' here, since we're
4177 			 * reporting a problem about the *new* zonename.
4178 			 */
4179 			zone_perror(prop_id, err, B_TRUE);
4180 			usage(B_FALSE, HELP_SYNTAX);
4181 		} else {
4182 			need_to_commit = B_TRUE;
4183 			(void) strlcpy(zone, prop_id, sizeof (zone));
4184 		}
4185 		return;
4186 	case RT_ZONEPATH:
4187 		if (!force_set && state_atleast(ZONE_STATE_INSTALLED)) {
4188 			zerr(gettext("Zone %s already installed; %s %s not "
4189 			    "allowed."), zone, cmd_to_str(CMD_SET),
4190 			    rt_to_str(RT_ZONEPATH));
4191 			return;
4192 		}
4193 		if (validate_zonepath_syntax(prop_id) != Z_OK) {
4194 			saw_error = B_TRUE;
4195 			return;
4196 		}
4197 		if ((err = zonecfg_set_zonepath(handle, prop_id)) != Z_OK)
4198 			zone_perror(zone, err, B_TRUE);
4199 		else
4200 			need_to_commit = B_TRUE;
4201 		return;
4202 	case RT_BRAND:
4203 		if (state_atleast(ZONE_STATE_INSTALLED)) {
4204 			zerr(gettext("Zone %s already installed; %s %s not "
4205 			    "allowed."), zone, cmd_to_str(CMD_SET),
4206 			    rt_to_str(RT_BRAND));
4207 			return;
4208 		}
4209 		if ((err = zonecfg_set_brand(handle, prop_id)) != Z_OK)
4210 			zone_perror(zone, err, B_TRUE);
4211 		else
4212 			need_to_commit = B_TRUE;
4213 		return;
4214 	case RT_AUTOBOOT:
4215 		if (strcmp(prop_id, "true") == 0) {
4216 			autoboot = B_TRUE;
4217 		} else if (strcmp(prop_id, "false") == 0) {
4218 			autoboot = B_FALSE;
4219 		} else {
4220 			zerr(gettext("%s value must be '%s' or '%s'."),
4221 			    pt_to_str(PT_AUTOBOOT), "true", "false");
4222 			saw_error = B_TRUE;
4223 			return;
4224 		}
4225 		if ((err = zonecfg_set_autoboot(handle, autoboot)) != Z_OK)
4226 			zone_perror(zone, err, B_TRUE);
4227 		else
4228 			need_to_commit = B_TRUE;
4229 		return;
4230 	case RT_POOL:
4231 		/* don't allow use of the reserved temporary pool names */
4232 		if (strncmp("SUNW", prop_id, 4) == 0) {
4233 			zerr(gettext("pool names starting with SUNW are "
4234 			    "reserved."));
4235 			saw_error = B_TRUE;
4236 			return;
4237 		}
4238 
4239 		/* can't set pool if dedicated-cpu exists */
4240 		if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
4241 			zerr(gettext("The %s resource already exists.  "
4242 			    "A persistent pool is incompatible\nwith the %s "
4243 			    "resource."), rt_to_str(RT_DCPU),
4244 			    rt_to_str(RT_DCPU));
4245 			saw_error = B_TRUE;
4246 			return;
4247 		}
4248 
4249 		if ((err = zonecfg_set_pool(handle, prop_id)) != Z_OK)
4250 			zone_perror(zone, err, B_TRUE);
4251 		else
4252 			need_to_commit = B_TRUE;
4253 		return;
4254 	case RT_LIMITPRIV:
4255 		if ((err = zonecfg_set_limitpriv(handle, prop_id)) != Z_OK)
4256 			zone_perror(zone, err, B_TRUE);
4257 		else
4258 			need_to_commit = B_TRUE;
4259 		return;
4260 	case RT_BOOTARGS:
4261 		if ((err = zonecfg_set_bootargs(handle, prop_id)) != Z_OK)
4262 			zone_perror(zone, err, B_TRUE);
4263 		else
4264 			need_to_commit = B_TRUE;
4265 		return;
4266 	case RT_SCHED:
4267 		if ((err = zonecfg_set_sched(handle, prop_id)) != Z_OK)
4268 			zone_perror(zone, err, B_TRUE);
4269 		else
4270 			need_to_commit = B_TRUE;
4271 		return;
4272 	case RT_IPTYPE:
4273 		if (strcmp(prop_id, "shared") == 0) {
4274 			iptype = ZS_SHARED;
4275 		} else if (strcmp(prop_id, "exclusive") == 0) {
4276 			iptype = ZS_EXCLUSIVE;
4277 		} else {
4278 			zerr(gettext("%s value must be '%s' or '%s'."),
4279 			    pt_to_str(PT_IPTYPE), "shared", "exclusive");
4280 			saw_error = B_TRUE;
4281 			return;
4282 		}
4283 		if (iptype == ZS_EXCLUSIVE && !allow_exclusive()) {
4284 			saw_error = B_TRUE;
4285 			return;
4286 		}
4287 		if ((err = zonecfg_set_iptype(handle, iptype)) != Z_OK)
4288 			zone_perror(zone, err, B_TRUE);
4289 		else
4290 			need_to_commit = B_TRUE;
4291 		return;
4292 	case RT_MAXLWPS:
4293 		set_aliased_rctl(ALIAS_MAXLWPS, prop_type, prop_id);
4294 		return;
4295 	case RT_MAXPROCS:
4296 		set_aliased_rctl(ALIAS_MAXPROCS, prop_type, prop_id);
4297 		return;
4298 	case RT_MAXSHMMEM:
4299 		set_aliased_rctl(ALIAS_MAXSHMMEM, prop_type, prop_id);
4300 		return;
4301 	case RT_MAXSHMIDS:
4302 		set_aliased_rctl(ALIAS_MAXSHMIDS, prop_type, prop_id);
4303 		return;
4304 	case RT_MAXMSGIDS:
4305 		set_aliased_rctl(ALIAS_MAXMSGIDS, prop_type, prop_id);
4306 		return;
4307 	case RT_MAXSEMIDS:
4308 		set_aliased_rctl(ALIAS_MAXSEMIDS, prop_type, prop_id);
4309 		return;
4310 	case RT_SHARES:
4311 		set_aliased_rctl(ALIAS_SHARES, prop_type, prop_id);
4312 		return;
4313 	case RT_HOSTID:
4314 		if ((err = zonecfg_set_hostid(handle, prop_id)) != Z_OK) {
4315 			if (err == Z_TOO_BIG) {
4316 				zerr(gettext("hostid string is too large: %s"),
4317 				    prop_id);
4318 				saw_error = B_TRUE;
4319 			} else {
4320 				zone_perror(pt_to_str(prop_type), err, B_TRUE);
4321 			}
4322 			return;
4323 		}
4324 		need_to_commit = B_TRUE;
4325 		return;
4326 	case RT_FS_ALLOWED:
4327 		if ((err = zonecfg_set_fs_allowed(handle, prop_id)) != Z_OK)
4328 			zone_perror(zone, err, B_TRUE);
4329 		else
4330 			need_to_commit = B_TRUE;
4331 		return;
4332 	case RT_FS:
4333 		switch (prop_type) {
4334 		case PT_DIR:
4335 			(void) strlcpy(in_progress_fstab.zone_fs_dir, prop_id,
4336 			    sizeof (in_progress_fstab.zone_fs_dir));
4337 			return;
4338 		case PT_SPECIAL:
4339 			(void) strlcpy(in_progress_fstab.zone_fs_special,
4340 			    prop_id,
4341 			    sizeof (in_progress_fstab.zone_fs_special));
4342 			return;
4343 		case PT_RAW:
4344 			(void) strlcpy(in_progress_fstab.zone_fs_raw,
4345 			    prop_id, sizeof (in_progress_fstab.zone_fs_raw));
4346 			return;
4347 		case PT_TYPE:
4348 			if (!valid_fs_type(prop_id)) {
4349 				zerr(gettext("\"%s\" is not a valid %s."),
4350 				    prop_id, pt_to_str(PT_TYPE));
4351 				saw_error = B_TRUE;
4352 				return;
4353 			}
4354 			(void) strlcpy(in_progress_fstab.zone_fs_type, prop_id,
4355 			    sizeof (in_progress_fstab.zone_fs_type));
4356 			return;
4357 		case PT_OPTIONS:
4358 			if (pp->pv_type != PROP_VAL_SIMPLE &&
4359 			    pp->pv_type != PROP_VAL_LIST) {
4360 				zerr(gettext("A %s or %s value was expected "
4361 				    "here."), pvt_to_str(PROP_VAL_SIMPLE),
4362 				    pvt_to_str(PROP_VAL_LIST));
4363 				saw_error = B_TRUE;
4364 				return;
4365 			}
4366 			zonecfg_free_fs_option_list(
4367 			    in_progress_fstab.zone_fs_options);
4368 			in_progress_fstab.zone_fs_options = NULL;
4369 			if (!(pp->pv_type == PROP_VAL_LIST &&
4370 			    pp->pv_list == NULL))
4371 				add_property(cmd);
4372 			return;
4373 		default:
4374 			break;
4375 		}
4376 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4377 		long_usage(CMD_SET, B_TRUE);
4378 		usage(B_FALSE, HELP_PROPS);
4379 		return;
4380 	case RT_NET:
4381 		switch (prop_type) {
4382 		case PT_ADDRESS:
4383 		case PT_ALLOWED_ADDRESS:
4384 			if (validate_net_address_syntax(prop_id, B_FALSE)
4385 			    != Z_OK) {
4386 				saw_error = B_TRUE;
4387 				return;
4388 			}
4389 			set_in_progress_nwiftab_address(prop_id, prop_type);
4390 			break;
4391 		case PT_PHYSICAL:
4392 			if (validate_net_physical_syntax(prop_id) != Z_OK) {
4393 				saw_error = B_TRUE;
4394 				return;
4395 			}
4396 			(void) strlcpy(in_progress_nwiftab.zone_nwif_physical,
4397 			    prop_id,
4398 			    sizeof (in_progress_nwiftab.zone_nwif_physical));
4399 			break;
4400 		case PT_DEFROUTER:
4401 			if (validate_net_address_syntax(prop_id, B_TRUE)
4402 			    != Z_OK) {
4403 				saw_error = B_TRUE;
4404 				return;
4405 			}
4406 			(void) strlcpy(in_progress_nwiftab.zone_nwif_defrouter,
4407 			    prop_id,
4408 			    sizeof (in_progress_nwiftab.zone_nwif_defrouter));
4409 			break;
4410 		default:
4411 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4412 			    B_TRUE);
4413 			long_usage(CMD_SET, B_TRUE);
4414 			usage(B_FALSE, HELP_PROPS);
4415 			return;
4416 		}
4417 		return;
4418 	case RT_DEVICE:
4419 		switch (prop_type) {
4420 		case PT_MATCH:
4421 			(void) strlcpy(in_progress_devtab.zone_dev_match,
4422 			    prop_id,
4423 			    sizeof (in_progress_devtab.zone_dev_match));
4424 			break;
4425 		default:
4426 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4427 			    B_TRUE);
4428 			long_usage(CMD_SET, B_TRUE);
4429 			usage(B_FALSE, HELP_PROPS);
4430 			return;
4431 		}
4432 		return;
4433 	case RT_RCTL:
4434 		switch (prop_type) {
4435 		case PT_NAME:
4436 			if (!zonecfg_valid_rctlname(prop_id)) {
4437 				zerr(gettext("'%s' is not a valid zone %s "
4438 				    "name."), prop_id, rt_to_str(RT_RCTL));
4439 				return;
4440 			}
4441 			(void) strlcpy(in_progress_rctltab.zone_rctl_name,
4442 			    prop_id,
4443 			    sizeof (in_progress_rctltab.zone_rctl_name));
4444 			break;
4445 		case PT_VALUE:
4446 			if (pp->pv_type != PROP_VAL_COMPLEX &&
4447 			    pp->pv_type != PROP_VAL_LIST) {
4448 				zerr(gettext("A %s or %s value was expected "
4449 				    "here."), pvt_to_str(PROP_VAL_COMPLEX),
4450 				    pvt_to_str(PROP_VAL_LIST));
4451 				saw_error = B_TRUE;
4452 				return;
4453 			}
4454 			zonecfg_free_rctl_value_list(
4455 			    in_progress_rctltab.zone_rctl_valptr);
4456 			in_progress_rctltab.zone_rctl_valptr = NULL;
4457 			if (!(pp->pv_type == PROP_VAL_LIST &&
4458 			    pp->pv_list == NULL))
4459 				add_property(cmd);
4460 			break;
4461 		default:
4462 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4463 			    B_TRUE);
4464 			long_usage(CMD_SET, B_TRUE);
4465 			usage(B_FALSE, HELP_PROPS);
4466 			return;
4467 		}
4468 		return;
4469 	case RT_ATTR:
4470 		switch (prop_type) {
4471 		case PT_NAME:
4472 			(void) strlcpy(in_progress_attrtab.zone_attr_name,
4473 			    prop_id,
4474 			    sizeof (in_progress_attrtab.zone_attr_name));
4475 			break;
4476 		case PT_TYPE:
4477 			(void) strlcpy(in_progress_attrtab.zone_attr_type,
4478 			    prop_id,
4479 			    sizeof (in_progress_attrtab.zone_attr_type));
4480 			break;
4481 		case PT_VALUE:
4482 			(void) strlcpy(in_progress_attrtab.zone_attr_value,
4483 			    prop_id,
4484 			    sizeof (in_progress_attrtab.zone_attr_value));
4485 			break;
4486 		default:
4487 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4488 			    B_TRUE);
4489 			long_usage(CMD_SET, B_TRUE);
4490 			usage(B_FALSE, HELP_PROPS);
4491 			return;
4492 		}
4493 		return;
4494 	case RT_DATASET:
4495 		switch (prop_type) {
4496 		case PT_NAME:
4497 			(void) strlcpy(in_progress_dstab.zone_dataset_name,
4498 			    prop_id,
4499 			    sizeof (in_progress_dstab.zone_dataset_name));
4500 			return;
4501 		default:
4502 			break;
4503 		}
4504 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4505 		long_usage(CMD_SET, B_TRUE);
4506 		usage(B_FALSE, HELP_PROPS);
4507 		return;
4508 	case RT_DCPU:
4509 		switch (prop_type) {
4510 		char *lowp, *highp;
4511 
4512 		case PT_NCPUS:
4513 			lowp = prop_id;
4514 			if ((highp = strchr(prop_id, '-')) != NULL)
4515 				*highp++ = '\0';
4516 			else
4517 				highp = lowp;
4518 
4519 			/* Make sure the input makes sense. */
4520 			if (!zonecfg_valid_ncpus(lowp, highp)) {
4521 				zerr(gettext("%s property is out of range."),
4522 				    pt_to_str(PT_NCPUS));
4523 				saw_error = B_TRUE;
4524 				return;
4525 			}
4526 
4527 			(void) strlcpy(
4528 			    in_progress_psettab.zone_ncpu_min, lowp,
4529 			    sizeof (in_progress_psettab.zone_ncpu_min));
4530 			(void) strlcpy(
4531 			    in_progress_psettab.zone_ncpu_max, highp,
4532 			    sizeof (in_progress_psettab.zone_ncpu_max));
4533 			return;
4534 		case PT_IMPORTANCE:
4535 			/* Make sure the value makes sense. */
4536 			if (!zonecfg_valid_importance(prop_id)) {
4537 				zerr(gettext("%s property is out of range."),
4538 				    pt_to_str(PT_IMPORTANCE));
4539 				saw_error = B_TRUE;
4540 				return;
4541 			}
4542 
4543 			(void) strlcpy(in_progress_psettab.zone_importance,
4544 			    prop_id,
4545 			    sizeof (in_progress_psettab.zone_importance));
4546 			return;
4547 		default:
4548 			break;
4549 		}
4550 		zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4551 		long_usage(CMD_SET, B_TRUE);
4552 		usage(B_FALSE, HELP_PROPS);
4553 		return;
4554 	case RT_PCAP:
4555 		if (prop_type != PT_NCPUS) {
4556 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4557 			    B_TRUE);
4558 			long_usage(CMD_SET, B_TRUE);
4559 			usage(B_FALSE, HELP_PROPS);
4560 			return;
4561 		}
4562 
4563 		/*
4564 		 * We already checked that an rctl alias is allowed in
4565 		 * the add_resource() function.
4566 		 */
4567 
4568 		if ((cap = strtof(prop_id, &unitp)) <= 0 || *unitp != '\0' ||
4569 		    (int)(cap * 100) < 1) {
4570 			zerr(gettext("%s property is out of range."),
4571 			    pt_to_str(PT_NCPUS));
4572 			saw_error = B_TRUE;
4573 			return;
4574 		}
4575 
4576 		if ((err = zonecfg_set_aliased_rctl(handle, ALIAS_CPUCAP,
4577 		    (int)(cap * 100))) != Z_OK)
4578 			zone_perror(zone, err, B_TRUE);
4579 		else
4580 			need_to_commit = B_TRUE;
4581 		return;
4582 	case RT_MCAP:
4583 		switch (prop_type) {
4584 		case PT_PHYSICAL:
4585 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4586 				zerr(gettext("A positive number with a "
4587 				    "required scale suffix (K, M, G or T) was "
4588 				    "expected here."));
4589 				saw_error = B_TRUE;
4590 			} else if (mem_cap < ONE_MB) {
4591 				zerr(gettext("%s value is too small.  It must "
4592 				    "be at least 1M."), pt_to_str(PT_PHYSICAL));
4593 				saw_error = B_TRUE;
4594 			} else {
4595 				snprintf(in_progress_mcaptab.zone_physmem_cap,
4596 				    physmem_size, "%llu", mem_cap);
4597 			}
4598 			break;
4599 		case PT_SWAP:
4600 			/*
4601 			 * We have to check if an rctl is allowed here since
4602 			 * there might already be a rctl defined that blocks
4603 			 * the alias.
4604 			 */
4605 			if (!zonecfg_aliased_rctl_ok(handle, ALIAS_MAXSWAP)) {
4606 				zone_perror(pt_to_str(PT_MAXSWAP),
4607 				    Z_ALIAS_DISALLOW, B_FALSE);
4608 				saw_error = B_TRUE;
4609 				return;
4610 			}
4611 
4612 			if (global_zone)
4613 				mem_limit = ONE_MB * 100;
4614 			else
4615 				mem_limit = ONE_MB * 50;
4616 
4617 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4618 				zerr(gettext("A positive number with a "
4619 				    "required scale suffix (K, M, G or T) was "
4620 				    "expected here."));
4621 				saw_error = B_TRUE;
4622 			} else if (mem_cap < mem_limit) {
4623 				char buf[128];
4624 
4625 				(void) snprintf(buf, sizeof (buf), "%llu",
4626 				    mem_limit);
4627 				bytes_to_units(buf, buf, sizeof (buf));
4628 				zerr(gettext("%s value is too small.  It must "
4629 				    "be at least %s."), pt_to_str(PT_SWAP),
4630 				    buf);
4631 				saw_error = B_TRUE;
4632 			} else {
4633 				if ((err = zonecfg_set_aliased_rctl(handle,
4634 				    ALIAS_MAXSWAP, mem_cap)) != Z_OK)
4635 					zone_perror(zone, err, B_TRUE);
4636 				else
4637 					need_to_commit = B_TRUE;
4638 			}
4639 			break;
4640 		case PT_LOCKED:
4641 			/*
4642 			 * We have to check if an rctl is allowed here since
4643 			 * there might already be a rctl defined that blocks
4644 			 * the alias.
4645 			 */
4646 			if (!zonecfg_aliased_rctl_ok(handle,
4647 			    ALIAS_MAXLOCKEDMEM)) {
4648 				zone_perror(pt_to_str(PT_LOCKED),
4649 				    Z_ALIAS_DISALLOW, B_FALSE);
4650 				saw_error = B_TRUE;
4651 				return;
4652 			}
4653 
4654 			if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4655 				zerr(gettext("A non-negative number with a "
4656 				    "required scale suffix (K, M, G or T) was "
4657 				    "expected\nhere."));
4658 				saw_error = B_TRUE;
4659 			} else {
4660 				if ((err = zonecfg_set_aliased_rctl(handle,
4661 				    ALIAS_MAXLOCKEDMEM, mem_cap)) != Z_OK)
4662 					zone_perror(zone, err, B_TRUE);
4663 				else
4664 					need_to_commit = B_TRUE;
4665 			}
4666 			break;
4667 		default:
4668 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4669 			    B_TRUE);
4670 			long_usage(CMD_SET, B_TRUE);
4671 			usage(B_FALSE, HELP_PROPS);
4672 			return;
4673 		}
4674 		return;
4675 	case RT_ADMIN:
4676 		switch (prop_type) {
4677 		case PT_USER:
4678 			(void) strlcpy(in_progress_admintab.zone_admin_user,
4679 			    prop_id,
4680 			    sizeof (in_progress_admintab.zone_admin_user));
4681 			return;
4682 		case PT_AUTHS:
4683 			(void) strlcpy(in_progress_admintab.zone_admin_auths,
4684 			    prop_id,
4685 			    sizeof (in_progress_admintab.zone_admin_auths));
4686 			return;
4687 		default:
4688 			zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4689 			    B_TRUE);
4690 			long_usage(CMD_SET, B_TRUE);
4691 			usage(B_FALSE, HELP_PROPS);
4692 			return;
4693 		}
4694 	default:
4695 		zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
4696 		long_usage(CMD_SET, B_TRUE);
4697 		usage(B_FALSE, HELP_RESOURCES);
4698 		return;
4699 	}
4700 }
4701 
4702 static void
4703 output_prop(FILE *fp, int pnum, char *pval, boolean_t print_notspec)
4704 {
4705 	char *qstr;
4706 
4707 	if (*pval != '\0') {
4708 		qstr = quoteit(pval);
4709 		if (pnum == PT_SWAP || pnum == PT_LOCKED)
4710 			(void) fprintf(fp, "\t[%s: %s]\n", pt_to_str(pnum),
4711 			    qstr);
4712 		else
4713 			(void) fprintf(fp, "\t%s: %s\n", pt_to_str(pnum), qstr);
4714 		free(qstr);
4715 	} else if (print_notspec)
4716 		(void) fprintf(fp, gettext("\t%s not specified\n"),
4717 		    pt_to_str(pnum));
4718 }
4719 
4720 static void
4721 info_zonename(zone_dochandle_t handle, FILE *fp)
4722 {
4723 	char zonename[ZONENAME_MAX];
4724 
4725 	if (zonecfg_get_name(handle, zonename, sizeof (zonename)) == Z_OK)
4726 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONENAME),
4727 		    zonename);
4728 	else
4729 		(void) fprintf(fp, gettext("%s not specified\n"),
4730 		    pt_to_str(PT_ZONENAME));
4731 }
4732 
4733 static void
4734 info_zonepath(zone_dochandle_t handle, FILE *fp)
4735 {
4736 	char zonepath[MAXPATHLEN];
4737 
4738 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK)
4739 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONEPATH),
4740 		    zonepath);
4741 	else {
4742 		(void) fprintf(fp, gettext("%s not specified\n"),
4743 		    pt_to_str(PT_ZONEPATH));
4744 	}
4745 }
4746 
4747 static void
4748 info_brand(zone_dochandle_t handle, FILE *fp)
4749 {
4750 	char brand[MAXNAMELEN];
4751 
4752 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK)
4753 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BRAND),
4754 		    brand);
4755 	else
4756 		(void) fprintf(fp, "%s %s\n", pt_to_str(PT_BRAND),
4757 		    gettext("not specified"));
4758 }
4759 
4760 static void
4761 info_autoboot(zone_dochandle_t handle, FILE *fp)
4762 {
4763 	boolean_t autoboot;
4764 	int err;
4765 
4766 	if ((err = zonecfg_get_autoboot(handle, &autoboot)) == Z_OK)
4767 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_AUTOBOOT),
4768 		    autoboot ? "true" : "false");
4769 	else
4770 		zone_perror(zone, err, B_TRUE);
4771 }
4772 
4773 static void
4774 info_pool(zone_dochandle_t handle, FILE *fp)
4775 {
4776 	char pool[MAXNAMELEN];
4777 	int err;
4778 
4779 	if ((err = zonecfg_get_pool(handle, pool, sizeof (pool))) == Z_OK)
4780 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_POOL), pool);
4781 	else
4782 		zone_perror(zone, err, B_TRUE);
4783 }
4784 
4785 static void
4786 info_limitpriv(zone_dochandle_t handle, FILE *fp)
4787 {
4788 	char *limitpriv;
4789 	int err;
4790 
4791 	if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) == Z_OK) {
4792 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_LIMITPRIV),
4793 		    limitpriv);
4794 		free(limitpriv);
4795 	} else {
4796 		zone_perror(zone, err, B_TRUE);
4797 	}
4798 }
4799 
4800 static void
4801 info_bootargs(zone_dochandle_t handle, FILE *fp)
4802 {
4803 	char bootargs[BOOTARGS_MAX];
4804 	int err;
4805 
4806 	if ((err = zonecfg_get_bootargs(handle, bootargs,
4807 	    sizeof (bootargs))) == Z_OK) {
4808 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BOOTARGS),
4809 		    bootargs);
4810 	} else {
4811 		zone_perror(zone, err, B_TRUE);
4812 	}
4813 }
4814 
4815 static void
4816 info_sched(zone_dochandle_t handle, FILE *fp)
4817 {
4818 	char sched[MAXNAMELEN];
4819 	int err;
4820 
4821 	if ((err = zonecfg_get_sched_class(handle, sched, sizeof (sched)))
4822 	    == Z_OK) {
4823 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_SCHED), sched);
4824 	} else {
4825 		zone_perror(zone, err, B_TRUE);
4826 	}
4827 }
4828 
4829 static void
4830 info_iptype(zone_dochandle_t handle, FILE *fp)
4831 {
4832 	zone_iptype_t iptype;
4833 	int err;
4834 
4835 	if ((err = zonecfg_get_iptype(handle, &iptype)) == Z_OK) {
4836 		switch (iptype) {
4837 		case ZS_SHARED:
4838 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4839 			    "shared");
4840 			break;
4841 		case ZS_EXCLUSIVE:
4842 			(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4843 			    "exclusive");
4844 			break;
4845 		}
4846 	} else {
4847 		zone_perror(zone, err, B_TRUE);
4848 	}
4849 }
4850 
4851 static void
4852 info_hostid(zone_dochandle_t handle, FILE *fp)
4853 {
4854 	char hostidp[HW_HOSTID_LEN];
4855 	int err;
4856 
4857 	if ((err = zonecfg_get_hostid(handle, hostidp,
4858 	    sizeof (hostidp))) == Z_OK) {
4859 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_HOSTID), hostidp);
4860 	} else if (err == Z_BAD_PROPERTY) {
4861 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_HOSTID));
4862 	} else {
4863 		zone_perror(zone, err, B_TRUE);
4864 	}
4865 }
4866 
4867 static void
4868 info_fs_allowed(zone_dochandle_t handle, FILE *fp)
4869 {
4870 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
4871 	int err;
4872 
4873 	if ((err = zonecfg_get_fs_allowed(handle, fsallowedp,
4874 	    sizeof (fsallowedp))) == Z_OK) {
4875 		(void) fprintf(fp, "%s: %s\n", pt_to_str(PT_FS_ALLOWED),
4876 		    fsallowedp);
4877 	} else if (err == Z_BAD_PROPERTY) {
4878 		(void) fprintf(fp, "%s: \n", pt_to_str(PT_FS_ALLOWED));
4879 	} else {
4880 		zone_perror(zone, err, B_TRUE);
4881 	}
4882 }
4883 
4884 static void
4885 output_fs(FILE *fp, struct zone_fstab *fstab)
4886 {
4887 	zone_fsopt_t *this;
4888 
4889 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_FS));
4890 	output_prop(fp, PT_DIR, fstab->zone_fs_dir, B_TRUE);
4891 	output_prop(fp, PT_SPECIAL, fstab->zone_fs_special, B_TRUE);
4892 	output_prop(fp, PT_RAW, fstab->zone_fs_raw, B_TRUE);
4893 	output_prop(fp, PT_TYPE, fstab->zone_fs_type, B_TRUE);
4894 	(void) fprintf(fp, "\t%s: [", pt_to_str(PT_OPTIONS));
4895 	for (this = fstab->zone_fs_options; this != NULL;
4896 	    this = this->zone_fsopt_next) {
4897 		if (strchr(this->zone_fsopt_opt, '='))
4898 			(void) fprintf(fp, "\"%s\"", this->zone_fsopt_opt);
4899 		else
4900 			(void) fprintf(fp, "%s", this->zone_fsopt_opt);
4901 		if (this->zone_fsopt_next != NULL)
4902 			(void) fprintf(fp, ",");
4903 	}
4904 	(void) fprintf(fp, "]\n");
4905 }
4906 
4907 static void
4908 info_fs(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
4909 {
4910 	struct zone_fstab lookup, user;
4911 	boolean_t output = B_FALSE;
4912 
4913 	if (zonecfg_setfsent(handle) != Z_OK)
4914 		return;
4915 	while (zonecfg_getfsent(handle, &lookup) == Z_OK) {
4916 		if (cmd->cmd_prop_nv_pairs == 0) {
4917 			output_fs(fp, &lookup);
4918 			goto loopend;
4919 		}
4920 		if (fill_in_fstab(cmd, &user, B_TRUE) != Z_OK)
4921 			goto loopend;
4922 		if (strlen(user.zone_fs_dir) > 0 &&
4923 		    strcmp(user.zone_fs_dir, lookup.zone_fs_dir) != 0)
4924 			goto loopend;	/* no match */
4925 		if (strlen(user.zone_fs_special) > 0 &&
4926 		    strcmp(user.zone_fs_special, lookup.zone_fs_special) != 0)
4927 			goto loopend;	/* no match */
4928 		if (strlen(user.zone_fs_type) > 0 &&
4929 		    strcmp(user.zone_fs_type, lookup.zone_fs_type) != 0)
4930 			goto loopend;	/* no match */
4931 		output_fs(fp, &lookup);
4932 		output = B_TRUE;
4933 loopend:
4934 		zonecfg_free_fs_option_list(lookup.zone_fs_options);
4935 	}
4936 	(void) zonecfg_endfsent(handle);
4937 	/*
4938 	 * If a property n/v pair was specified, warn the user if there was
4939 	 * nothing to output.
4940 	 */
4941 	if (!output && cmd->cmd_prop_nv_pairs > 0)
4942 		(void) printf(gettext("No such %s resource.\n"),
4943 		    rt_to_str(RT_FS));
4944 }
4945 
4946 static void
4947 output_net(FILE *fp, struct zone_nwiftab *nwiftab)
4948 {
4949 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_NET));
4950 	output_prop(fp, PT_ADDRESS, nwiftab->zone_nwif_address, B_TRUE);
4951 	output_prop(fp, PT_ALLOWED_ADDRESS,
4952 	    nwiftab->zone_nwif_allowed_address, B_TRUE);
4953 	output_prop(fp, PT_PHYSICAL, nwiftab->zone_nwif_physical, B_TRUE);
4954 	output_prop(fp, PT_DEFROUTER, nwiftab->zone_nwif_defrouter, B_TRUE);
4955 }
4956 
4957 static void
4958 info_net(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
4959 {
4960 	struct zone_nwiftab lookup, user;
4961 	boolean_t output = B_FALSE;
4962 
4963 	if (zonecfg_setnwifent(handle) != Z_OK)
4964 		return;
4965 	while (zonecfg_getnwifent(handle, &lookup) == Z_OK) {
4966 		if (cmd->cmd_prop_nv_pairs == 0) {
4967 			output_net(fp, &lookup);
4968 			continue;
4969 		}
4970 		if (fill_in_nwiftab(cmd, &user, B_TRUE) != Z_OK)
4971 			continue;
4972 		if (strlen(user.zone_nwif_physical) > 0 &&
4973 		    strcmp(user.zone_nwif_physical,
4974 		    lookup.zone_nwif_physical) != 0)
4975 			continue;	/* no match */
4976 		/* If present make sure it matches */
4977 		if (strlen(user.zone_nwif_address) > 0 &&
4978 		    !zonecfg_same_net_address(user.zone_nwif_address,
4979 		    lookup.zone_nwif_address))
4980 			continue;	/* no match */
4981 		output_net(fp, &lookup);
4982 		output = B_TRUE;
4983 	}
4984 	(void) zonecfg_endnwifent(handle);
4985 	/*
4986 	 * If a property n/v pair was specified, warn the user if there was
4987 	 * nothing to output.
4988 	 */
4989 	if (!output && cmd->cmd_prop_nv_pairs > 0)
4990 		(void) printf(gettext("No such %s resource.\n"),
4991 		    rt_to_str(RT_NET));
4992 }
4993 
4994 static void
4995 output_dev(FILE *fp, struct zone_devtab *devtab)
4996 {
4997 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DEVICE));
4998 	output_prop(fp, PT_MATCH, devtab->zone_dev_match, B_TRUE);
4999 }
5000 
5001 static void
5002 info_dev(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5003 {
5004 	struct zone_devtab lookup, user;
5005 	boolean_t output = B_FALSE;
5006 
5007 	if (zonecfg_setdevent(handle) != Z_OK)
5008 		return;
5009 	while (zonecfg_getdevent(handle, &lookup) == Z_OK) {
5010 		if (cmd->cmd_prop_nv_pairs == 0) {
5011 			output_dev(fp, &lookup);
5012 			continue;
5013 		}
5014 		if (fill_in_devtab(cmd, &user, B_TRUE) != Z_OK)
5015 			continue;
5016 		if (strlen(user.zone_dev_match) > 0 &&
5017 		    strcmp(user.zone_dev_match, lookup.zone_dev_match) != 0)
5018 			continue;	/* no match */
5019 		output_dev(fp, &lookup);
5020 		output = B_TRUE;
5021 	}
5022 	(void) zonecfg_enddevent(handle);
5023 	/*
5024 	 * If a property n/v pair was specified, warn the user if there was
5025 	 * nothing to output.
5026 	 */
5027 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5028 		(void) printf(gettext("No such %s resource.\n"),
5029 		    rt_to_str(RT_DEVICE));
5030 }
5031 
5032 static void
5033 output_rctl(FILE *fp, struct zone_rctltab *rctltab)
5034 {
5035 	struct zone_rctlvaltab *valptr;
5036 
5037 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_RCTL));
5038 	output_prop(fp, PT_NAME, rctltab->zone_rctl_name, B_TRUE);
5039 	for (valptr = rctltab->zone_rctl_valptr; valptr != NULL;
5040 	    valptr = valptr->zone_rctlval_next) {
5041 		fprintf(fp, "\t%s: (%s=%s,%s=%s,%s=%s)\n",
5042 		    pt_to_str(PT_VALUE),
5043 		    pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
5044 		    pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
5045 		    pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
5046 	}
5047 }
5048 
5049 static void
5050 info_rctl(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5051 {
5052 	struct zone_rctltab lookup, user;
5053 	boolean_t output = B_FALSE;
5054 
5055 	if (zonecfg_setrctlent(handle) != Z_OK)
5056 		return;
5057 	while (zonecfg_getrctlent(handle, &lookup) == Z_OK) {
5058 		if (cmd->cmd_prop_nv_pairs == 0) {
5059 			output_rctl(fp, &lookup);
5060 		} else if (fill_in_rctltab(cmd, &user, B_TRUE) == Z_OK &&
5061 		    (strlen(user.zone_rctl_name) == 0 ||
5062 		    strcmp(user.zone_rctl_name, lookup.zone_rctl_name) == 0)) {
5063 			output_rctl(fp, &lookup);
5064 			output = B_TRUE;
5065 		}
5066 		zonecfg_free_rctl_value_list(lookup.zone_rctl_valptr);
5067 	}
5068 	(void) zonecfg_endrctlent(handle);
5069 	/*
5070 	 * If a property n/v pair was specified, warn the user if there was
5071 	 * nothing to output.
5072 	 */
5073 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5074 		(void) printf(gettext("No such %s resource.\n"),
5075 		    rt_to_str(RT_RCTL));
5076 }
5077 
5078 static void
5079 output_attr(FILE *fp, struct zone_attrtab *attrtab)
5080 {
5081 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ATTR));
5082 	output_prop(fp, PT_NAME, attrtab->zone_attr_name, B_TRUE);
5083 	output_prop(fp, PT_TYPE, attrtab->zone_attr_type, B_TRUE);
5084 	output_prop(fp, PT_VALUE, attrtab->zone_attr_value, B_TRUE);
5085 }
5086 
5087 static void
5088 info_attr(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5089 {
5090 	struct zone_attrtab lookup, user;
5091 	boolean_t output = B_FALSE;
5092 
5093 	if (zonecfg_setattrent(handle) != Z_OK)
5094 		return;
5095 	while (zonecfg_getattrent(handle, &lookup) == Z_OK) {
5096 		if (cmd->cmd_prop_nv_pairs == 0) {
5097 			output_attr(fp, &lookup);
5098 			continue;
5099 		}
5100 		if (fill_in_attrtab(cmd, &user, B_TRUE) != Z_OK)
5101 			continue;
5102 		if (strlen(user.zone_attr_name) > 0 &&
5103 		    strcmp(user.zone_attr_name, lookup.zone_attr_name) != 0)
5104 			continue;	/* no match */
5105 		if (strlen(user.zone_attr_type) > 0 &&
5106 		    strcmp(user.zone_attr_type, lookup.zone_attr_type) != 0)
5107 			continue;	/* no match */
5108 		if (strlen(user.zone_attr_value) > 0 &&
5109 		    strcmp(user.zone_attr_value, lookup.zone_attr_value) != 0)
5110 			continue;	/* no match */
5111 		output_attr(fp, &lookup);
5112 		output = B_TRUE;
5113 	}
5114 	(void) zonecfg_endattrent(handle);
5115 	/*
5116 	 * If a property n/v pair was specified, warn the user if there was
5117 	 * nothing to output.
5118 	 */
5119 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5120 		(void) printf(gettext("No such %s resource.\n"),
5121 		    rt_to_str(RT_ATTR));
5122 }
5123 
5124 static void
5125 output_ds(FILE *fp, struct zone_dstab *dstab)
5126 {
5127 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DATASET));
5128 	output_prop(fp, PT_NAME, dstab->zone_dataset_name, B_TRUE);
5129 }
5130 
5131 static void
5132 info_ds(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5133 {
5134 	struct zone_dstab lookup, user;
5135 	boolean_t output = B_FALSE;
5136 
5137 	if (zonecfg_setdsent(handle) != Z_OK)
5138 		return;
5139 	while (zonecfg_getdsent(handle, &lookup) == Z_OK) {
5140 		if (cmd->cmd_prop_nv_pairs == 0) {
5141 			output_ds(fp, &lookup);
5142 			continue;
5143 		}
5144 		if (fill_in_dstab(cmd, &user, B_TRUE) != Z_OK)
5145 			continue;
5146 		if (strlen(user.zone_dataset_name) > 0 &&
5147 		    strcmp(user.zone_dataset_name,
5148 		    lookup.zone_dataset_name) != 0)
5149 			continue;	/* no match */
5150 		output_ds(fp, &lookup);
5151 		output = B_TRUE;
5152 	}
5153 	(void) zonecfg_enddsent(handle);
5154 	/*
5155 	 * If a property n/v pair was specified, warn the user if there was
5156 	 * nothing to output.
5157 	 */
5158 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5159 		(void) printf(gettext("No such %s resource.\n"),
5160 		    rt_to_str(RT_DATASET));
5161 }
5162 
5163 static void
5164 output_pset(FILE *fp, struct zone_psettab *psettab)
5165 {
5166 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_DCPU));
5167 	if (strcmp(psettab->zone_ncpu_min, psettab->zone_ncpu_max) == 0)
5168 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_NCPUS),
5169 		    psettab->zone_ncpu_max);
5170 	else
5171 		(void) fprintf(fp, "\t%s: %s-%s\n", pt_to_str(PT_NCPUS),
5172 		    psettab->zone_ncpu_min, psettab->zone_ncpu_max);
5173 	if (psettab->zone_importance[0] != '\0')
5174 		(void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_IMPORTANCE),
5175 		    psettab->zone_importance);
5176 }
5177 
5178 static void
5179 info_pset(zone_dochandle_t handle, FILE *fp)
5180 {
5181 	struct zone_psettab lookup;
5182 
5183 	if (zonecfg_getpsetent(handle, &lookup) == Z_OK)
5184 		output_pset(fp, &lookup);
5185 }
5186 
5187 static void
5188 output_pcap(FILE *fp)
5189 {
5190 	uint64_t cap;
5191 
5192 	if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &cap) == Z_OK) {
5193 		float scaled = (float)cap / 100;
5194 		(void) fprintf(fp, "%s:\n", rt_to_str(RT_PCAP));
5195 		(void) fprintf(fp, "\t[%s: %.2f]\n", pt_to_str(PT_NCPUS),
5196 		    scaled);
5197 	}
5198 }
5199 
5200 static void
5201 info_pcap(FILE *fp)
5202 {
5203 	output_pcap(fp);
5204 }
5205 
5206 
5207 static void
5208 info_aliased_rctl(zone_dochandle_t handle, FILE *fp, char *alias)
5209 {
5210 	uint64_t limit;
5211 
5212 	if (zonecfg_get_aliased_rctl(handle, alias, &limit) == Z_OK) {
5213 		/* convert memory based properties */
5214 		if (strcmp(alias, ALIAS_MAXSHMMEM) == 0) {
5215 			char buf[128];
5216 
5217 			(void) snprintf(buf, sizeof (buf), "%llu", limit);
5218 			bytes_to_units(buf, buf, sizeof (buf));
5219 			(void) fprintf(fp, "[%s: %s]\n", alias, buf);
5220 			return;
5221 		}
5222 
5223 		(void) fprintf(fp, "[%s: %llu]\n", alias, limit);
5224 	}
5225 }
5226 
5227 static void
5228 bytes_to_units(char *str, char *buf, int bufsize)
5229 {
5230 	unsigned long long num;
5231 	unsigned long long save = 0;
5232 	char *units = "BKMGT";
5233 	char *up = units;
5234 
5235 	num = strtoll(str, NULL, 10);
5236 
5237 	if (num < 1024) {
5238 		(void) snprintf(buf, bufsize, "%llu", num);
5239 		return;
5240 	}
5241 
5242 	while ((num >= 1024) && (*up != 'T')) {
5243 		up++; /* next unit of measurement */
5244 		save = num;
5245 		num = (num + 512) >> 10;
5246 	}
5247 
5248 	/* check if we should output a fraction.  snprintf will round for us */
5249 	if (save % 1024 != 0 && ((save >> 10) < 10))
5250 		(void) snprintf(buf, bufsize, "%2.1f%c", ((float)save / 1024),
5251 		    *up);
5252 	else
5253 		(void) snprintf(buf, bufsize, "%llu%c", num, *up);
5254 }
5255 
5256 static void
5257 output_mcap(FILE *fp, struct zone_mcaptab *mcaptab, int showswap,
5258     uint64_t maxswap, int showlocked, uint64_t maxlocked)
5259 {
5260 	char buf[128];
5261 
5262 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_MCAP));
5263 	if (mcaptab->zone_physmem_cap[0] != '\0') {
5264 		bytes_to_units(mcaptab->zone_physmem_cap, buf, sizeof (buf));
5265 		output_prop(fp, PT_PHYSICAL, buf, B_TRUE);
5266 	}
5267 
5268 	if (showswap == Z_OK) {
5269 		(void) snprintf(buf, sizeof (buf), "%llu", maxswap);
5270 		bytes_to_units(buf, buf, sizeof (buf));
5271 		output_prop(fp, PT_SWAP, buf, B_TRUE);
5272 	}
5273 
5274 	if (showlocked == Z_OK) {
5275 		(void) snprintf(buf, sizeof (buf), "%llu", maxlocked);
5276 		bytes_to_units(buf, buf, sizeof (buf));
5277 		output_prop(fp, PT_LOCKED, buf, B_TRUE);
5278 	}
5279 }
5280 
5281 static void
5282 info_mcap(zone_dochandle_t handle, FILE *fp)
5283 {
5284 	int res1, res2, res3;
5285 	uint64_t swap_limit;
5286 	uint64_t locked_limit;
5287 	struct zone_mcaptab lookup;
5288 
5289 	bzero(&lookup, sizeof (lookup));
5290 	res1 = zonecfg_getmcapent(handle, &lookup);
5291 	res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &swap_limit);
5292 	res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
5293 	    &locked_limit);
5294 
5295 	if (res1 == Z_OK || res2 == Z_OK || res3 == Z_OK)
5296 		output_mcap(fp, &lookup, res2, swap_limit, res3, locked_limit);
5297 }
5298 
5299 static void
5300 output_auth(FILE *fp, struct zone_admintab *admintab)
5301 {
5302 	(void) fprintf(fp, "%s:\n", rt_to_str(RT_ADMIN));
5303 	output_prop(fp, PT_USER, admintab->zone_admin_user, B_TRUE);
5304 	output_prop(fp, PT_AUTHS, admintab->zone_admin_auths, B_TRUE);
5305 }
5306 
5307 static void
5308 info_auth(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5309 {
5310 	struct zone_admintab lookup, user;
5311 	boolean_t output = B_FALSE;
5312 	int err;
5313 
5314 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
5315 		zone_perror(zone, err, B_TRUE);
5316 		return;
5317 	}
5318 	while (zonecfg_getadminent(handle, &lookup) == Z_OK) {
5319 		if (cmd->cmd_prop_nv_pairs == 0) {
5320 			output_auth(fp, &lookup);
5321 			continue;
5322 		}
5323 		if (fill_in_admintab(cmd, &user, B_TRUE) != Z_OK)
5324 			continue;
5325 		if (strlen(user.zone_admin_user) > 0 &&
5326 		    strcmp(user.zone_admin_user, lookup.zone_admin_user) != 0)
5327 			continue;	/* no match */
5328 		output_auth(fp, &lookup);
5329 		output = B_TRUE;
5330 	}
5331 	(void) zonecfg_endadminent(handle);
5332 	/*
5333 	 * If a property n/v pair was specified, warn the user if there was
5334 	 * nothing to output.
5335 	 */
5336 	if (!output && cmd->cmd_prop_nv_pairs > 0)
5337 		(void) printf(gettext("No such %s resource.\n"),
5338 		    rt_to_str(RT_ADMIN));
5339 }
5340 
5341 void
5342 info_func(cmd_t *cmd)
5343 {
5344 	FILE *fp = stdout;
5345 	boolean_t need_to_close = B_FALSE;
5346 	char *pager, *space;
5347 	int type;
5348 	int res1, res2;
5349 	uint64_t swap_limit;
5350 	uint64_t locked_limit;
5351 	struct stat statbuf;
5352 
5353 	assert(cmd != NULL);
5354 
5355 	if (initialize(B_TRUE) != Z_OK)
5356 		return;
5357 
5358 	/* don't page error output */
5359 	if (interactive_mode) {
5360 		if ((pager = getenv("PAGER")) == NULL)
5361 			pager = PAGER;
5362 		space = strchr(pager, ' ');
5363 		if (space)
5364 			*space = '\0';
5365 		if (stat(pager, &statbuf) == 0) {
5366 			if (space)
5367 				*space = ' ';
5368 			if ((fp = popen(pager, "w")) != NULL)
5369 				need_to_close = B_TRUE;
5370 			else
5371 				fp = stdout;
5372 		} else {
5373 			zerr(gettext("PAGER %s does not exist (%s)."),
5374 			    pager, strerror(errno));
5375 		}
5376 
5377 		setbuf(fp, NULL);
5378 	}
5379 
5380 	if (!global_scope) {
5381 		switch (resource_scope) {
5382 		case RT_FS:
5383 			output_fs(fp, &in_progress_fstab);
5384 			break;
5385 		case RT_NET:
5386 			output_net(fp, &in_progress_nwiftab);
5387 			break;
5388 		case RT_DEVICE:
5389 			output_dev(fp, &in_progress_devtab);
5390 			break;
5391 		case RT_RCTL:
5392 			output_rctl(fp, &in_progress_rctltab);
5393 			break;
5394 		case RT_ATTR:
5395 			output_attr(fp, &in_progress_attrtab);
5396 			break;
5397 		case RT_DATASET:
5398 			output_ds(fp, &in_progress_dstab);
5399 			break;
5400 		case RT_DCPU:
5401 			output_pset(fp, &in_progress_psettab);
5402 			break;
5403 		case RT_PCAP:
5404 			output_pcap(fp);
5405 			break;
5406 		case RT_MCAP:
5407 			res1 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
5408 			    &swap_limit);
5409 			res2 = zonecfg_get_aliased_rctl(handle,
5410 			    ALIAS_MAXLOCKEDMEM, &locked_limit);
5411 			output_mcap(fp, &in_progress_mcaptab, res1, swap_limit,
5412 			    res2, locked_limit);
5413 			break;
5414 		case RT_ADMIN:
5415 			output_auth(fp, &in_progress_admintab);
5416 			break;
5417 		}
5418 		goto cleanup;
5419 	}
5420 
5421 	type = cmd->cmd_res_type;
5422 
5423 	if (gz_invalid_rt_property(type)) {
5424 		zerr(gettext("%s is not a valid property for the global zone."),
5425 		    rt_to_str(type));
5426 		goto cleanup;
5427 	}
5428 
5429 	if (gz_invalid_resource(type)) {
5430 		zerr(gettext("%s is not a valid resource for the global zone."),
5431 		    rt_to_str(type));
5432 		goto cleanup;
5433 	}
5434 
5435 	switch (cmd->cmd_res_type) {
5436 	case RT_UNKNOWN:
5437 		info_zonename(handle, fp);
5438 		if (!global_zone) {
5439 			info_zonepath(handle, fp);
5440 			info_brand(handle, fp);
5441 			info_autoboot(handle, fp);
5442 			info_bootargs(handle, fp);
5443 		}
5444 		info_pool(handle, fp);
5445 		if (!global_zone) {
5446 			info_limitpriv(handle, fp);
5447 			info_sched(handle, fp);
5448 			info_iptype(handle, fp);
5449 			info_hostid(handle, fp);
5450 			info_fs_allowed(handle, fp);
5451 		}
5452 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5453 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5454 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5455 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5456 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5457 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5458 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5459 		if (!global_zone) {
5460 			info_fs(handle, fp, cmd);
5461 			info_net(handle, fp, cmd);
5462 			info_dev(handle, fp, cmd);
5463 		}
5464 		info_pset(handle, fp);
5465 		info_pcap(fp);
5466 		info_mcap(handle, fp);
5467 		if (!global_zone) {
5468 			info_attr(handle, fp, cmd);
5469 			info_ds(handle, fp, cmd);
5470 			info_auth(handle, fp, cmd);
5471 		}
5472 		info_rctl(handle, fp, cmd);
5473 		break;
5474 	case RT_ZONENAME:
5475 		info_zonename(handle, fp);
5476 		break;
5477 	case RT_ZONEPATH:
5478 		info_zonepath(handle, fp);
5479 		break;
5480 	case RT_BRAND:
5481 		info_brand(handle, fp);
5482 		break;
5483 	case RT_AUTOBOOT:
5484 		info_autoboot(handle, fp);
5485 		break;
5486 	case RT_POOL:
5487 		info_pool(handle, fp);
5488 		break;
5489 	case RT_LIMITPRIV:
5490 		info_limitpriv(handle, fp);
5491 		break;
5492 	case RT_BOOTARGS:
5493 		info_bootargs(handle, fp);
5494 		break;
5495 	case RT_SCHED:
5496 		info_sched(handle, fp);
5497 		break;
5498 	case RT_IPTYPE:
5499 		info_iptype(handle, fp);
5500 		break;
5501 	case RT_MAXLWPS:
5502 		info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5503 		break;
5504 	case RT_MAXPROCS:
5505 		info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5506 		break;
5507 	case RT_MAXSHMMEM:
5508 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5509 		break;
5510 	case RT_MAXSHMIDS:
5511 		info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5512 		break;
5513 	case RT_MAXMSGIDS:
5514 		info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5515 		break;
5516 	case RT_MAXSEMIDS:
5517 		info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5518 		break;
5519 	case RT_SHARES:
5520 		info_aliased_rctl(handle, fp, ALIAS_SHARES);
5521 		break;
5522 	case RT_FS:
5523 		info_fs(handle, fp, cmd);
5524 		break;
5525 	case RT_NET:
5526 		info_net(handle, fp, cmd);
5527 		break;
5528 	case RT_DEVICE:
5529 		info_dev(handle, fp, cmd);
5530 		break;
5531 	case RT_RCTL:
5532 		info_rctl(handle, fp, cmd);
5533 		break;
5534 	case RT_ATTR:
5535 		info_attr(handle, fp, cmd);
5536 		break;
5537 	case RT_DATASET:
5538 		info_ds(handle, fp, cmd);
5539 		break;
5540 	case RT_DCPU:
5541 		info_pset(handle, fp);
5542 		break;
5543 	case RT_PCAP:
5544 		info_pcap(fp);
5545 		break;
5546 	case RT_MCAP:
5547 		info_mcap(handle, fp);
5548 		break;
5549 	case RT_HOSTID:
5550 		info_hostid(handle, fp);
5551 		break;
5552 	case RT_ADMIN:
5553 		info_auth(handle, fp, cmd);
5554 		break;
5555 	case RT_FS_ALLOWED:
5556 		info_fs_allowed(handle, fp);
5557 		break;
5558 	default:
5559 		zone_perror(rt_to_str(cmd->cmd_res_type), Z_NO_RESOURCE_TYPE,
5560 		    B_TRUE);
5561 	}
5562 
5563 cleanup:
5564 	if (need_to_close)
5565 		(void) pclose(fp);
5566 }
5567 
5568 /*
5569  * Helper function for verify-- checks that a required string property
5570  * exists.
5571  */
5572 static void
5573 check_reqd_prop(char *attr, int rt, int pt, int *ret_val)
5574 {
5575 	if (strlen(attr) == 0) {
5576 		zerr(gettext("%s: %s not specified"), rt_to_str(rt),
5577 		    pt_to_str(pt));
5578 		saw_error = B_TRUE;
5579 		if (*ret_val == Z_OK)
5580 			*ret_val = Z_REQD_PROPERTY_MISSING;
5581 	}
5582 }
5583 
5584 static int
5585 do_subproc(char *cmdbuf)
5586 {
5587 	char inbuf[MAX_CMD_LEN];
5588 	FILE *file;
5589 	int status;
5590 
5591 	file = popen(cmdbuf, "r");
5592 	if (file == NULL) {
5593 		zerr(gettext("Could not launch: %s"), cmdbuf);
5594 		return (-1);
5595 	}
5596 
5597 	while (fgets(inbuf, sizeof (inbuf), file) != NULL)
5598 		fprintf(stderr, "%s", inbuf);
5599 	status = pclose(file);
5600 
5601 	if (WIFSIGNALED(status)) {
5602 		zerr(gettext("%s unexpectedly terminated due to signal %d"),
5603 		    cmdbuf, WTERMSIG(status));
5604 		return (-1);
5605 	}
5606 	assert(WIFEXITED(status));
5607 	return (WEXITSTATUS(status));
5608 }
5609 
5610 static int
5611 brand_verify(zone_dochandle_t handle)
5612 {
5613 	char xml_file[32];
5614 	char cmdbuf[MAX_CMD_LEN];
5615 	brand_handle_t bh;
5616 	char brand[MAXNAMELEN];
5617 	int err;
5618 
5619 	if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
5620 		zerr("%s: %s\n", zone, gettext("could not get zone brand"));
5621 		return (Z_INVALID_DOCUMENT);
5622 	}
5623 	if ((bh = brand_open(brand)) == NULL) {
5624 		zerr("%s: %s\n", zone, gettext("unknown brand."));
5625 		return (Z_INVALID_DOCUMENT);
5626 	}
5627 
5628 	/*
5629 	 * Fetch the verify command, if any, from the brand configuration
5630 	 * and build the command line to execute it.
5631 	 */
5632 	strcpy(cmdbuf, EXEC_PREFIX);
5633 	err = brand_get_verify_cfg(bh, cmdbuf + EXEC_LEN,
5634 	    sizeof (cmdbuf) - (EXEC_LEN + (strlen(xml_file) + 1)));
5635 	brand_close(bh);
5636 	if (err != Z_OK) {
5637 		zerr("%s: %s\n", zone,
5638 		    gettext("could not get brand verification command"));
5639 		return (Z_INVALID_DOCUMENT);
5640 	}
5641 
5642 	/*
5643 	 * If the brand doesn't provide a verification routine, we just
5644 	 * return success.
5645 	 */
5646 	if (strlen(cmdbuf) == EXEC_LEN)
5647 		return (Z_OK);
5648 
5649 	/*
5650 	 * Dump the current config information for this zone to a file.
5651 	 */
5652 	strcpy(xml_file, "/tmp/zonecfg_verify.XXXXXX");
5653 	if (mkstemp(xml_file) == NULL)
5654 		return (Z_TEMP_FILE);
5655 	if ((err = zonecfg_verify_save(handle, xml_file)) != Z_OK) {
5656 		(void) unlink(xml_file);
5657 		return (err);
5658 	}
5659 
5660 	/*
5661 	 * Execute the verification command.
5662 	 */
5663 	if ((strlcat(cmdbuf, " ", MAX_CMD_LEN) >= MAX_CMD_LEN) ||
5664 	    (strlcat(cmdbuf, xml_file, MAX_CMD_LEN) >= MAX_CMD_LEN)) {
5665 		err = Z_BRAND_ERROR;
5666 	} else {
5667 		err = do_subproc(cmdbuf);
5668 	}
5669 
5670 	(void) unlink(xml_file);
5671 	return ((err == Z_OK) ? Z_OK : Z_BRAND_ERROR);
5672 }
5673 
5674 /*
5675  * Track the network interfaces listed in zonecfg(1m) in a linked list
5676  * so that we can later check that defrouter is specified for an exclusive IP
5677  * zone if and only if at least one allowed-address has been specified.
5678  */
5679 static boolean_t
5680 add_nwif(struct zone_nwiftab *nwif)
5681 {
5682 	struct xif *tmp;
5683 
5684 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5685 		if (strcmp(tmp->xif_name, nwif->zone_nwif_physical) == 0) {
5686 			if (strlen(nwif->zone_nwif_allowed_address) > 0)
5687 				tmp->xif_has_address = B_TRUE;
5688 			if (strlen(nwif->zone_nwif_defrouter) > 0)
5689 				tmp->xif_has_defrouter = B_TRUE;
5690 			return (B_TRUE);
5691 		}
5692 	}
5693 
5694 	tmp = malloc(sizeof (*tmp));
5695 	if (tmp == NULL) {
5696 		zerr(gettext("memory allocation failed for %s"),
5697 		    nwif->zone_nwif_physical);
5698 		return (B_FALSE);
5699 	}
5700 	strlcpy(tmp->xif_name, nwif->zone_nwif_physical,
5701 	    sizeof (tmp->xif_name));
5702 	tmp->xif_has_defrouter = (strlen(nwif->zone_nwif_defrouter) > 0);
5703 	tmp->xif_has_address = (strlen(nwif->zone_nwif_allowed_address) > 0);
5704 	tmp->xif_next = xif;
5705 	xif = tmp;
5706 	return (B_TRUE);
5707 }
5708 
5709 /*
5710  * See the DTD for which attributes are required for which resources.
5711  *
5712  * This function can be called by commit_func(), which needs to save things,
5713  * in addition to the general call from parse_and_run(), which doesn't need
5714  * things saved.  Since the parameters are standardized, we distinguish by
5715  * having commit_func() call here with cmd->cmd_arg set to "save" to indicate
5716  * that a save is needed.
5717  */
5718 void
5719 verify_func(cmd_t *cmd)
5720 {
5721 	struct zone_nwiftab nwiftab;
5722 	struct zone_fstab fstab;
5723 	struct zone_attrtab attrtab;
5724 	struct zone_rctltab rctltab;
5725 	struct zone_dstab dstab;
5726 	struct zone_psettab psettab;
5727 	struct zone_admintab admintab;
5728 	char zonepath[MAXPATHLEN];
5729 	char sched[MAXNAMELEN];
5730 	char brand[MAXNAMELEN];
5731 	char hostidp[HW_HOSTID_LEN];
5732 	char fsallowedp[ZONE_FS_ALLOWED_MAX];
5733 	priv_set_t *privs;
5734 	char *privname = NULL;
5735 	int err, ret_val = Z_OK, arg;
5736 	int pset_res;
5737 	boolean_t save = B_FALSE;
5738 	boolean_t arg_err = B_FALSE;
5739 	zone_iptype_t iptype;
5740 	boolean_t has_cpu_shares = B_FALSE;
5741 	boolean_t has_cpu_cap = B_FALSE;
5742 	struct xif *tmp;
5743 
5744 	optind = 0;
5745 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
5746 		switch (arg) {
5747 		case '?':
5748 			longer_usage(CMD_VERIFY);
5749 			arg_err = B_TRUE;
5750 			break;
5751 		default:
5752 			short_usage(CMD_VERIFY);
5753 			arg_err = B_TRUE;
5754 			break;
5755 		}
5756 	}
5757 	if (arg_err)
5758 		return;
5759 
5760 	if (optind > cmd->cmd_argc) {
5761 		short_usage(CMD_VERIFY);
5762 		return;
5763 	}
5764 
5765 	if (zone_is_read_only(CMD_VERIFY))
5766 		return;
5767 
5768 	assert(cmd != NULL);
5769 
5770 	if (cmd->cmd_argc > 0 && (strcmp(cmd->cmd_argv[0], "save") == 0))
5771 		save = B_TRUE;
5772 	if (initialize(B_TRUE) != Z_OK)
5773 		return;
5774 
5775 	if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) != Z_OK &&
5776 	    !global_zone) {
5777 		zerr(gettext("%s not specified"), pt_to_str(PT_ZONEPATH));
5778 		ret_val = Z_REQD_RESOURCE_MISSING;
5779 		saw_error = B_TRUE;
5780 	}
5781 	if (strlen(zonepath) == 0 && !global_zone) {
5782 		zerr(gettext("%s cannot be empty."), pt_to_str(PT_ZONEPATH));
5783 		ret_val = Z_REQD_RESOURCE_MISSING;
5784 		saw_error = B_TRUE;
5785 	}
5786 
5787 	if ((err = zonecfg_get_brand(handle, brand, sizeof (brand))) != Z_OK) {
5788 		zone_perror(zone, err, B_TRUE);
5789 		return;
5790 	}
5791 	if ((err = brand_verify(handle)) != Z_OK) {
5792 		zone_perror(zone, err, B_TRUE);
5793 		return;
5794 	}
5795 
5796 	if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
5797 		zerr("%s %s", gettext("cannot get"), pt_to_str(PT_IPTYPE));
5798 		ret_val = Z_REQD_RESOURCE_MISSING;
5799 		saw_error = B_TRUE;
5800 	}
5801 
5802 	if ((privs = priv_allocset()) == NULL) {
5803 		zerr(gettext("%s: priv_allocset failed"), zone);
5804 		return;
5805 	}
5806 	if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
5807 		zerr(gettext("%s: invalid privilege: %s"), zone, privname);
5808 		priv_freeset(privs);
5809 		free(privname);
5810 		return;
5811 	}
5812 	priv_freeset(privs);
5813 
5814 	if (zonecfg_get_hostid(handle, hostidp,
5815 	    sizeof (hostidp)) == Z_INVALID_PROPERTY) {
5816 		zerr(gettext("%s: invalid hostid: %s"),
5817 		    zone, hostidp);
5818 		return;
5819 	}
5820 
5821 	if (zonecfg_get_fs_allowed(handle, fsallowedp,
5822 	    sizeof (fsallowedp)) == Z_INVALID_PROPERTY) {
5823 		zerr(gettext("%s: invalid fs-allowed: %s"),
5824 		    zone, fsallowedp);
5825 		return;
5826 	}
5827 
5828 	if ((err = zonecfg_setfsent(handle)) != Z_OK) {
5829 		zone_perror(zone, err, B_TRUE);
5830 		return;
5831 	}
5832 	while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
5833 		check_reqd_prop(fstab.zone_fs_dir, RT_FS, PT_DIR, &ret_val);
5834 		check_reqd_prop(fstab.zone_fs_special, RT_FS, PT_SPECIAL,
5835 		    &ret_val);
5836 		check_reqd_prop(fstab.zone_fs_type, RT_FS, PT_TYPE, &ret_val);
5837 
5838 		zonecfg_free_fs_option_list(fstab.zone_fs_options);
5839 	}
5840 	(void) zonecfg_endfsent(handle);
5841 
5842 	if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
5843 		zone_perror(zone, err, B_TRUE);
5844 		return;
5845 	}
5846 	while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
5847 		/*
5848 		 * physical is required in all cases.
5849 		 * A shared IP requires an address,
5850 		 * and may include a default router, while
5851 		 * an exclusive IP must have neither an address
5852 		 * nor a default router.
5853 		 * The physical interface name must be valid in all cases.
5854 		 */
5855 		check_reqd_prop(nwiftab.zone_nwif_physical, RT_NET,
5856 		    PT_PHYSICAL, &ret_val);
5857 		if (validate_net_physical_syntax(nwiftab.zone_nwif_physical) !=
5858 		    Z_OK) {
5859 			saw_error = B_TRUE;
5860 			if (ret_val == Z_OK)
5861 				ret_val = Z_INVAL;
5862 		}
5863 
5864 		switch (iptype) {
5865 		case ZS_SHARED:
5866 			check_reqd_prop(nwiftab.zone_nwif_address, RT_NET,
5867 			    PT_ADDRESS, &ret_val);
5868 			if (strlen(nwiftab.zone_nwif_allowed_address) > 0) {
5869 				zerr(gettext("%s: %s cannot be specified "
5870 				    "for a shared IP type"),
5871 				    rt_to_str(RT_NET),
5872 				    pt_to_str(PT_ALLOWED_ADDRESS));
5873 				saw_error = B_TRUE;
5874 				if (ret_val == Z_OK)
5875 					ret_val = Z_INVAL;
5876 			}
5877 			break;
5878 		case ZS_EXCLUSIVE:
5879 			if (strlen(nwiftab.zone_nwif_address) > 0) {
5880 				zerr(gettext("%s: %s cannot be specified "
5881 				    "for an exclusive IP type"),
5882 				    rt_to_str(RT_NET), pt_to_str(PT_ADDRESS));
5883 				saw_error = B_TRUE;
5884 				if (ret_val == Z_OK)
5885 					ret_val = Z_INVAL;
5886 			} else {
5887 				if (!add_nwif(&nwiftab)) {
5888 					saw_error = B_TRUE;
5889 					if (ret_val == Z_OK)
5890 						ret_val = Z_INVAL;
5891 				}
5892 			}
5893 			break;
5894 		}
5895 	}
5896 	for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5897 		if (!tmp->xif_has_address && tmp->xif_has_defrouter) {
5898 			zerr(gettext("%s: %s for %s cannot be specified "
5899 			    "without %s for an exclusive IP type"),
5900 			    rt_to_str(RT_NET), pt_to_str(PT_DEFROUTER),
5901 			    tmp->xif_name, pt_to_str(PT_ALLOWED_ADDRESS));
5902 			saw_error = B_TRUE;
5903 			ret_val = Z_INVAL;
5904 		}
5905 	}
5906 	free(xif);
5907 	xif = NULL;
5908 	(void) zonecfg_endnwifent(handle);
5909 
5910 	if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
5911 		zone_perror(zone, err, B_TRUE);
5912 		return;
5913 	}
5914 	while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
5915 		check_reqd_prop(rctltab.zone_rctl_name, RT_RCTL, PT_NAME,
5916 		    &ret_val);
5917 
5918 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-shares") == 0)
5919 			has_cpu_shares = B_TRUE;
5920 
5921 		if (strcmp(rctltab.zone_rctl_name, "zone.cpu-cap") == 0)
5922 			has_cpu_cap = B_TRUE;
5923 
5924 		if (rctltab.zone_rctl_valptr == NULL) {
5925 			zerr(gettext("%s: no %s specified"),
5926 			    rt_to_str(RT_RCTL), pt_to_str(PT_VALUE));
5927 			saw_error = B_TRUE;
5928 			if (ret_val == Z_OK)
5929 				ret_val = Z_REQD_PROPERTY_MISSING;
5930 		} else {
5931 			zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
5932 		}
5933 	}
5934 	(void) zonecfg_endrctlent(handle);
5935 
5936 	if ((pset_res = zonecfg_lookup_pset(handle, &psettab)) == Z_OK &&
5937 	    has_cpu_shares) {
5938 		zerr(gettext("%s zone.cpu-shares and %s are incompatible."),
5939 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
5940 		saw_error = B_TRUE;
5941 		if (ret_val == Z_OK)
5942 			ret_val = Z_INCOMPATIBLE;
5943 	}
5944 
5945 	if (has_cpu_shares && zonecfg_get_sched_class(handle, sched,
5946 	    sizeof (sched)) == Z_OK && strlen(sched) > 0 &&
5947 	    strcmp(sched, "FSS") != 0) {
5948 		zerr(gettext("WARNING: %s zone.cpu-shares and %s=%s are "
5949 		    "incompatible"),
5950 		    rt_to_str(RT_RCTL), rt_to_str(RT_SCHED), sched);
5951 		saw_error = B_TRUE;
5952 		if (ret_val == Z_OK)
5953 			ret_val = Z_INCOMPATIBLE;
5954 	}
5955 
5956 	if (pset_res == Z_OK && has_cpu_cap) {
5957 		zerr(gettext("%s zone.cpu-cap and the %s are incompatible."),
5958 		    rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
5959 		saw_error = B_TRUE;
5960 		if (ret_val == Z_OK)
5961 			ret_val = Z_INCOMPATIBLE;
5962 	}
5963 
5964 	if ((err = zonecfg_setattrent(handle)) != Z_OK) {
5965 		zone_perror(zone, err, B_TRUE);
5966 		return;
5967 	}
5968 	while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
5969 		check_reqd_prop(attrtab.zone_attr_name, RT_ATTR, PT_NAME,
5970 		    &ret_val);
5971 		check_reqd_prop(attrtab.zone_attr_type, RT_ATTR, PT_TYPE,
5972 		    &ret_val);
5973 		check_reqd_prop(attrtab.zone_attr_value, RT_ATTR, PT_VALUE,
5974 		    &ret_val);
5975 	}
5976 	(void) zonecfg_endattrent(handle);
5977 
5978 	if ((err = zonecfg_setdsent(handle)) != Z_OK) {
5979 		zone_perror(zone, err, B_TRUE);
5980 		return;
5981 	}
5982 	while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
5983 		if (strlen(dstab.zone_dataset_name) == 0) {
5984 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
5985 			    pt_to_str(PT_NAME), gettext("not specified"));
5986 			saw_error = B_TRUE;
5987 			if (ret_val == Z_OK)
5988 				ret_val = Z_REQD_PROPERTY_MISSING;
5989 		} else if (!zfs_name_valid(dstab.zone_dataset_name,
5990 		    ZFS_TYPE_FILESYSTEM)) {
5991 			zerr("%s: %s %s", rt_to_str(RT_DATASET),
5992 			    pt_to_str(PT_NAME), gettext("invalid"));
5993 			saw_error = B_TRUE;
5994 			if (ret_val == Z_OK)
5995 				ret_val = Z_BAD_PROPERTY;
5996 		}
5997 
5998 	}
5999 	(void) zonecfg_enddsent(handle);
6000 
6001 	if ((err = zonecfg_setadminent(handle)) != Z_OK) {
6002 		zone_perror(zone, err, B_TRUE);
6003 		return;
6004 	}
6005 	while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
6006 		check_reqd_prop(admintab.zone_admin_user, RT_ADMIN,
6007 		    PT_USER, &ret_val);
6008 		check_reqd_prop(admintab.zone_admin_auths, RT_ADMIN,
6009 		    PT_AUTHS, &ret_val);
6010 		if ((ret_val == Z_OK) && (getpwnam(admintab.zone_admin_user)
6011 		    == NULL)) {
6012 			zerr(gettext("%s %s is not a valid username"),
6013 			    pt_to_str(PT_USER),
6014 			    admintab.zone_admin_user);
6015 			ret_val = Z_BAD_PROPERTY;
6016 		}
6017 		if ((ret_val == Z_OK) && (!zonecfg_valid_auths(
6018 		    admintab.zone_admin_auths, zone))) {
6019 			ret_val = Z_BAD_PROPERTY;
6020 		}
6021 	}
6022 	(void) zonecfg_endadminent(handle);
6023 
6024 	if (!global_scope) {
6025 		zerr(gettext("resource specification incomplete"));
6026 		saw_error = B_TRUE;
6027 		if (ret_val == Z_OK)
6028 			ret_val = Z_INSUFFICIENT_SPEC;
6029 	}
6030 
6031 	if (save) {
6032 		if (ret_val == Z_OK) {
6033 			if ((ret_val = zonecfg_save(handle)) == Z_OK) {
6034 				need_to_commit = B_FALSE;
6035 				(void) strlcpy(revert_zone, zone,
6036 				    sizeof (revert_zone));
6037 			}
6038 		} else {
6039 			zerr(gettext("Zone %s failed to verify"), zone);
6040 		}
6041 	}
6042 	if (ret_val != Z_OK)
6043 		zone_perror(zone, ret_val, B_TRUE);
6044 }
6045 
6046 void
6047 cancel_func(cmd_t *cmd)
6048 {
6049 	int arg;
6050 	boolean_t arg_err = B_FALSE;
6051 
6052 	assert(cmd != NULL);
6053 
6054 	optind = 0;
6055 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6056 		switch (arg) {
6057 		case '?':
6058 			longer_usage(CMD_CANCEL);
6059 			arg_err = B_TRUE;
6060 			break;
6061 		default:
6062 			short_usage(CMD_CANCEL);
6063 			arg_err = B_TRUE;
6064 			break;
6065 		}
6066 	}
6067 	if (arg_err)
6068 		return;
6069 
6070 	if (optind != cmd->cmd_argc) {
6071 		short_usage(CMD_CANCEL);
6072 		return;
6073 	}
6074 
6075 	if (global_scope)
6076 		scope_usage(CMD_CANCEL);
6077 	global_scope = B_TRUE;
6078 	zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6079 	bzero(&in_progress_fstab, sizeof (in_progress_fstab));
6080 	bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
6081 	bzero(&in_progress_devtab, sizeof (in_progress_devtab));
6082 	zonecfg_free_rctl_value_list(in_progress_rctltab.zone_rctl_valptr);
6083 	bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
6084 	bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
6085 	bzero(&in_progress_dstab, sizeof (in_progress_dstab));
6086 }
6087 
6088 static int
6089 validate_attr_name(char *name)
6090 {
6091 	int i;
6092 
6093 	if (!isalnum(name[0])) {
6094 		zerr(gettext("Invalid %s %s %s: must start with an alpha-"
6095 		    "numeric character."), rt_to_str(RT_ATTR),
6096 		    pt_to_str(PT_NAME), name);
6097 		return (Z_INVAL);
6098 	}
6099 	for (i = 1; name[i]; i++)
6100 		if (!isalnum(name[i]) && name[i] != '-' && name[i] != '.') {
6101 			zerr(gettext("Invalid %s %s %s: can only contain "
6102 			    "alpha-numeric characters, plus '-' and '.'."),
6103 			    rt_to_str(RT_ATTR), pt_to_str(PT_NAME), name);
6104 			return (Z_INVAL);
6105 		}
6106 	return (Z_OK);
6107 }
6108 
6109 static int
6110 validate_attr_type_val(struct zone_attrtab *attrtab)
6111 {
6112 	boolean_t boolval;
6113 	int64_t intval;
6114 	char strval[MAXNAMELEN];
6115 	uint64_t uintval;
6116 
6117 	if (strcmp(attrtab->zone_attr_type, "boolean") == 0) {
6118 		if (zonecfg_get_attr_boolean(attrtab, &boolval) == Z_OK)
6119 			return (Z_OK);
6120 		zerr(gettext("invalid %s value for %s=%s"),
6121 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "boolean");
6122 		return (Z_ERR);
6123 	}
6124 
6125 	if (strcmp(attrtab->zone_attr_type, "int") == 0) {
6126 		if (zonecfg_get_attr_int(attrtab, &intval) == Z_OK)
6127 			return (Z_OK);
6128 		zerr(gettext("invalid %s value for %s=%s"),
6129 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "int");
6130 		return (Z_ERR);
6131 	}
6132 
6133 	if (strcmp(attrtab->zone_attr_type, "string") == 0) {
6134 		if (zonecfg_get_attr_string(attrtab, strval,
6135 		    sizeof (strval)) == Z_OK)
6136 			return (Z_OK);
6137 		zerr(gettext("invalid %s value for %s=%s"),
6138 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "string");
6139 		return (Z_ERR);
6140 	}
6141 
6142 	if (strcmp(attrtab->zone_attr_type, "uint") == 0) {
6143 		if (zonecfg_get_attr_uint(attrtab, &uintval) == Z_OK)
6144 			return (Z_OK);
6145 		zerr(gettext("invalid %s value for %s=%s"),
6146 		    rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "uint");
6147 		return (Z_ERR);
6148 	}
6149 
6150 	zerr(gettext("invalid %s %s '%s'"), rt_to_str(RT_ATTR),
6151 	    pt_to_str(PT_TYPE), attrtab->zone_attr_type);
6152 	return (Z_ERR);
6153 }
6154 
6155 /*
6156  * Helper function for end_func-- checks the existence of a given property
6157  * and emits a message if not specified.
6158  */
6159 static int
6160 end_check_reqd(char *attr, int pt, boolean_t *validation_failed)
6161 {
6162 	if (strlen(attr) == 0) {
6163 		*validation_failed = B_TRUE;
6164 		zerr(gettext("%s not specified"), pt_to_str(pt));
6165 		return (Z_ERR);
6166 	}
6167 	return (Z_OK);
6168 }
6169 
6170 static void
6171 net_exists_error(struct zone_nwiftab nwif)
6172 {
6173 	if (strlen(nwif.zone_nwif_address) > 0) {
6174 		zerr(gettext("A %s resource with the %s '%s', "
6175 		    "and %s '%s' already exists."),
6176 		    rt_to_str(RT_NET),
6177 		    pt_to_str(PT_PHYSICAL),
6178 		    nwif.zone_nwif_physical,
6179 		    pt_to_str(PT_ADDRESS),
6180 		    in_progress_nwiftab.zone_nwif_address);
6181 	} else {
6182 		zerr(gettext("A %s resource with the %s '%s', "
6183 		    "and %s '%s' already exists."),
6184 		    rt_to_str(RT_NET),
6185 		    pt_to_str(PT_PHYSICAL),
6186 		    nwif.zone_nwif_physical,
6187 		    pt_to_str(PT_ALLOWED_ADDRESS),
6188 		    nwif.zone_nwif_allowed_address);
6189 	}
6190 }
6191 
6192 void
6193 end_func(cmd_t *cmd)
6194 {
6195 	boolean_t validation_failed = B_FALSE;
6196 	boolean_t arg_err = B_FALSE;
6197 	struct zone_fstab tmp_fstab;
6198 	struct zone_nwiftab tmp_nwiftab;
6199 	struct zone_devtab tmp_devtab;
6200 	struct zone_rctltab tmp_rctltab;
6201 	struct zone_attrtab tmp_attrtab;
6202 	struct zone_dstab tmp_dstab;
6203 	struct zone_admintab tmp_admintab;
6204 	int err, arg, res1, res2, res3;
6205 	uint64_t swap_limit;
6206 	uint64_t locked_limit;
6207 	uint64_t proc_cap;
6208 
6209 	assert(cmd != NULL);
6210 
6211 	optind = 0;
6212 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6213 		switch (arg) {
6214 		case '?':
6215 			longer_usage(CMD_END);
6216 			arg_err = B_TRUE;
6217 			break;
6218 		default:
6219 			short_usage(CMD_END);
6220 			arg_err = B_TRUE;
6221 			break;
6222 		}
6223 	}
6224 	if (arg_err)
6225 		return;
6226 
6227 	if (optind != cmd->cmd_argc) {
6228 		short_usage(CMD_END);
6229 		return;
6230 	}
6231 
6232 	if (global_scope) {
6233 		scope_usage(CMD_END);
6234 		return;
6235 	}
6236 
6237 	assert(end_op == CMD_ADD || end_op == CMD_SELECT);
6238 
6239 	switch (resource_scope) {
6240 	case RT_FS:
6241 		/* First make sure everything was filled in. */
6242 		if (end_check_reqd(in_progress_fstab.zone_fs_dir,
6243 		    PT_DIR, &validation_failed) == Z_OK) {
6244 			if (in_progress_fstab.zone_fs_dir[0] != '/') {
6245 				zerr(gettext("%s %s is not an absolute path."),
6246 				    pt_to_str(PT_DIR),
6247 				    in_progress_fstab.zone_fs_dir);
6248 				validation_failed = B_TRUE;
6249 			}
6250 		}
6251 
6252 		(void) end_check_reqd(in_progress_fstab.zone_fs_special,
6253 		    PT_SPECIAL, &validation_failed);
6254 
6255 		if (in_progress_fstab.zone_fs_raw[0] != '\0' &&
6256 		    in_progress_fstab.zone_fs_raw[0] != '/') {
6257 			zerr(gettext("%s %s is not an absolute path."),
6258 			    pt_to_str(PT_RAW),
6259 			    in_progress_fstab.zone_fs_raw);
6260 			validation_failed = B_TRUE;
6261 		}
6262 
6263 		(void) end_check_reqd(in_progress_fstab.zone_fs_type, PT_TYPE,
6264 		    &validation_failed);
6265 
6266 		if (validation_failed) {
6267 			saw_error = B_TRUE;
6268 			return;
6269 		}
6270 
6271 		if (end_op == CMD_ADD) {
6272 			/* Make sure there isn't already one like this. */
6273 			bzero(&tmp_fstab, sizeof (tmp_fstab));
6274 			(void) strlcpy(tmp_fstab.zone_fs_dir,
6275 			    in_progress_fstab.zone_fs_dir,
6276 			    sizeof (tmp_fstab.zone_fs_dir));
6277 			err = zonecfg_lookup_filesystem(handle, &tmp_fstab);
6278 			zonecfg_free_fs_option_list(tmp_fstab.zone_fs_options);
6279 			if (err == Z_OK) {
6280 				zerr(gettext("A %s resource "
6281 				    "with the %s '%s' already exists."),
6282 				    rt_to_str(RT_FS), pt_to_str(PT_DIR),
6283 				    in_progress_fstab.zone_fs_dir);
6284 				saw_error = B_TRUE;
6285 				return;
6286 			}
6287 			err = zonecfg_add_filesystem(handle,
6288 			    &in_progress_fstab);
6289 		} else {
6290 			err = zonecfg_modify_filesystem(handle, &old_fstab,
6291 			    &in_progress_fstab);
6292 		}
6293 		zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6294 		in_progress_fstab.zone_fs_options = NULL;
6295 		break;
6296 
6297 	case RT_NET:
6298 		/*
6299 		 * First make sure everything was filled in.
6300 		 * Since we don't know whether IP will be shared
6301 		 * or exclusive here, some checks are deferred until
6302 		 * the verify command.
6303 		 */
6304 		(void) end_check_reqd(in_progress_nwiftab.zone_nwif_physical,
6305 		    PT_PHYSICAL, &validation_failed);
6306 
6307 		if (validation_failed) {
6308 			saw_error = B_TRUE;
6309 			return;
6310 		}
6311 		if (end_op == CMD_ADD) {
6312 			/* Make sure there isn't already one like this. */
6313 			bzero(&tmp_nwiftab, sizeof (tmp_nwiftab));
6314 			(void) strlcpy(tmp_nwiftab.zone_nwif_physical,
6315 			    in_progress_nwiftab.zone_nwif_physical,
6316 			    sizeof (tmp_nwiftab.zone_nwif_physical));
6317 			(void) strlcpy(tmp_nwiftab.zone_nwif_address,
6318 			    in_progress_nwiftab.zone_nwif_address,
6319 			    sizeof (tmp_nwiftab.zone_nwif_address));
6320 			(void) strlcpy(tmp_nwiftab.zone_nwif_allowed_address,
6321 			    in_progress_nwiftab.zone_nwif_allowed_address,
6322 			    sizeof (tmp_nwiftab.zone_nwif_allowed_address));
6323 			(void) strlcpy(tmp_nwiftab.zone_nwif_defrouter,
6324 			    in_progress_nwiftab.zone_nwif_defrouter,
6325 			    sizeof (tmp_nwiftab.zone_nwif_defrouter));
6326 			if (zonecfg_lookup_nwif(handle, &tmp_nwiftab) == Z_OK) {
6327 				net_exists_error(in_progress_nwiftab);
6328 				saw_error = B_TRUE;
6329 				return;
6330 			}
6331 			err = zonecfg_add_nwif(handle, &in_progress_nwiftab);
6332 		} else {
6333 			err = zonecfg_modify_nwif(handle, &old_nwiftab,
6334 			    &in_progress_nwiftab);
6335 		}
6336 		break;
6337 
6338 	case RT_DEVICE:
6339 		/* First make sure everything was filled in. */
6340 		(void) end_check_reqd(in_progress_devtab.zone_dev_match,
6341 		    PT_MATCH, &validation_failed);
6342 
6343 		if (validation_failed) {
6344 			saw_error = B_TRUE;
6345 			return;
6346 		}
6347 
6348 		if (end_op == CMD_ADD) {
6349 			/* Make sure there isn't already one like this. */
6350 			(void) strlcpy(tmp_devtab.zone_dev_match,
6351 			    in_progress_devtab.zone_dev_match,
6352 			    sizeof (tmp_devtab.zone_dev_match));
6353 			if (zonecfg_lookup_dev(handle, &tmp_devtab) == Z_OK) {
6354 				zerr(gettext("A %s resource with the %s '%s' "
6355 				    "already exists."), rt_to_str(RT_DEVICE),
6356 				    pt_to_str(PT_MATCH),
6357 				    in_progress_devtab.zone_dev_match);
6358 				saw_error = B_TRUE;
6359 				return;
6360 			}
6361 			err = zonecfg_add_dev(handle, &in_progress_devtab);
6362 		} else {
6363 			err = zonecfg_modify_dev(handle, &old_devtab,
6364 			    &in_progress_devtab);
6365 		}
6366 		break;
6367 
6368 	case RT_RCTL:
6369 		/* First make sure everything was filled in. */
6370 		(void) end_check_reqd(in_progress_rctltab.zone_rctl_name,
6371 		    PT_NAME, &validation_failed);
6372 
6373 		if (in_progress_rctltab.zone_rctl_valptr == NULL) {
6374 			zerr(gettext("no %s specified"), pt_to_str(PT_VALUE));
6375 			validation_failed = B_TRUE;
6376 		}
6377 
6378 		if (validation_failed) {
6379 			saw_error = B_TRUE;
6380 			return;
6381 		}
6382 
6383 		if (end_op == CMD_ADD) {
6384 			/* Make sure there isn't already one like this. */
6385 			(void) strlcpy(tmp_rctltab.zone_rctl_name,
6386 			    in_progress_rctltab.zone_rctl_name,
6387 			    sizeof (tmp_rctltab.zone_rctl_name));
6388 			tmp_rctltab.zone_rctl_valptr = NULL;
6389 			err = zonecfg_lookup_rctl(handle, &tmp_rctltab);
6390 			zonecfg_free_rctl_value_list(
6391 			    tmp_rctltab.zone_rctl_valptr);
6392 			if (err == Z_OK) {
6393 				zerr(gettext("A %s resource "
6394 				    "with the %s '%s' already exists."),
6395 				    rt_to_str(RT_RCTL), pt_to_str(PT_NAME),
6396 				    in_progress_rctltab.zone_rctl_name);
6397 				saw_error = B_TRUE;
6398 				return;
6399 			}
6400 			err = zonecfg_add_rctl(handle, &in_progress_rctltab);
6401 		} else {
6402 			err = zonecfg_modify_rctl(handle, &old_rctltab,
6403 			    &in_progress_rctltab);
6404 		}
6405 		if (err == Z_OK) {
6406 			zonecfg_free_rctl_value_list(
6407 			    in_progress_rctltab.zone_rctl_valptr);
6408 			in_progress_rctltab.zone_rctl_valptr = NULL;
6409 		}
6410 		break;
6411 
6412 	case RT_ATTR:
6413 		/* First make sure everything was filled in. */
6414 		(void) end_check_reqd(in_progress_attrtab.zone_attr_name,
6415 		    PT_NAME, &validation_failed);
6416 		(void) end_check_reqd(in_progress_attrtab.zone_attr_type,
6417 		    PT_TYPE, &validation_failed);
6418 		(void) end_check_reqd(in_progress_attrtab.zone_attr_value,
6419 		    PT_VALUE, &validation_failed);
6420 
6421 		if (validate_attr_name(in_progress_attrtab.zone_attr_name) !=
6422 		    Z_OK)
6423 			validation_failed = B_TRUE;
6424 
6425 		if (validate_attr_type_val(&in_progress_attrtab) != Z_OK)
6426 			validation_failed = B_TRUE;
6427 
6428 		if (validation_failed) {
6429 			saw_error = B_TRUE;
6430 			return;
6431 		}
6432 		if (end_op == CMD_ADD) {
6433 			/* Make sure there isn't already one like this. */
6434 			bzero(&tmp_attrtab, sizeof (tmp_attrtab));
6435 			(void) strlcpy(tmp_attrtab.zone_attr_name,
6436 			    in_progress_attrtab.zone_attr_name,
6437 			    sizeof (tmp_attrtab.zone_attr_name));
6438 			if (zonecfg_lookup_attr(handle, &tmp_attrtab) == Z_OK) {
6439 				zerr(gettext("An %s resource "
6440 				    "with the %s '%s' already exists."),
6441 				    rt_to_str(RT_ATTR), pt_to_str(PT_NAME),
6442 				    in_progress_attrtab.zone_attr_name);
6443 				saw_error = B_TRUE;
6444 				return;
6445 			}
6446 			err = zonecfg_add_attr(handle, &in_progress_attrtab);
6447 		} else {
6448 			err = zonecfg_modify_attr(handle, &old_attrtab,
6449 			    &in_progress_attrtab);
6450 		}
6451 		break;
6452 	case RT_DATASET:
6453 		/* First make sure everything was filled in. */
6454 		if (strlen(in_progress_dstab.zone_dataset_name) == 0) {
6455 			zerr("%s %s", pt_to_str(PT_NAME),
6456 			    gettext("not specified"));
6457 			saw_error = B_TRUE;
6458 			validation_failed = B_TRUE;
6459 		}
6460 		if (validation_failed)
6461 			return;
6462 		if (end_op == CMD_ADD) {
6463 			/* Make sure there isn't already one like this. */
6464 			bzero(&tmp_dstab, sizeof (tmp_dstab));
6465 			(void) strlcpy(tmp_dstab.zone_dataset_name,
6466 			    in_progress_dstab.zone_dataset_name,
6467 			    sizeof (tmp_dstab.zone_dataset_name));
6468 			err = zonecfg_lookup_ds(handle, &tmp_dstab);
6469 			if (err == Z_OK) {
6470 				zerr(gettext("A %s resource "
6471 				    "with the %s '%s' already exists."),
6472 				    rt_to_str(RT_DATASET), pt_to_str(PT_NAME),
6473 				    in_progress_dstab.zone_dataset_name);
6474 				saw_error = B_TRUE;
6475 				return;
6476 			}
6477 			err = zonecfg_add_ds(handle, &in_progress_dstab);
6478 		} else {
6479 			err = zonecfg_modify_ds(handle, &old_dstab,
6480 			    &in_progress_dstab);
6481 		}
6482 		break;
6483 	case RT_DCPU:
6484 		/* Make sure everything was filled in. */
6485 		if (end_check_reqd(in_progress_psettab.zone_ncpu_min,
6486 		    PT_NCPUS, &validation_failed) != Z_OK) {
6487 			saw_error = B_TRUE;
6488 			return;
6489 		}
6490 
6491 		if (end_op == CMD_ADD) {
6492 			err = zonecfg_add_pset(handle, &in_progress_psettab);
6493 		} else {
6494 			err = zonecfg_modify_pset(handle, &in_progress_psettab);
6495 		}
6496 		break;
6497 	case RT_PCAP:
6498 		/* Make sure everything was filled in. */
6499 		if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &proc_cap)
6500 		    != Z_OK) {
6501 			zerr(gettext("%s not specified"), pt_to_str(PT_NCPUS));
6502 			saw_error = B_TRUE;
6503 			validation_failed = B_TRUE;
6504 			return;
6505 		}
6506 		err = Z_OK;
6507 		break;
6508 	case RT_MCAP:
6509 		/* Make sure everything was filled in. */
6510 		res1 = strlen(in_progress_mcaptab.zone_physmem_cap) == 0 ?
6511 		    Z_ERR : Z_OK;
6512 		res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
6513 		    &swap_limit);
6514 		res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
6515 		    &locked_limit);
6516 
6517 		if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
6518 			zerr(gettext("No property was specified.  One of %s, "
6519 			    "%s or %s is required."), pt_to_str(PT_PHYSICAL),
6520 			    pt_to_str(PT_SWAP), pt_to_str(PT_LOCKED));
6521 			saw_error = B_TRUE;
6522 			return;
6523 		}
6524 
6525 		/* if phys & locked are both set, verify locked <= phys */
6526 		if (res1 == Z_OK && res3 == Z_OK) {
6527 			uint64_t phys_limit;
6528 			char *endp;
6529 
6530 			phys_limit = strtoull(
6531 			    in_progress_mcaptab.zone_physmem_cap, &endp, 10);
6532 			if (phys_limit < locked_limit) {
6533 				zerr(gettext("The %s cap must be less than or "
6534 				    "equal to the %s cap."),
6535 				    pt_to_str(PT_LOCKED),
6536 				    pt_to_str(PT_PHYSICAL));
6537 				saw_error = B_TRUE;
6538 				return;
6539 			}
6540 		}
6541 
6542 		err = Z_OK;
6543 		if (res1 == Z_OK) {
6544 			/*
6545 			 * We could be ending from either an add operation
6546 			 * or a select operation.  Since all of the properties
6547 			 * within this resource are optional, we always use
6548 			 * modify on the mcap entry.  zonecfg_modify_mcap()
6549 			 * will handle both adding and modifying a memory cap.
6550 			 */
6551 			err = zonecfg_modify_mcap(handle, &in_progress_mcaptab);
6552 		} else if (end_op == CMD_SELECT) {
6553 			/*
6554 			 * If we're ending from a select and the physical
6555 			 * memory cap is empty then the user could have cleared
6556 			 * the physical cap value, so try to delete the entry.
6557 			 */
6558 			(void) zonecfg_delete_mcap(handle);
6559 		}
6560 		break;
6561 	case RT_ADMIN:
6562 		/* First make sure everything was filled in. */
6563 		if (end_check_reqd(in_progress_admintab.zone_admin_user,
6564 		    PT_USER, &validation_failed) == Z_OK) {
6565 			if (getpwnam(in_progress_admintab.zone_admin_user)
6566 			    == NULL) {
6567 				zerr(gettext("%s %s is not a valid username"),
6568 				    pt_to_str(PT_USER),
6569 				    in_progress_admintab.zone_admin_user);
6570 				validation_failed = B_TRUE;
6571 			}
6572 		}
6573 
6574 		if (end_check_reqd(in_progress_admintab.zone_admin_auths,
6575 		    PT_AUTHS, &validation_failed) == Z_OK) {
6576 			if (!zonecfg_valid_auths(
6577 			    in_progress_admintab.zone_admin_auths,
6578 			    zone)) {
6579 				validation_failed = B_TRUE;
6580 			}
6581 		}
6582 
6583 		if (validation_failed) {
6584 			saw_error = B_TRUE;
6585 			return;
6586 		}
6587 
6588 		if (end_op == CMD_ADD) {
6589 			/* Make sure there isn't already one like this. */
6590 			bzero(&tmp_admintab, sizeof (tmp_admintab));
6591 			(void) strlcpy(tmp_admintab.zone_admin_user,
6592 			    in_progress_admintab.zone_admin_user,
6593 			    sizeof (tmp_admintab.zone_admin_user));
6594 			err = zonecfg_lookup_admin(
6595 			    handle, &tmp_admintab);
6596 			if (err == Z_OK) {
6597 				zerr(gettext("A %s resource "
6598 				    "with the %s '%s' already exists."),
6599 				    rt_to_str(RT_ADMIN),
6600 				    pt_to_str(PT_USER),
6601 				    in_progress_admintab.zone_admin_user);
6602 				saw_error = B_TRUE;
6603 				return;
6604 			}
6605 			err = zonecfg_add_admin(handle,
6606 			    &in_progress_admintab, zone);
6607 		} else {
6608 			err = zonecfg_modify_admin(handle,
6609 			    &old_admintab, &in_progress_admintab,
6610 			    zone);
6611 		}
6612 		break;
6613 	default:
6614 		zone_perror(rt_to_str(resource_scope), Z_NO_RESOURCE_TYPE,
6615 		    B_TRUE);
6616 		saw_error = B_TRUE;
6617 		return;
6618 	}
6619 
6620 	if (err != Z_OK) {
6621 		zone_perror(zone, err, B_TRUE);
6622 	} else {
6623 		need_to_commit = B_TRUE;
6624 		global_scope = B_TRUE;
6625 		end_op = -1;
6626 	}
6627 }
6628 
6629 void
6630 commit_func(cmd_t *cmd)
6631 {
6632 	int arg;
6633 	boolean_t arg_err = B_FALSE;
6634 
6635 	optind = 0;
6636 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6637 		switch (arg) {
6638 		case '?':
6639 			longer_usage(CMD_COMMIT);
6640 			arg_err = B_TRUE;
6641 			break;
6642 		default:
6643 			short_usage(CMD_COMMIT);
6644 			arg_err = B_TRUE;
6645 			break;
6646 		}
6647 	}
6648 	if (arg_err)
6649 		return;
6650 
6651 	if (optind != cmd->cmd_argc) {
6652 		short_usage(CMD_COMMIT);
6653 		return;
6654 	}
6655 
6656 	if (zone_is_read_only(CMD_COMMIT))
6657 		return;
6658 
6659 	assert(cmd != NULL);
6660 
6661 	cmd->cmd_argc = 1;
6662 	/*
6663 	 * cmd_arg normally comes from a strdup() in the lexer, and the
6664 	 * whole cmd structure and its (char *) attributes are freed at
6665 	 * the completion of each command, so the strdup() below is needed
6666 	 * to match this and prevent a core dump from trying to free()
6667 	 * something that can't be.
6668 	 */
6669 	if ((cmd->cmd_argv[0] = strdup("save")) == NULL) {
6670 		zone_perror(zone, Z_NOMEM, B_TRUE);
6671 		exit(Z_ERR);
6672 	}
6673 	cmd->cmd_argv[1] = NULL;
6674 	verify_func(cmd);
6675 }
6676 
6677 void
6678 revert_func(cmd_t *cmd)
6679 {
6680 	char line[128];	/* enough to ask a question */
6681 	boolean_t force = B_FALSE;
6682 	boolean_t arg_err = B_FALSE;
6683 	int err, arg, answer;
6684 
6685 	optind = 0;
6686 	while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
6687 		switch (arg) {
6688 		case '?':
6689 			longer_usage(CMD_REVERT);
6690 			arg_err = B_TRUE;
6691 			break;
6692 		case 'F':
6693 			force = B_TRUE;
6694 			break;
6695 		default:
6696 			short_usage(CMD_REVERT);
6697 			arg_err = B_TRUE;
6698 			break;
6699 		}
6700 	}
6701 	if (arg_err)
6702 		return;
6703 
6704 	if (optind != cmd->cmd_argc) {
6705 		short_usage(CMD_REVERT);
6706 		return;
6707 	}
6708 
6709 	if (zone_is_read_only(CMD_REVERT))
6710 		return;
6711 
6712 	if (!global_scope) {
6713 		zerr(gettext("You can only use %s in the global scope.\nUse"
6714 		    " '%s' to cancel changes to a resource specification."),
6715 		    cmd_to_str(CMD_REVERT), cmd_to_str(CMD_CANCEL));
6716 		saw_error = B_TRUE;
6717 		return;
6718 	}
6719 
6720 	if (zonecfg_check_handle(handle) != Z_OK) {
6721 		zerr(gettext("No changes to revert."));
6722 		saw_error = B_TRUE;
6723 		return;
6724 	}
6725 
6726 	if (!force) {
6727 		(void) snprintf(line, sizeof (line),
6728 		    gettext("Are you sure you want to revert"));
6729 		if ((answer = ask_yesno(B_FALSE, line)) == -1) {
6730 			zerr(gettext("Input not from terminal and -F not "
6731 			    "specified:\n%s command ignored, exiting."),
6732 			    cmd_to_str(CMD_REVERT));
6733 			exit(Z_ERR);
6734 		}
6735 		if (answer != 1)
6736 			return;
6737 	}
6738 
6739 	/*
6740 	 * Reset any pending admins that were
6741 	 * removed from the previous zone
6742 	 */
6743 	zonecfg_remove_userauths(handle, "", zone, B_FALSE);
6744 
6745 	/*
6746 	 * Time for a new handle: finish the old one off first
6747 	 * then get a new one properly to avoid leaks.
6748 	 */
6749 	zonecfg_fini_handle(handle);
6750 	if ((handle = zonecfg_init_handle()) == NULL) {
6751 		zone_perror(execname, Z_NOMEM, B_TRUE);
6752 		exit(Z_ERR);
6753 	}
6754 
6755 	if ((err = zonecfg_get_handle(revert_zone, handle)) != Z_OK) {
6756 		saw_error = B_TRUE;
6757 		got_handle = B_FALSE;
6758 		if (err == Z_NO_ZONE)
6759 			zerr(gettext("%s: no such saved zone to revert to."),
6760 			    revert_zone);
6761 		else
6762 			zone_perror(zone, err, B_TRUE);
6763 	}
6764 	(void) strlcpy(zone, revert_zone, sizeof (zone));
6765 }
6766 
6767 void
6768 help_func(cmd_t *cmd)
6769 {
6770 	int i;
6771 
6772 	assert(cmd != NULL);
6773 
6774 	if (cmd->cmd_argc == 0) {
6775 		usage(B_TRUE, global_scope ? HELP_SUBCMDS : HELP_RES_SCOPE);
6776 		return;
6777 	}
6778 	if (strcmp(cmd->cmd_argv[0], "usage") == 0) {
6779 		usage(B_TRUE, HELP_USAGE);
6780 		return;
6781 	}
6782 	if (strcmp(cmd->cmd_argv[0], "commands") == 0) {
6783 		usage(B_TRUE, HELP_SUBCMDS);
6784 		return;
6785 	}
6786 	if (strcmp(cmd->cmd_argv[0], "syntax") == 0) {
6787 		usage(B_TRUE, HELP_SYNTAX | HELP_RES_PROPS);
6788 		return;
6789 	}
6790 	if (strcmp(cmd->cmd_argv[0], "-?") == 0) {
6791 		longer_usage(CMD_HELP);
6792 		return;
6793 	}
6794 
6795 	for (i = 0; i <= CMD_MAX; i++) {
6796 		if (strcmp(cmd->cmd_argv[0], cmd_to_str(i)) == 0) {
6797 			longer_usage(i);
6798 			return;
6799 		}
6800 	}
6801 	/* We do not use zerr() here because we do not want its extra \n. */
6802 	(void) fprintf(stderr, gettext("Unknown help subject %s.  "),
6803 	    cmd->cmd_argv[0]);
6804 	usage(B_FALSE, HELP_META);
6805 }
6806 
6807 static int
6808 string_to_yyin(char *string)
6809 {
6810 	if ((yyin = tmpfile()) == NULL) {
6811 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6812 		return (Z_ERR);
6813 	}
6814 	if (fwrite(string, strlen(string), 1, yyin) != 1) {
6815 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6816 		return (Z_ERR);
6817 	}
6818 	if (fseek(yyin, 0, SEEK_SET) != 0) {
6819 		zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6820 		return (Z_ERR);
6821 	}
6822 	return (Z_OK);
6823 }
6824 
6825 /* This is the back-end helper function for read_input() below. */
6826 
6827 static int
6828 cleanup()
6829 {
6830 	int answer;
6831 	cmd_t *cmd;
6832 
6833 	if (!interactive_mode && !cmd_file_mode) {
6834 		/*
6835 		 * If we're not in interactive mode, and we're not in command
6836 		 * file mode, then we must be in commands-from-the-command-line
6837 		 * mode.  As such, we can't loop back and ask for more input.
6838 		 * It was OK to prompt for such things as whether or not to
6839 		 * really delete a zone in the command handler called from
6840 		 * yyparse() above, but "really quit?" makes no sense in this
6841 		 * context.  So disable prompting.
6842 		 */
6843 		ok_to_prompt = B_FALSE;
6844 	}
6845 	if (!global_scope) {
6846 		if (!time_to_exit) {
6847 			/*
6848 			 * Just print a simple error message in the -1 case,
6849 			 * since exit_func() already handles that case, and
6850 			 * EOF means we are finished anyway.
6851 			 */
6852 			answer = ask_yesno(B_FALSE,
6853 			    gettext("Resource incomplete; really quit"));
6854 			if (answer == -1) {
6855 				zerr(gettext("Resource incomplete."));
6856 				return (Z_ERR);
6857 			}
6858 			if (answer != 1) {
6859 				yyin = stdin;
6860 				return (Z_REPEAT);
6861 			}
6862 		} else {
6863 			saw_error = B_TRUE;
6864 		}
6865 	}
6866 	/*
6867 	 * Make sure we tried something and that the handle checks
6868 	 * out, or we would get a false error trying to commit.
6869 	 */
6870 	if (need_to_commit && zonecfg_check_handle(handle) == Z_OK) {
6871 		if ((cmd = alloc_cmd()) == NULL) {
6872 			zone_perror(zone, Z_NOMEM, B_TRUE);
6873 			return (Z_ERR);
6874 		}
6875 		cmd->cmd_argc = 0;
6876 		cmd->cmd_argv[0] = NULL;
6877 		commit_func(cmd);
6878 		free_cmd(cmd);
6879 		/*
6880 		 * need_to_commit will get set back to FALSE if the
6881 		 * configuration is saved successfully.
6882 		 */
6883 		if (need_to_commit) {
6884 			if (force_exit) {
6885 				zerr(gettext("Configuration not saved."));
6886 				return (Z_ERR);
6887 			}
6888 			answer = ask_yesno(B_FALSE,
6889 			    gettext("Configuration not saved; really quit"));
6890 			if (answer == -1) {
6891 				zerr(gettext("Configuration not saved."));
6892 				return (Z_ERR);
6893 			}
6894 			if (answer != 1) {
6895 				time_to_exit = B_FALSE;
6896 				yyin = stdin;
6897 				return (Z_REPEAT);
6898 			}
6899 		}
6900 	}
6901 	return ((need_to_commit || saw_error) ? Z_ERR : Z_OK);
6902 }
6903 
6904 /*
6905  * read_input() is the driver of this program.  It is a wrapper around
6906  * yyparse(), printing appropriate prompts when needed, checking for
6907  * exit conditions and reacting appropriately [the latter in its cleanup()
6908  * helper function].
6909  *
6910  * Like most zonecfg functions, it returns Z_OK or Z_ERR, *or* Z_REPEAT
6911  * so do_interactive() knows that we are not really done (i.e, we asked
6912  * the user if we should really quit and the user said no).
6913  */
6914 static int
6915 read_input()
6916 {
6917 	boolean_t yyin_is_a_tty = isatty(fileno(yyin));
6918 	/*
6919 	 * The prompt is "e:z> " or "e:z:r> " where e is execname, z is zone
6920 	 * and r is resource_scope: 5 is for the two ":"s + "> " + terminator.
6921 	 */
6922 	char prompt[MAXPATHLEN + ZONENAME_MAX + MAX_RT_STRLEN + 5], *line;
6923 
6924 	/* yyin should have been set to the appropriate (FILE *) if not stdin */
6925 	newline_terminated = B_TRUE;
6926 	for (;;) {
6927 		if (yyin_is_a_tty) {
6928 			if (newline_terminated) {
6929 				if (global_scope)
6930 					(void) snprintf(prompt, sizeof (prompt),
6931 					    "%s:%s> ", execname, zone);
6932 				else
6933 					(void) snprintf(prompt, sizeof (prompt),
6934 					    "%s:%s:%s> ", execname, zone,
6935 					    rt_to_str(resource_scope));
6936 			}
6937 			/*
6938 			 * If the user hits ^C then we want to catch it and
6939 			 * start over.  If the user hits EOF then we want to
6940 			 * bail out.
6941 			 */
6942 			line = gl_get_line(gl, prompt, NULL, -1);
6943 			if (gl_return_status(gl) == GLR_SIGNAL) {
6944 				gl_abandon_line(gl);
6945 				continue;
6946 			}
6947 			if (line == NULL)
6948 				break;
6949 			(void) string_to_yyin(line);
6950 			while (!feof(yyin))
6951 				yyparse();
6952 		} else {
6953 			yyparse();
6954 		}
6955 		/* Bail out on an error in command file mode. */
6956 		if (saw_error && cmd_file_mode && !interactive_mode)
6957 			time_to_exit = B_TRUE;
6958 		if (time_to_exit || (!yyin_is_a_tty && feof(yyin)))
6959 			break;
6960 	}
6961 	return (cleanup());
6962 }
6963 
6964 /*
6965  * This function is used in the zonecfg-interactive-mode scenario: it just
6966  * calls read_input() until we are done.
6967  */
6968 
6969 static int
6970 do_interactive(void)
6971 {
6972 	int err;
6973 
6974 	interactive_mode = B_TRUE;
6975 	if (!read_only_mode) {
6976 		/*
6977 		 * Try to set things up proactively in interactive mode, so
6978 		 * that if the zone in question does not exist yet, we can
6979 		 * provide the user with a clue.
6980 		 */
6981 		(void) initialize(B_FALSE);
6982 	}
6983 	do {
6984 		err = read_input();
6985 	} while (err == Z_REPEAT);
6986 	return (err);
6987 }
6988 
6989 /*
6990  * cmd_file is slightly more complicated, as it has to open the command file
6991  * and set yyin appropriately.  Once that is done, though, it just calls
6992  * read_input(), and only once, since prompting is not possible.
6993  */
6994 
6995 static int
6996 cmd_file(char *file)
6997 {
6998 	FILE *infile;
6999 	int err;
7000 	struct stat statbuf;
7001 	boolean_t using_real_file = (strcmp(file, "-") != 0);
7002 
7003 	if (using_real_file) {
7004 		/*
7005 		 * zerr() prints a line number in cmd_file_mode, which we do
7006 		 * not want here, so temporarily unset it.
7007 		 */
7008 		cmd_file_mode = B_FALSE;
7009 		if ((infile = fopen(file, "r")) == NULL) {
7010 			zerr(gettext("could not open file %s: %s"),
7011 			    file, strerror(errno));
7012 			return (Z_ERR);
7013 		}
7014 		if ((err = fstat(fileno(infile), &statbuf)) != 0) {
7015 			zerr(gettext("could not stat file %s: %s"),
7016 			    file, strerror(errno));
7017 			err = Z_ERR;
7018 			goto done;
7019 		}
7020 		if (!S_ISREG(statbuf.st_mode)) {
7021 			zerr(gettext("%s is not a regular file."), file);
7022 			err = Z_ERR;
7023 			goto done;
7024 		}
7025 		yyin = infile;
7026 		cmd_file_mode = B_TRUE;
7027 		ok_to_prompt = B_FALSE;
7028 	} else {
7029 		/*
7030 		 * "-f -" is essentially the same as interactive mode,
7031 		 * so treat it that way.
7032 		 */
7033 		interactive_mode = B_TRUE;
7034 	}
7035 	/* Z_REPEAT is for interactive mode; treat it like Z_ERR here. */
7036 	if ((err = read_input()) == Z_REPEAT)
7037 		err = Z_ERR;
7038 done:
7039 	if (using_real_file)
7040 		(void) fclose(infile);
7041 	return (err);
7042 }
7043 
7044 /*
7045  * Since yacc is based on reading from a (FILE *) whereas what we get from
7046  * the command line is in argv format, we need to convert when the user
7047  * gives us commands directly from the command line.  That is done here by
7048  * concatenating the argv list into a space-separated string, writing it
7049  * to a temp file, and rewinding the file so yyin can be set to it.  Then
7050  * we call read_input(), and only once, since prompting about whether to
7051  * continue or quit would make no sense in this context.
7052  */
7053 
7054 static int
7055 one_command_at_a_time(int argc, char *argv[])
7056 {
7057 	char *command;
7058 	size_t len = 2; /* terminal \n\0 */
7059 	int i, err;
7060 
7061 	for (i = 0; i < argc; i++)
7062 		len += strlen(argv[i]) + 1;
7063 	if ((command = malloc(len)) == NULL) {
7064 		zone_perror(execname, Z_NOMEM, B_TRUE);
7065 		return (Z_ERR);
7066 	}
7067 	(void) strlcpy(command, argv[0], len);
7068 	for (i = 1; i < argc; i++) {
7069 		(void) strlcat(command, " ", len);
7070 		(void) strlcat(command, argv[i], len);
7071 	}
7072 	(void) strlcat(command, "\n", len);
7073 	err = string_to_yyin(command);
7074 	free(command);
7075 	if (err != Z_OK)
7076 		return (err);
7077 	while (!feof(yyin))
7078 		yyparse();
7079 	return (cleanup());
7080 }
7081 
7082 static char *
7083 get_execbasename(char *execfullname)
7084 {
7085 	char *last_slash, *execbasename;
7086 
7087 	/* guard against '/' at end of command invocation */
7088 	for (;;) {
7089 		last_slash = strrchr(execfullname, '/');
7090 		if (last_slash == NULL) {
7091 			execbasename = execfullname;
7092 			break;
7093 		} else {
7094 			execbasename = last_slash + 1;
7095 			if (*execbasename == '\0') {
7096 				*last_slash = '\0';
7097 				continue;
7098 			}
7099 			break;
7100 		}
7101 	}
7102 	return (execbasename);
7103 }
7104 
7105 int
7106 main(int argc, char *argv[])
7107 {
7108 	int err, arg;
7109 	struct stat st;
7110 
7111 	/* This must be before anything goes to stdout. */
7112 	setbuf(stdout, NULL);
7113 
7114 	saw_error = B_FALSE;
7115 	cmd_file_mode = B_FALSE;
7116 	execname = get_execbasename(argv[0]);
7117 
7118 	(void) setlocale(LC_ALL, "");
7119 	(void) textdomain(TEXT_DOMAIN);
7120 
7121 	if (getzoneid() != GLOBAL_ZONEID) {
7122 		zerr(gettext("%s can only be run from the global zone."),
7123 		    execname);
7124 		exit(Z_ERR);
7125 	}
7126 
7127 	if (argc < 2) {
7128 		usage(B_FALSE, HELP_USAGE | HELP_SUBCMDS);
7129 		exit(Z_USAGE);
7130 	}
7131 	if (strcmp(argv[1], cmd_to_str(CMD_HELP)) == 0) {
7132 		(void) one_command_at_a_time(argc - 1, &(argv[1]));
7133 		exit(Z_OK);
7134 	}
7135 
7136 	while ((arg = getopt(argc, argv, "?f:R:z:")) != EOF) {
7137 		switch (arg) {
7138 		case '?':
7139 			if (optopt == '?')
7140 				usage(B_TRUE, HELP_USAGE | HELP_SUBCMDS);
7141 			else
7142 				usage(B_FALSE, HELP_USAGE);
7143 			exit(Z_USAGE);
7144 			/* NOTREACHED */
7145 		case 'f':
7146 			cmd_file_name = optarg;
7147 			cmd_file_mode = B_TRUE;
7148 			break;
7149 		case 'R':
7150 			if (*optarg != '/') {
7151 				zerr(gettext("root path must be absolute: %s"),
7152 				    optarg);
7153 				exit(Z_USAGE);
7154 			}
7155 			if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
7156 				zerr(gettext(
7157 				    "root path must be a directory: %s"),
7158 				    optarg);
7159 				exit(Z_USAGE);
7160 			}
7161 			zonecfg_set_root(optarg);
7162 			break;
7163 		case 'z':
7164 			if (strcmp(optarg, GLOBAL_ZONENAME) == 0) {
7165 				global_zone = B_TRUE;
7166 			} else if (zonecfg_validate_zonename(optarg) != Z_OK) {
7167 				zone_perror(optarg, Z_BOGUS_ZONE_NAME, B_TRUE);
7168 				usage(B_FALSE, HELP_SYNTAX);
7169 				exit(Z_USAGE);
7170 			}
7171 			(void) strlcpy(zone, optarg, sizeof (zone));
7172 			(void) strlcpy(revert_zone, optarg, sizeof (zone));
7173 			break;
7174 		default:
7175 			usage(B_FALSE, HELP_USAGE);
7176 			exit(Z_USAGE);
7177 		}
7178 	}
7179 
7180 	if (optind > argc || strcmp(zone, "") == 0) {
7181 		usage(B_FALSE, HELP_USAGE);
7182 		exit(Z_USAGE);
7183 	}
7184 
7185 	if ((err = zonecfg_access(zone, W_OK)) == Z_OK) {
7186 		read_only_mode = B_FALSE;
7187 	} else if (err == Z_ACCES) {
7188 		read_only_mode = B_TRUE;
7189 		/* skip this message in one-off from command line mode */
7190 		if (optind == argc)
7191 			(void) fprintf(stderr, gettext("WARNING: you do not "
7192 			    "have write access to this zone's configuration "
7193 			    "file;\ngoing into read-only mode.\n"));
7194 	} else {
7195 		fprintf(stderr, "%s: Could not access zone configuration "
7196 		    "store: %s\n", execname, zonecfg_strerror(err));
7197 		exit(Z_ERR);
7198 	}
7199 
7200 	if ((handle = zonecfg_init_handle()) == NULL) {
7201 		zone_perror(execname, Z_NOMEM, B_TRUE);
7202 		exit(Z_ERR);
7203 	}
7204 
7205 	/*
7206 	 * This may get set back to FALSE again in cmd_file() if cmd_file_name
7207 	 * is a "real" file as opposed to "-" (i.e. meaning use stdin).
7208 	 */
7209 	if (isatty(STDIN_FILENO))
7210 		ok_to_prompt = B_TRUE;
7211 	if ((gl = new_GetLine(MAX_LINE_LEN, MAX_CMD_HIST)) == NULL)
7212 		exit(Z_ERR);
7213 	if (gl_customize_completion(gl, NULL, cmd_cpl_fn) != 0)
7214 		exit(Z_ERR);
7215 	(void) sigset(SIGINT, SIG_IGN);
7216 	if (optind == argc) {
7217 		if (!cmd_file_mode)
7218 			err = do_interactive();
7219 		else
7220 			err = cmd_file(cmd_file_name);
7221 	} else {
7222 		err = one_command_at_a_time(argc - optind, &(argv[optind]));
7223 	}
7224 	zonecfg_fini_handle(handle);
7225 	if (brand != NULL)
7226 		brand_close(brand);
7227 	(void) del_GetLine(gl);
7228 	return (err);
7229 }
7230