xref: /titanic_52/usr/src/lib/libbrand/dtd/brand.dtd.1 (revision 8e4728571e959f3afb368407b22125278412c9d4)
1<?xml version='1.0' encoding='UTF-8' ?>
2
3<!--
4 CDDL HEADER START
5
6 The contents of this file are subject to the terms of the
7 Common Development and Distribution License (the "License").
8 You may not use this file except in compliance with the License.
9
10 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
11 or http://www.opensolaris.org/os/licensing.
12 See the License for the specific language governing permissions
13 and limitations under the License.
14
15 When distributing Covered Code, include this CDDL HEADER in each
16 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
17 If applicable, add the following below this CDDL HEADER, with the
18 fields enclosed by brackets "[]" replaced with your own identifying
19 information: Portions Copyright [yyyy] [name of copyright owner]
20
21 CDDL HEADER END
22
23 Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
24 Use is subject to license terms.
25
26 ident	"%Z%%M%	%I%	%E% SMI"
27
28 DO NOT EDIT THIS FILE.
29-->
30
31<!--
32  verify_cfg
33
34    Identifies the program to be invoked by zonecfg to verify that the
35    zone's configuration is legal, and that all the configured devices,
36    attributes, etc. are legal for this brand.
37
38    The program is called with a single argument: the path to a file
39    containing a temporary config.xml file the zone.  It should return 0
40    on success and non-0 on failure.  Any detailed error messages should be
41    displayed to stderr.
42
43    It has no attributes.
44
45-->
46<!ELEMENT verify_cfg	(#PCDATA) >
47<!ATTLIST verify_cfg>
48<!--
49  verify_adm
50
51    Identifies the program invoked by zoneadm to perform brand-specific
52    checks as to the viability of a zone on this specific machine.
53
54    The following replacements are performed:
55
56      %z	Name of zone
57      %R	Root of zone
58      %*	Additional arguments, if any
59
60    The program should return 0 on success and non-0 on failure.  Any
61    detailed error messages should be displayed to stderr.
62
63    It has no attributes.
64
65-->
66<!ELEMENT verify_adm	(#PCDATA) >
67<!ATTLIST verify_adm>
68
69<!--
70  install
71
72    Identifies the program to invoke when installing a zone.  The following
73    replacements are performed:
74
75      %z	Name of zone
76      %R	Root of zone
77      %*	Additional arguments, if any
78
79    It has no attributes.
80-->
81<!ELEMENT install	(#PCDATA) >
82<!ATTLIST install>
83
84<!--
85  installopts
86
87    Identifies the command-line options supported by the brand's
88    installation program, allowing zoneadm to parse the install line
89    properly.
90
91    It has no attributes.
92-->
93<!ELEMENT installopts	(#PCDATA) >
94<!ATTLIST installopts>
95
96<!--
97  boot
98
99    This is a program which gets run by zoneadmd when a zone is booted.
100    The program will be invoked as the last step in the zone booting
101    process before the the first process is spawned inside the zone.
102
103    If this programs succeeds it should not generate any output.
104    If this program returns an error, any output generated by the
105    program will be sent to the zoneadmd message log.
106
107    The following replacements are performed:
108
109      %z	Name of zone
110      %R	Root of zone
111      %*	Additional arguments, if any
112
113    It has no attributes.
114-->
115<!ELEMENT boot	(#PCDATA) >
116<!ATTLIST boot>
117
118<!--
119  halt
120
121    This is a program which gets run by zoneadmd when a zone is being
122    halted.  This callback is provided to allow a brand to cleanup any
123    special configuration that was setup during boot.
124
125    This program will also be invoked by zoneadmd if any part of the zone
126    booting process fail, even if the booting process failed before the
127    brand boot program was invoked.  It is also possible that if the zone
128    fails to halt after invoking this program, future attempts to halt the
129    zone will invoke this program again.  So this program should be
130    designed to clean up any resources allocated to a zone but it should
131    also be able to gracefully handle the case where resources that it
132    expects to release are not actually allocated (or have been already
133    released.)
134
135    If this programs succeeds it should not generate any output.  If this
136    program returns an error, any output generated by the program will be
137    sent to the zoneadmd message log.
138
139    The following replacements are performed:
140
141      %z	Name of zone
142      %R	Root of zone
143      %*	Additional arguments, if any
144
145    It has no attributes.
146-->
147<!ELEMENT halt	(#PCDATA) >
148<!ATTLIST halt>
149
150<!--
151  modname
152
153    Path to the kernel module that implements the kernel-level
154    functionality of the brand.
155
156    It has no attributes.
157-->
158<!ELEMENT modname	(#PCDATA) >
159<!ATTLIST modname>
160
161<!--
162  initname
163
164    Path to the initial executable that should be launched when booting a
165    branded zone.
166
167    It has no attributes.
168-->
169<!ELEMENT initname	(#PCDATA) >
170<!ATTLIST initname>
171
172<!--
173  login_cmd
174
175    Path to the initial login binary that should be executed when
176    attempting to zlogin into a branded zone.
177
178    The following replacements are performed:
179
180      %Z	Name of the current zone
181      %u	User login name
182
183    It has no attributes.
184-->
185<!ELEMENT login_cmd	(#PCDATA) >
186<!ATTLIST login_cmd>
187
188<!--
189  user_cmd
190
191    Path to the binary that will translate a user name to a passwd(4) entry.
192
193    The following replacements are performed:
194
195      %u        User login name
196
197    It has no attributes.  The passwd(4) entry is used to determine $LOGNAME,
198    $HOME, and $SHELL for non-interactive "zlogin -l <user> <cmd>".
199-->
200<!ELEMENT user_cmd   (#PCDATA) >
201<!ATTLIST user_cmd>
202
203<!--
204  postattach
205
206    Path to a script that will perform any necessary post-processing on
207    a zone after it has been attached.  The additional argument could be '-F'
208    if this is a forced attach.
209
210    If this program exits with a non-zero exit status, the attach operation
211    will fail.
212
213    The following replacements are performed:
214
215      %z	Name of zone
216      %R	Root of zone
217      %*	Additional arguments, if any
218
219    It has no attributes.
220-->
221<!ELEMENT postattach	(#PCDATA) >
222<!ATTLIST postattach>
223
224<!--
225  postclone
226
227    Path to a script that will perform any necessary post-processing on
228    a zone after it has been freshly copied.
229
230    The following replacements are performed:
231
232      %z	Name of zone
233      %R	Root of zone
234      %*	Additional arguments, if any
235
236    It has no attributes.
237-->
238<!ELEMENT postclone	(#PCDATA) >
239<!ATTLIST postclone>
240
241<!--
242  postinstall
243
244    Path to a script that will perform any necessary post-processing on
245    a zone after it has been freshly installed.  This hook will run after the
246    install hook completes and the zone is in the installed state.  The
247    additional arguments are the same as what is passed to the install hook.
248
249    The following replacements are performed:
250
251      %z	Name of zone
252      %R	Root of zone
253      %*	Additional arguments, if any
254
255    It has no attributes.
256-->
257<!ELEMENT postinstall	(#PCDATA) >
258<!ATTLIST postinstall>
259
260<!--
261  predetach
262
263    Path to a script that will perform any necessary pre-processing on
264    a zone before it is detached.  The additional argument could be '-n'
265    if this is a dry-run detach.
266
267    It is possible that if the zone fails to detach after invoking this
268    program, future attempts to detach the zone will invoke this program again.
269    So this program should be designed to gracefully handle the case where
270    it is run multiple times on the same zone.  If this program exits with
271    a non-zero exit status, the detach operation will fail.
272
273    The following replacements are performed:
274
275      %z	Name of zone
276      %R	Root of zone
277      %*	Additional arguments, if any
278
279    It has no attributes.
280-->
281<!ELEMENT predetach	(#PCDATA) >
282<!ATTLIST predetach>
283
284<!--
285  preuninstall
286
287    Path to a script that will perform any necessary pre-processing on
288    a zone before it is uninstalled.  The additional argument could be '-F'
289    if this is a forced uninstall.
290
291    It is possible that if the zone fails to uninstall after invoking this
292    program, future attempts to uninstall the zone will invoke this program
293    again.  So this program should be designed to gracefully handle the case
294    where it is run multiple times on the same zone.  If this program exits
295    with a non-zero exit status, the uninstall operation will fail.
296
297    The following replacements are performed:
298
299      %z	Name of zone
300      %R	Root of zone
301      %*	Additional arguments, if any
302
303    It has no attributes.
304-->
305<!ELEMENT preuninstall	(#PCDATA) >
306<!ATTLIST preuninstall>
307
308<!--
309  privilege
310
311    Add a privilege to the default, prohibited, or required set for all
312    zones of this brand with ip-type matched.  If a privilege is added
313    to the default set all zones of this brand with ip-type matched on
314    the system will inherit this privilege unless the privilege is
315    removed via limitpriv in zonecfg(1m).  If a privilege is added to
316    the prohibited set it can not be added to any zones with ip-type
317    matched via limitpriv in zonecfg(1m).  If a privilege is added to
318    the required set then all zones of this brand with ip-type matched
319    on the system will inherit this privilege and it can't be removed via
320    limitpriv in zonecfg(1m).
321
322    Its attributes are
323      set	The name of the set the privilege should go into.
324      name	The name of the privilege.
325      ip-type	Optional, indicates that adding of the privilege to the
326		set only applies to certain IP types. Can be "shared" or
327		"exclusive". If it is not specified, the default value
328		"all" will be used, which means it is applicable regardless
329		the IP type.
330
331-->
332<!ELEMENT privilege	(#PCDATA) >
333<!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED
334			name	CDATA #REQUIRED
335			ip-type ( shared | exclusive ) "all" >
336
337<!--
338  brand
339
340    The toplevel container for a brand configuration.
341
342    Its attributes are
343
344      name	The name of the brand.  This must match the name of the
345		directory in which the configuration file is stored.
346-->
347
348<!ELEMENT brand		(modname?, initname, login_cmd, user_cmd, install,
349			installopts?, boot?, halt?, verify_cfg?, verify_adm?,
350			postattach?, postclone?, postinstall?, predetach?,
351			preuninstall?, privilege+)>
352
353<!ATTLIST brand		name		CDATA #REQUIRED>
354