831 bzero(&a, sizeof (a));
832 (void) strlcpy(a.zone_attr_name, "restart-init",
833 sizeof (a.zone_attr_name));
834
835 if (zonecfg_lookup_attr(snap_hndl, &a) == Z_OK) {
836 if (strcmp(a.zone_attr_value, "false") == 0)
837 return (B_FALSE);
838 return (B_TRUE);
839 }
840
841 return (brand_restartinit(bh));
842 }
843 #endif /* XXX KEBE */
844
845 /*
846 * Get the app-svc-dependent flag for this zone's init process. This is a
847 * zone-specific attr which controls the type of contract we create for the
848 * zone's init. When true, the contract will include CT_PR_EV_EXIT in the fatal
849 * set, so that when any service which is in the same contract exits, the init
850 * application will be terminated.
851 */
852 static boolean_t
853 is_app_svc_dep(brand_handle_t bh)
854 {
855 struct zone_attrtab a;
856
857 bzero(&a, sizeof (a));
858 (void) strlcpy(a.zone_attr_name, "app-svc-dependent",
859 sizeof (a.zone_attr_name));
860
861 if (zonecfg_lookup_attr(snap_hndl, &a) == Z_OK &&
862 strcmp(a.zone_attr_value, "true") == 0) {
863 return (B_TRUE);
864 }
865
866 return (B_FALSE);
867 }
868
869 static int
870 zone_bootup(zlog_t *zlogp, const char *bootargs, int zstate)
871 {
872 zoneid_t zoneid;
873 struct stat st;
923 "unable to determine branded zone's boot callback");
924 brand_close(bh);
925 goto bad;
926 }
927
928 /* Get the path for this zone's init(1M) (or equivalent) process. */
929 if (brand_get_initname(bh, init_file, MAXPATHLEN) != 0) {
930 zerror(zlogp, B_FALSE,
931 "unable to determine zone's init(1M) location");
932 brand_close(bh);
933 goto bad;
934 }
935
936 /* See if this zone's brand should restart init if it dies. */
937 restart_init = brand_restartinit(bh);
938
939 /*
940 * See if we need to setup contract dependencies between the zone's
941 * primary application and any of its services.
942 */
943 app_svc_dep = is_app_svc_dep(bh);
944
945 brand_close(bh);
946
947 err = filter_bootargs(zlogp, bootargs, nbootargs, init_file);
948 if (err != Z_OK)
949 goto bad;
950
951 assert(init_file[0] != '\0');
952
953 /*
954 * Try to anticipate possible problems: If possible, make sure init is
955 * executable.
956 */
957 if (zone_get_rootpath(zone_name, rpath, sizeof (rpath)) != Z_OK) {
958 zerror(zlogp, B_FALSE, "unable to determine zone root");
959 goto bad;
960 }
961
962 (void) snprintf(initpath, sizeof (initpath), "%s%s", rpath, init_file);
963
964 if (lstat(initpath, &st) == -1) {
965 zerror(zlogp, B_TRUE, "could not stat %s", initpath);
966 goto bad;
967 }
968
969 if ((st.st_mode & S_IFMT) == S_IFLNK) {
970 /* symlink, we'll have to wait and resolve when we boot */
971 } else if ((st.st_mode & S_IXUSR) == 0) {
972 zerror(zlogp, B_FALSE, "%s is not executable", initpath);
973 goto bad;
974 }
975
976 /*
977 * Exclusive stack zones interact with the dlmgmtd running in the
978 * global zone. dladm_zone_boot() tells dlmgmtd that this zone is
979 * booting, and loads its datalinks from the zone's datalink
980 * configuration file.
981 */
982 if (vplat_get_iptype(zlogp, &iptype) == 0 && iptype == ZS_EXCLUSIVE) {
983 status = dladm_zone_boot(dld_handle, zoneid);
984 if (status != DLADM_STATUS_OK) {
985 zerror(zlogp, B_FALSE, "unable to load zone datalinks: "
986 " %s", dladm_status2str(status, errmsg));
987 goto bad;
988 }
989 }
990
991 /*
1279 return;
1280
1281 (void) write(fd, buf, strlen(buf));
1282
1283 (void) close(fd);
1284 }
1285
1286 /*
1287 * The main routine for the door server that deals with zone state transitions.
1288 */
1289 /* ARGSUSED */
1290 static void
1291 server(void *cookie, char *args, size_t alen, door_desc_t *dp,
1292 uint_t n_desc)
1293 {
1294 ucred_t *uc = NULL;
1295 const priv_set_t *eset;
1296
1297 zone_state_t zstate;
1298 zone_cmd_t cmd;
1299 boolean_t debug;
1300 int init_status;
1301 zone_cmd_arg_t *zargp;
1302
1303 boolean_t kernelcall;
1304
1305 int rval = -1;
1306 uint64_t uniqid;
1307 zoneid_t zoneid = -1;
1308 zlog_t zlog;
1309 zlog_t *zlogp;
1310 zone_cmd_rval_t *rvalp;
1311 size_t rlen = getpagesize(); /* conservative */
1312 fs_callback_t cb;
1313 brand_handle_t bh;
1314 boolean_t wait_shut = B_FALSE;
1315
1316 /* LINTED E_BAD_PTR_CAST_ALIGN */
1317 zargp = (zone_cmd_arg_t *)args;
1318
1319 /*
1333
1334 rvalp = alloca(rlen);
1335 bzero(rvalp, rlen);
1336 zlog.logfile = NULL;
1337 zlog.buflen = zlog.loglen = rlen - sizeof (zone_cmd_rval_t) + 1;
1338 zlog.buf = rvalp->errbuf;
1339 zlog.log = zlog.buf;
1340 /* defer initialization of zlog.locale until after credential check */
1341 zlogp = &zlog;
1342
1343 if (alen != sizeof (zone_cmd_arg_t)) {
1344 /*
1345 * This really shouldn't be happening.
1346 */
1347 zerror(&logsys, B_FALSE, "argument size (%d bytes) "
1348 "unexpected (expected %d bytes)", alen,
1349 sizeof (zone_cmd_arg_t));
1350 goto out;
1351 }
1352 cmd = zargp->cmd;
1353 debug = zargp->debug;
1354 init_status = zargp->status;
1355
1356 if (door_ucred(&uc) != 0) {
1357 zerror(&logsys, B_TRUE, "door_ucred");
1358 goto out;
1359 }
1360 eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
1361 if (ucred_getzoneid(uc) != GLOBAL_ZONEID ||
1362 (eset != NULL ? !priv_ismember(eset, PRIV_SYS_CONFIG) :
1363 ucred_geteuid(uc) != 0)) {
1364 zerror(&logsys, B_FALSE, "insufficient privileges");
1365 goto out;
1366 }
1367
1368 kernelcall = ucred_getpid(uc) == 0;
1369
1370 /*
1371 * This is safe because we only use a zlog_t throughout the
1372 * duration of a door call; i.e., by the time the pointer
1373 * might become invalid, the door call would be over.
|
831 bzero(&a, sizeof (a));
832 (void) strlcpy(a.zone_attr_name, "restart-init",
833 sizeof (a.zone_attr_name));
834
835 if (zonecfg_lookup_attr(snap_hndl, &a) == Z_OK) {
836 if (strcmp(a.zone_attr_value, "false") == 0)
837 return (B_FALSE);
838 return (B_TRUE);
839 }
840
841 return (brand_restartinit(bh));
842 }
843 #endif /* XXX KEBE */
844
845 /*
846 * Get the app-svc-dependent flag for this zone's init process. This is a
847 * zone-specific attr which controls the type of contract we create for the
848 * zone's init. When true, the contract will include CT_PR_EV_EXIT in the fatal
849 * set, so that when any service which is in the same contract exits, the init
850 * application will be terminated.
851 *
852 * We use the global "snap_hndl", so no parameters get passed here.
853 */
854 static boolean_t
855 is_app_svc_dep(void)
856 {
857 struct zone_attrtab a;
858
859 bzero(&a, sizeof (a));
860 (void) strlcpy(a.zone_attr_name, "app-svc-dependent",
861 sizeof (a.zone_attr_name));
862
863 if (zonecfg_lookup_attr(snap_hndl, &a) == Z_OK &&
864 strcmp(a.zone_attr_value, "true") == 0) {
865 return (B_TRUE);
866 }
867
868 return (B_FALSE);
869 }
870
871 static int
872 zone_bootup(zlog_t *zlogp, const char *bootargs, int zstate)
873 {
874 zoneid_t zoneid;
875 struct stat st;
925 "unable to determine branded zone's boot callback");
926 brand_close(bh);
927 goto bad;
928 }
929
930 /* Get the path for this zone's init(1M) (or equivalent) process. */
931 if (brand_get_initname(bh, init_file, MAXPATHLEN) != 0) {
932 zerror(zlogp, B_FALSE,
933 "unable to determine zone's init(1M) location");
934 brand_close(bh);
935 goto bad;
936 }
937
938 /* See if this zone's brand should restart init if it dies. */
939 restart_init = brand_restartinit(bh);
940
941 /*
942 * See if we need to setup contract dependencies between the zone's
943 * primary application and any of its services.
944 */
945 app_svc_dep = is_app_svc_dep();
946
947 brand_close(bh);
948
949 err = filter_bootargs(zlogp, bootargs, nbootargs, init_file);
950 if (err != Z_OK)
951 goto bad;
952
953 assert(init_file[0] != '\0');
954
955 /*
956 * Try to anticipate possible problems: If possible, make sure init is
957 * executable.
958 */
959 if (zone_get_rootpath(zone_name, rpath, sizeof (rpath)) != Z_OK) {
960 zerror(zlogp, B_FALSE, "unable to determine zone root");
961 goto bad;
962 }
963
964 (void) snprintf(initpath, sizeof (initpath), "%s%s", rpath, init_file);
965
966 if (lstat(initpath, &st) == -1) {
967 zerror(zlogp, B_TRUE, "could not stat %s", initpath);
968 goto bad;
969 }
970
971 /*
972 * If a symlink, we'll have to wait and resolve when we boot,
973 * otherwise check the executable bits now.
974 */
975 if ((st.st_mode & S_IFMT) != S_IFLNK && (st.st_mode & S_IXUSR) == 0) {
976 zerror(zlogp, B_FALSE, "%s is not executable", initpath);
977 goto bad;
978 }
979
980 /*
981 * Exclusive stack zones interact with the dlmgmtd running in the
982 * global zone. dladm_zone_boot() tells dlmgmtd that this zone is
983 * booting, and loads its datalinks from the zone's datalink
984 * configuration file.
985 */
986 if (vplat_get_iptype(zlogp, &iptype) == 0 && iptype == ZS_EXCLUSIVE) {
987 status = dladm_zone_boot(dld_handle, zoneid);
988 if (status != DLADM_STATUS_OK) {
989 zerror(zlogp, B_FALSE, "unable to load zone datalinks: "
990 " %s", dladm_status2str(status, errmsg));
991 goto bad;
992 }
993 }
994
995 /*
1283 return;
1284
1285 (void) write(fd, buf, strlen(buf));
1286
1287 (void) close(fd);
1288 }
1289
1290 /*
1291 * The main routine for the door server that deals with zone state transitions.
1292 */
1293 /* ARGSUSED */
1294 static void
1295 server(void *cookie, char *args, size_t alen, door_desc_t *dp,
1296 uint_t n_desc)
1297 {
1298 ucred_t *uc = NULL;
1299 const priv_set_t *eset;
1300
1301 zone_state_t zstate;
1302 zone_cmd_t cmd;
1303 int init_status;
1304 zone_cmd_arg_t *zargp;
1305
1306 boolean_t kernelcall;
1307
1308 int rval = -1;
1309 uint64_t uniqid;
1310 zoneid_t zoneid = -1;
1311 zlog_t zlog;
1312 zlog_t *zlogp;
1313 zone_cmd_rval_t *rvalp;
1314 size_t rlen = getpagesize(); /* conservative */
1315 fs_callback_t cb;
1316 brand_handle_t bh;
1317 boolean_t wait_shut = B_FALSE;
1318
1319 /* LINTED E_BAD_PTR_CAST_ALIGN */
1320 zargp = (zone_cmd_arg_t *)args;
1321
1322 /*
1336
1337 rvalp = alloca(rlen);
1338 bzero(rvalp, rlen);
1339 zlog.logfile = NULL;
1340 zlog.buflen = zlog.loglen = rlen - sizeof (zone_cmd_rval_t) + 1;
1341 zlog.buf = rvalp->errbuf;
1342 zlog.log = zlog.buf;
1343 /* defer initialization of zlog.locale until after credential check */
1344 zlogp = &zlog;
1345
1346 if (alen != sizeof (zone_cmd_arg_t)) {
1347 /*
1348 * This really shouldn't be happening.
1349 */
1350 zerror(&logsys, B_FALSE, "argument size (%d bytes) "
1351 "unexpected (expected %d bytes)", alen,
1352 sizeof (zone_cmd_arg_t));
1353 goto out;
1354 }
1355 cmd = zargp->cmd;
1356 init_status = zargp->status;
1357
1358 if (door_ucred(&uc) != 0) {
1359 zerror(&logsys, B_TRUE, "door_ucred");
1360 goto out;
1361 }
1362 eset = ucred_getprivset(uc, PRIV_EFFECTIVE);
1363 if (ucred_getzoneid(uc) != GLOBAL_ZONEID ||
1364 (eset != NULL ? !priv_ismember(eset, PRIV_SYS_CONFIG) :
1365 ucred_geteuid(uc) != 0)) {
1366 zerror(&logsys, B_FALSE, "insufficient privileges");
1367 goto out;
1368 }
1369
1370 kernelcall = ucred_getpid(uc) == 0;
1371
1372 /*
1373 * This is safe because we only use a zlog_t throughout the
1374 * duration of a door call; i.e., by the time the pointer
1375 * might become invalid, the door call would be over.
|