Print this page
OS-200 need a better mechanism for storing persistent zone_did
Small comment-out because we don't include OS-200
OS-4019 zoneadm is slow with 1000s of zones
OS-3524 in order to support interaction with docker containers, need to be able to connect to stdio for init from GZ
OS-3525 in order to support 'docker logs' need to be able to get stdio from zone to log file
OS-3429 Expose zone's init exit status
OS-399 zone phys. mem. cap should be a rctl and have associated kstat
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/zoneadm/zoneadm.c
+++ new/usr/src/cmd/zoneadm/zoneadm.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 25 * Copyright (c) 2015 by Delphix. All rights reserved.
26 + * Copyright 2015, Joyent Inc. All rights reserved.
26 27 */
27 28
28 29 /*
29 30 * zoneadm is a command interpreter for zone administration. It is all in
30 31 * C (i.e., no lex/yacc), and all the argument passing is argc/argv based.
31 32 * main() calls parse_and_run() which calls cmd_match(), then invokes the
32 33 * appropriate command's handler function. The rest of the program is the
33 34 * handler functions and their helper functions.
34 35 *
35 36 * Some of the helper functions are used largely to simplify I18N: reducing
36 37 * the need for translation notes. This is particularly true of many of
37 38 * the zerror() calls: doing e.g. zerror(gettext("%s failed"), "foo") rather
38 39 * than zerror(gettext("foo failed")) with a translation note indicating
39 40 * that "foo" need not be translated.
40 41 */
41 42
42 43 #include <stdio.h>
43 44 #include <errno.h>
44 45 #include <unistd.h>
45 46 #include <signal.h>
46 47 #include <stdarg.h>
47 48 #include <ctype.h>
48 49 #include <stdlib.h>
49 50 #include <string.h>
50 51 #include <wait.h>
51 52 #include <zone.h>
52 53 #include <priv.h>
53 54 #include <locale.h>
54 55 #include <libintl.h>
55 56 #include <libzonecfg.h>
56 57 #include <bsm/adt.h>
57 58 #include <sys/brand.h>
58 59 #include <sys/param.h>
59 60 #include <sys/types.h>
60 61 #include <sys/stat.h>
61 62 #include <sys/statvfs.h>
62 63 #include <assert.h>
63 64 #include <sys/sockio.h>
64 65 #include <sys/mntent.h>
65 66 #include <limits.h>
66 67 #include <dirent.h>
67 68 #include <uuid/uuid.h>
68 69 #include <fcntl.h>
69 70 #include <door.h>
70 71 #include <macros.h>
71 72 #include <libgen.h>
72 73 #include <fnmatch.h>
73 74 #include <sys/modctl.h>
74 75 #include <libbrand.h>
75 76 #include <libscf.h>
76 77 #include <procfs.h>
77 78 #include <strings.h>
78 79 #include <pool.h>
79 80 #include <sys/pool.h>
80 81 #include <sys/priocntl.h>
81 82 #include <sys/fsspriocntl.h>
82 83 #include <libdladm.h>
83 84 #include <libdllink.h>
84 85 #include <pwd.h>
85 86 #include <auth_list.h>
86 87 #include <auth_attr.h>
87 88 #include <secdb.h>
88 89
89 90 #include "zoneadm.h"
90 91
91 92 #define MAXARGS 8
92 93 #define SOURCE_ZONE (CMD_MAX + 1)
93 94
|
↓ open down ↓ |
58 lines elided |
↑ open up ↑ |
94 95 /* Reflects kernel zone entries */
95 96 typedef struct zone_entry {
96 97 zoneid_t zid;
97 98 char zname[ZONENAME_MAX];
98 99 char *zstate_str;
99 100 zone_state_t zstate_num;
100 101 char zbrand[MAXNAMELEN];
101 102 char zroot[MAXPATHLEN];
102 103 char zuuid[UUID_PRINTABLE_STRING_LENGTH];
103 104 zone_iptype_t ziptype;
105 + zoneid_t zdid;
104 106 } zone_entry_t;
105 107
106 108 #define CLUSTER_BRAND_NAME "cluster"
107 109
108 110 static zone_entry_t *zents;
109 111 static size_t nzents;
110 112
111 113 #define LOOPBACK_IF "lo0"
112 114 #define SOCKET_AF(af) (((af) == AF_UNSPEC) ? AF_INET : (af))
113 115
114 116 struct net_if {
115 117 char *name;
116 118 int af;
117 119 };
118 120
119 121 /* 0755 is the default directory mode. */
120 122 #define DEFAULT_DIR_MODE \
121 123 (S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)
122 124
123 125 struct cmd {
124 126 uint_t cmd_num; /* command number */
125 127 char *cmd_name; /* command name */
126 128 char *short_usage; /* short form help */
127 129 int (*handler)(int argc, char *argv[]); /* function to call */
128 130
129 131 };
130 132
131 133 #define SHELP_HELP "help"
132 134 #define SHELP_BOOT "boot [-- boot_arguments]"
133 135 #define SHELP_HALT "halt"
134 136 #define SHELP_READY "ready"
135 137 #define SHELP_SHUTDOWN "shutdown [-r [-- boot_arguments]]"
136 138 #define SHELP_REBOOT "reboot [-- boot_arguments]"
137 139 #define SHELP_LIST "list [-cipv]"
138 140 #define SHELP_VERIFY "verify"
139 141 #define SHELP_INSTALL "install [brand-specific args]"
140 142 #define SHELP_UNINSTALL "uninstall [-F] [brand-specific args]"
141 143 #define SHELP_CLONE "clone [-m method] [-s <ZFS snapshot>] "\
142 144 "[brand-specific args] zonename"
143 145 #define SHELP_MOVE "move zonepath"
144 146 #define SHELP_DETACH "detach [-n] [brand-specific args]"
145 147 #define SHELP_ATTACH "attach [-F] [-n <path>] [brand-specific args]"
146 148 #define SHELP_MARK "mark incomplete"
147 149
148 150 #define EXEC_PREFIX "exec "
149 151 #define EXEC_LEN (strlen(EXEC_PREFIX))
150 152 #define RMCOMMAND "/usr/bin/rm -rf"
151 153
152 154 static int cleanup_zonepath(char *, boolean_t);
153 155
154 156
155 157 static int help_func(int argc, char *argv[]);
156 158 static int ready_func(int argc, char *argv[]);
157 159 static int boot_func(int argc, char *argv[]);
158 160 static int shutdown_func(int argc, char *argv[]);
159 161 static int halt_func(int argc, char *argv[]);
160 162 static int reboot_func(int argc, char *argv[]);
161 163 static int list_func(int argc, char *argv[]);
162 164 static int verify_func(int argc, char *argv[]);
163 165 static int install_func(int argc, char *argv[]);
164 166 static int uninstall_func(int argc, char *argv[]);
165 167 static int mount_func(int argc, char *argv[]);
166 168 static int unmount_func(int argc, char *argv[]);
167 169 static int clone_func(int argc, char *argv[]);
168 170 static int move_func(int argc, char *argv[]);
169 171 static int detach_func(int argc, char *argv[]);
170 172 static int attach_func(int argc, char *argv[]);
171 173 static int mark_func(int argc, char *argv[]);
172 174 static int apply_func(int argc, char *argv[]);
173 175 static int sysboot_func(int argc, char *argv[]);
174 176 static int sanity_check(char *zone, int cmd_num, boolean_t running,
175 177 boolean_t unsafe_when_running, boolean_t force);
176 178 static int cmd_match(char *cmd);
177 179 static int verify_details(int, char *argv[]);
178 180 static int verify_brand(zone_dochandle_t, int, char *argv[]);
179 181 static int invoke_brand_handler(int, char *argv[]);
180 182
181 183 static struct cmd cmdtab[] = {
182 184 { CMD_HELP, "help", SHELP_HELP, help_func },
183 185 { CMD_BOOT, "boot", SHELP_BOOT, boot_func },
184 186 { CMD_HALT, "halt", SHELP_HALT, halt_func },
185 187 { CMD_READY, "ready", SHELP_READY, ready_func },
186 188 { CMD_SHUTDOWN, "shutdown", SHELP_SHUTDOWN, shutdown_func },
187 189 { CMD_REBOOT, "reboot", SHELP_REBOOT, reboot_func },
188 190 { CMD_LIST, "list", SHELP_LIST, list_func },
189 191 { CMD_VERIFY, "verify", SHELP_VERIFY, verify_func },
190 192 { CMD_INSTALL, "install", SHELP_INSTALL, install_func },
191 193 { CMD_UNINSTALL, "uninstall", SHELP_UNINSTALL,
192 194 uninstall_func },
193 195 /* mount and unmount are private commands for admin/install */
194 196 { CMD_MOUNT, "mount", NULL, mount_func },
195 197 { CMD_UNMOUNT, "unmount", NULL, unmount_func },
196 198 { CMD_CLONE, "clone", SHELP_CLONE, clone_func },
197 199 { CMD_MOVE, "move", SHELP_MOVE, move_func },
198 200 { CMD_DETACH, "detach", SHELP_DETACH, detach_func },
199 201 { CMD_ATTACH, "attach", SHELP_ATTACH, attach_func },
200 202 { CMD_MARK, "mark", SHELP_MARK, mark_func },
201 203 { CMD_APPLY, "apply", NULL, apply_func },
202 204 { CMD_SYSBOOT, "sysboot", NULL, sysboot_func }
203 205 };
204 206
205 207 /* global variables */
206 208
207 209 /* set early in main(), never modified thereafter, used all over the place */
208 210 static char *execname;
209 211 static char target_brand[MAXNAMELEN];
210 212 static char default_brand[MAXPATHLEN];
211 213 static char *locale;
212 214 char *target_zone;
213 215 static char *target_uuid;
214 216 char *username;
215 217
216 218 char *
217 219 cmd_to_str(int cmd_num)
218 220 {
219 221 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
220 222 return (cmdtab[cmd_num].cmd_name);
221 223 }
222 224
223 225 /* This is a separate function because of gettext() wrapping. */
224 226 static char *
225 227 long_help(int cmd_num)
226 228 {
227 229 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
228 230 switch (cmd_num) {
229 231 case CMD_HELP:
230 232 return (gettext("Print usage message."));
231 233 case CMD_BOOT:
232 234 return (gettext("Activates (boots) specified zone. See "
233 235 "zoneadm(1m) for valid boot\n\targuments."));
234 236 case CMD_HALT:
235 237 return (gettext("Halts specified zone, bypassing shutdown "
236 238 "scripts and removing runtime\n\tresources of the zone."));
237 239 case CMD_READY:
238 240 return (gettext("Prepares a zone for running applications but "
239 241 "does not start any user\n\tprocesses in the zone."));
240 242 case CMD_SHUTDOWN:
241 243 return (gettext("Gracefully shutdown the zone or reboot if "
242 244 "the '-r' option is specified.\n\t"
243 245 "See zoneadm(1m) for valid boot arguments."));
244 246 case CMD_REBOOT:
245 247 return (gettext("Restarts the zone (equivalent to a halt / "
246 248 "boot sequence).\n\tFails if the zone is not active. "
247 249 "See zoneadm(1m) for valid boot\n\targuments."));
248 250 case CMD_LIST:
249 251 return (gettext("Lists the current zones, or a "
250 252 "specific zone if indicated. By default,\n\tall "
251 253 "running zones are listed, though this can be "
252 254 "expanded to all\n\tinstalled zones with the -i "
253 255 "option or all configured zones with the\n\t-c "
254 256 "option. When used with the general -z <zone> and/or -u "
255 257 "<uuid-match>\n\toptions, lists only the specified "
256 258 "matching zone, but lists it\n\tregardless of its state, "
257 259 "and the -i and -c options are disallowed. The\n\t-v "
258 260 "option can be used to display verbose information: zone "
259 261 "name, id,\n\tcurrent state, root directory and options. "
260 262 "The -p option can be used\n\tto request machine-parsable "
261 263 "output. The -v and -p options are mutually\n\texclusive."
262 264 " If neither -v nor -p is used, just the zone name is "
263 265 "listed."));
264 266 case CMD_VERIFY:
265 267 return (gettext("Check to make sure the configuration "
266 268 "can safely be instantiated\n\ton the machine: "
267 269 "physical network interfaces exist, etc."));
268 270 case CMD_INSTALL:
269 271 return (gettext("Install the configuration on to the system. "
270 272 "All arguments are passed to the brand installation "
271 273 "function;\n\tsee brands(5) for more information."));
272 274 case CMD_UNINSTALL:
273 275 return (gettext("Uninstall the configuration from the system. "
274 276 "The -F flag can be used\n\tto force the action. All "
275 277 "other arguments are passed to the brand\n\tuninstall "
276 278 "function; see brands(5) for more information."));
277 279 case CMD_CLONE:
278 280 return (gettext("Clone the installation of another zone. "
279 281 "The -m option can be used to\n\tspecify 'copy' which "
280 282 "forces a copy of the source zone. The -s option\n\t"
281 283 "can be used to specify the name of a ZFS snapshot "
282 284 "that was taken from\n\ta previous clone command. The "
283 285 "snapshot will be used as the source\n\tinstead of "
284 286 "creating a new ZFS snapshot. All other arguments are "
285 287 "passed\n\tto the brand clone function; see "
286 288 "brands(5) for more information."));
287 289 case CMD_MOVE:
288 290 return (gettext("Move the zone to a new zonepath."));
289 291 case CMD_DETACH:
290 292 return (gettext("Detach the zone from the system. The zone "
291 293 "state is changed to\n\t'configured' (but the files under "
292 294 "the zonepath are untouched).\n\tThe zone can subsequently "
293 295 "be attached, or can be moved to another\n\tsystem and "
294 296 "attached there. The -n option can be used to specify\n\t"
295 297 "'no-execute' mode. When -n is used, the information "
296 298 "needed to attach\n\tthe zone is sent to standard output "
297 299 "but the zone is not actually\n\tdetached. All other "
298 300 "arguments are passed to the brand detach function;\n\tsee "
299 301 "brands(5) for more information."));
300 302 case CMD_ATTACH:
301 303 return (gettext("Attach the zone to the system. The zone "
302 304 "state must be 'configured'\n\tprior to attach; upon "
303 305 "successful completion, the zone state will be\n\t"
304 306 "'installed'. The system software on the current "
305 307 "system must be\n\tcompatible with the software on the "
306 308 "zone's original system.\n\tSpecify -F "
307 309 "to force the attach and skip software compatibility "
308 310 "tests.\n\tThe -n option can be used to specify "
309 311 "'no-execute' mode. When -n is\n\tused, the information "
310 312 "needed to attach the zone is read from the\n\tspecified "
311 313 "path and the configuration is only validated. The path "
312 314 "can\n\tbe '-' to specify standard input. The -F and -n "
313 315 "options are mutually\n\texclusive. All other arguments "
314 316 "are passed to the brand attach\n\tfunction; see "
315 317 "brands(5) for more information."));
316 318 case CMD_MARK:
317 319 return (gettext("Set the state of the zone. This can be used "
318 320 "to force the zone\n\tstate to 'incomplete' "
319 321 "administratively if some activity has rendered\n\tthe "
320 322 "zone permanently unusable. The only valid state that "
321 323 "may be\n\tspecified is 'incomplete'."));
322 324 default:
323 325 return ("");
324 326 }
325 327 /* NOTREACHED */
326 328 return (NULL);
327 329 }
328 330
329 331 /*
330 332 * Called with explicit B_TRUE when help is explicitly requested, B_FALSE for
331 333 * unexpected errors.
332 334 */
333 335
334 336 static int
335 337 usage(boolean_t explicit)
336 338 {
337 339 int i;
338 340 FILE *fd = explicit ? stdout : stderr;
339 341
340 342 (void) fprintf(fd, "%s:\t%s help\n", gettext("usage"), execname);
341 343 (void) fprintf(fd, "\t%s [-z <zone>] [-u <uuid-match>] list\n",
342 344 execname);
343 345 (void) fprintf(fd, "\t%s {-z <zone>|-u <uuid-match>} <%s>\n", execname,
344 346 gettext("subcommand"));
345 347 (void) fprintf(fd, "\n%s:\n\n", gettext("Subcommands"));
346 348 for (i = CMD_MIN; i <= CMD_MAX; i++) {
347 349 if (cmdtab[i].short_usage == NULL)
348 350 continue;
349 351 (void) fprintf(fd, "%s\n", cmdtab[i].short_usage);
350 352 if (explicit)
351 353 (void) fprintf(fd, "\t%s\n\n", long_help(i));
352 354 }
353 355 if (!explicit)
354 356 (void) fputs("\n", fd);
355 357 return (Z_USAGE);
356 358 }
357 359
358 360 static void
359 361 sub_usage(char *short_usage, int cmd_num)
360 362 {
361 363 (void) fprintf(stderr, "%s:\t%s\n", gettext("usage"), short_usage);
362 364 (void) fprintf(stderr, "\t%s\n", long_help(cmd_num));
363 365 }
364 366
365 367 /*
366 368 * zperror() is like perror(3c) except that this also prints the executable
367 369 * name at the start of the message, and takes a boolean indicating whether
368 370 * to call libc'c strerror() or that from libzonecfg.
369 371 */
370 372
371 373 void
372 374 zperror(const char *str, boolean_t zonecfg_error)
373 375 {
374 376 (void) fprintf(stderr, "%s: %s: %s\n", execname, str,
375 377 zonecfg_error ? zonecfg_strerror(errno) : strerror(errno));
376 378 }
377 379
378 380 /*
379 381 * zperror2() is very similar to zperror() above, except it also prints a
380 382 * supplied zone name after the executable.
381 383 *
382 384 * All current consumers of this function want libzonecfg's strerror() rather
383 385 * than libc's; if this ever changes, this function can be made more generic
384 386 * like zperror() above.
385 387 */
386 388
387 389 void
388 390 zperror2(const char *zone, const char *str)
389 391 {
390 392 (void) fprintf(stderr, "%s: %s: %s: %s\n", execname, zone, str,
391 393 zonecfg_strerror(errno));
392 394 }
393 395
394 396 /* PRINTFLIKE1 */
395 397 void
396 398 zerror(const char *fmt, ...)
397 399 {
398 400 va_list alist;
399 401
400 402 va_start(alist, fmt);
401 403 (void) fprintf(stderr, "%s: ", execname);
402 404 if (target_zone != NULL)
403 405 (void) fprintf(stderr, "zone '%s': ", target_zone);
404 406 (void) vfprintf(stderr, fmt, alist);
405 407 (void) fprintf(stderr, "\n");
406 408 va_end(alist);
407 409 }
408 410
409 411 static void *
410 412 safe_calloc(size_t nelem, size_t elsize)
411 413 {
412 414 void *r = calloc(nelem, elsize);
413 415
414 416 if (r == NULL) {
415 417 zerror(gettext("failed to allocate %lu bytes: %s"),
416 418 (ulong_t)nelem * elsize, strerror(errno));
417 419 exit(Z_ERR);
418 420 }
419 421 return (r);
420 422 }
421 423
422 424 static void
423 425 zone_print(zone_entry_t *zent, boolean_t verbose, boolean_t parsable)
424 426 {
425 427 static boolean_t firsttime = B_TRUE;
426 428 char *ip_type_str;
427 429
428 430 /* Skip a zone that shutdown while we were collecting data. */
429 431 if (zent->zname[0] == '\0')
430 432 return;
431 433
432 434 if (zent->ziptype == ZS_EXCLUSIVE)
433 435 ip_type_str = "excl";
434 436 else
435 437 ip_type_str = "shared";
|
↓ open down ↓ |
322 lines elided |
↑ open up ↑ |
436 438
437 439 assert(!(verbose && parsable));
438 440 if (firsttime && verbose) {
439 441 firsttime = B_FALSE;
440 442 (void) printf("%*s %-16s %-10s %-30s %-8s %-6s\n",
441 443 ZONEID_WIDTH, "ID", "NAME", "STATUS", "PATH", "BRAND",
442 444 "IP");
443 445 }
444 446 if (!verbose) {
445 447 char *cp, *clim;
448 + char zdid[80];
446 449
447 450 if (!parsable) {
448 451 (void) printf("%s\n", zent->zname);
449 452 return;
450 453 }
451 454 if (zent->zid == ZONE_ID_UNDEFINED)
452 455 (void) printf("-");
453 456 else
454 457 (void) printf("%lu", zent->zid);
455 458 (void) printf(":%s:%s:", zent->zname, zent->zstate_str);
456 459 cp = zent->zroot;
457 460 while ((clim = strchr(cp, ':')) != NULL) {
458 461 (void) printf("%.*s\\:", clim - cp, cp);
459 462 cp = clim + 1;
460 463 }
461 - (void) printf("%s:%s:%s:%s\n", cp, zent->zuuid, zent->zbrand,
462 - ip_type_str);
464 + if (zent->zdid == -1)
465 + zdid[0] = '\0';
466 + else
467 + (void) snprintf(zdid, sizeof (zdid), "%d", zent->zdid);
468 + (void) printf("%s:%s:%s:%s:%s\n", cp, zent->zuuid, zent->zbrand,
469 + ip_type_str, zdid);
463 470 return;
464 471 }
465 472 if (zent->zstate_str != NULL) {
466 473 if (zent->zid == ZONE_ID_UNDEFINED)
467 474 (void) printf("%*s", ZONEID_WIDTH, "-");
468 475 else
469 476 (void) printf("%*lu", ZONEID_WIDTH, zent->zid);
470 477 (void) printf(" %-16s %-10s %-30s %-8s %-6s\n", zent->zname,
471 478 zent->zstate_str, zent->zroot, zent->zbrand, ip_type_str);
472 479 }
473 480 }
474 481
475 482 static int
476 483 lookup_zone_info(const char *zone_name, zoneid_t zid, zone_entry_t *zent)
477 484 {
478 485 char root[MAXPATHLEN], *cp;
479 486 int err;
480 487 uuid_t uuid;
481 488 zone_dochandle_t handle;
482 489
483 490 (void) strlcpy(zent->zname, zone_name, sizeof (zent->zname));
484 491 (void) strlcpy(zent->zroot, "???", sizeof (zent->zroot));
485 492 (void) strlcpy(zent->zbrand, "???", sizeof (zent->zbrand));
486 493 zent->zstate_str = "???";
487 494
488 495 zent->zid = zid;
489 496
490 497 if (zonecfg_get_uuid(zone_name, uuid) == Z_OK &&
491 498 !uuid_is_null(uuid))
492 499 uuid_unparse(uuid, zent->zuuid);
493 500 else
494 501 zent->zuuid[0] = '\0';
495 502
496 503 /*
497 504 * For labeled zones which query the zone path of lower-level
498 505 * zones, the path needs to be adjusted to drop the final
499 506 * "/root" component. This adjusted path is then useful
500 507 * for reading down any exported directories from the
501 508 * lower-level zone.
502 509 */
503 510 if (is_system_labeled() && zent->zid != ZONE_ID_UNDEFINED) {
504 511 if (zone_getattr(zent->zid, ZONE_ATTR_ROOT, zent->zroot,
505 512 sizeof (zent->zroot)) == -1) {
506 513 zperror2(zent->zname,
507 514 gettext("could not get zone path."));
508 515 return (Z_ERR);
509 516 }
510 517 cp = zent->zroot + strlen(zent->zroot) - 5;
511 518 if (cp > zent->zroot && strcmp(cp, "/root") == 0)
512 519 *cp = 0;
513 520 } else {
514 521 if ((err = zone_get_zonepath(zent->zname, root,
515 522 sizeof (root))) != Z_OK) {
516 523 errno = err;
517 524 zperror2(zent->zname,
518 525 gettext("could not get zone path."));
519 526 return (Z_ERR);
520 527 }
521 528 (void) strlcpy(zent->zroot, root, sizeof (zent->zroot));
522 529 }
523 530
524 531 if ((err = zone_get_state(zent->zname, &zent->zstate_num)) != Z_OK) {
525 532 errno = err;
526 533 zperror2(zent->zname, gettext("could not get state"));
527 534 return (Z_ERR);
528 535 }
529 536 zent->zstate_str = zone_state_str(zent->zstate_num);
530 537
531 538 /*
532 539 * A zone's brand is only available in the .xml file describing it,
533 540 * which is only visible to the global zone. This causes
534 541 * zone_get_brand() to fail when called from within a non-global
535 542 * zone. Fortunately we only do this on labeled systems, where we
536 543 * know all zones are native.
537 544 */
538 545 if (getzoneid() != GLOBAL_ZONEID) {
539 546 assert(is_system_labeled() != 0);
540 547 (void) strlcpy(zent->zbrand, default_brand,
541 548 sizeof (zent->zbrand));
542 549 } else if (zone_get_brand(zent->zname, zent->zbrand,
543 550 sizeof (zent->zbrand)) != Z_OK) {
544 551 zperror2(zent->zname, gettext("could not get brand name"));
545 552 return (Z_ERR);
546 553 }
|
↓ open down ↓ |
74 lines elided |
↑ open up ↑ |
547 554
548 555 /*
549 556 * Get ip type of the zone.
550 557 * Note for global zone, ZS_SHARED is set always.
551 558 */
552 559 if (zid == GLOBAL_ZONEID) {
553 560 zent->ziptype = ZS_SHARED;
554 561 return (Z_OK);
555 562 }
556 563
564 + if ((handle = zonecfg_init_handle()) == NULL) {
565 + zperror2(zent->zname, gettext("could not init handle"));
566 + return (Z_ERR);
567 + }
568 + if ((err = zonecfg_get_handle(zent->zname, handle)) != Z_OK) {
569 + zperror2(zent->zname, gettext("could not get handle"));
570 + zonecfg_fini_handle(handle);
571 + return (Z_ERR);
572 + }
573 +
574 + if ((err = zonecfg_get_iptype(handle, &zent->ziptype)) != Z_OK) {
575 + zperror2(zent->zname, gettext("could not get ip-type"));
576 + zonecfg_fini_handle(handle);
577 + return (Z_ERR);
578 + }
579 +
557 580 /*
558 581 * There is a race condition where the zone could boot while
559 582 * we're walking the index file. In this case the zone state
560 583 * could be seen as running from the call above, but the zoneid
561 584 * would be undefined.
562 585 *
563 586 * There is also a race condition where the zone could shutdown after
564 587 * we got its running state above. This is also not an error and
565 588 * we fall back to getting the ziptype from the zone configuration.
566 589 */
567 590 if (zent->zstate_num == ZONE_STATE_RUNNING &&
568 591 zid != ZONE_ID_UNDEFINED) {
569 592 ushort_t flags;
570 593
571 594 if (zone_getattr(zid, ZONE_ATTR_FLAGS, &flags,
572 595 sizeof (flags)) >= 0) {
573 596 if (flags & ZF_NET_EXCL)
574 597 zent->ziptype = ZS_EXCLUSIVE;
575 598 else
576 599 zent->ziptype = ZS_SHARED;
577 - return (Z_OK);
578 600 }
579 601 }
580 602
581 - if ((handle = zonecfg_init_handle()) == NULL) {
582 - zperror2(zent->zname, gettext("could not init handle"));
583 - return (Z_ERR);
584 - }
585 - if ((err = zonecfg_get_handle(zent->zname, handle)) != Z_OK) {
586 - zperror2(zent->zname, gettext("could not get handle"));
587 - zonecfg_fini_handle(handle);
588 - return (Z_ERR);
589 - }
603 + zent->zdid = zonecfg_get_did(handle);
590 604
591 - if ((err = zonecfg_get_iptype(handle, &zent->ziptype)) != Z_OK) {
592 - zperror2(zent->zname, gettext("could not get ip-type"));
593 - zonecfg_fini_handle(handle);
594 - return (Z_ERR);
595 - }
596 605 zonecfg_fini_handle(handle);
597 606
598 607 return (Z_OK);
599 608 }
600 609
601 610 /*
602 611 * fetch_zents() calls zone_list(2) to find out how many zones are running
603 612 * (which is stored in the global nzents), then calls zone_list(2) again
604 613 * to fetch the list of running zones (stored in the global zents). This
605 614 * function may be called multiple times, so if zents is already set, we
606 615 * return immediately to save work.
607 616 *
608 617 * Note that the data about running zones can change while this function
609 618 * is running, so its possible that the list of zones will have empty slots
610 619 * at the end.
611 620 */
612 621
613 622 static int
614 623 fetch_zents(void)
615 624 {
616 625 zoneid_t *zids = NULL;
617 626 uint_t nzents_saved;
618 627 int i, retv;
619 628 FILE *fp;
620 629 boolean_t inaltroot;
621 630 zone_entry_t *zentp;
622 631 const char *altroot;
623 632
624 633 if (nzents > 0)
625 634 return (Z_OK);
626 635
627 636 if (zone_list(NULL, &nzents) != 0) {
628 637 zperror(gettext("failed to get zoneid list"), B_FALSE);
629 638 return (Z_ERR);
630 639 }
631 640
632 641 again:
633 642 if (nzents == 0)
634 643 return (Z_OK);
635 644
636 645 zids = safe_calloc(nzents, sizeof (zoneid_t));
637 646 nzents_saved = nzents;
638 647
639 648 if (zone_list(zids, &nzents) != 0) {
640 649 zperror(gettext("failed to get zone list"), B_FALSE);
641 650 free(zids);
642 651 return (Z_ERR);
643 652 }
644 653 if (nzents != nzents_saved) {
645 654 /* list changed, try again */
646 655 free(zids);
647 656 goto again;
648 657 }
649 658
650 659 zents = safe_calloc(nzents, sizeof (zone_entry_t));
651 660
652 661 inaltroot = zonecfg_in_alt_root();
653 662 if (inaltroot) {
654 663 fp = zonecfg_open_scratch("", B_FALSE);
655 664 altroot = zonecfg_get_root();
656 665 } else {
657 666 fp = NULL;
658 667 }
659 668 zentp = zents;
660 669 retv = Z_OK;
661 670 for (i = 0; i < nzents; i++) {
662 671 char name[ZONENAME_MAX];
663 672 char altname[ZONENAME_MAX];
664 673 char rev_altroot[MAXPATHLEN];
665 674
666 675 if (getzonenamebyid(zids[i], name, sizeof (name)) < 0) {
667 676 /*
668 677 * There is a race condition where the zone may have
669 678 * shutdown since we retrieved the number of running
670 679 * zones above. This is not an error, there will be
671 680 * an empty slot at the end of the list.
672 681 */
673 682 continue;
674 683 }
675 684 if (zonecfg_is_scratch(name)) {
676 685 /* Ignore scratch zones by default */
677 686 if (!inaltroot)
678 687 continue;
679 688 if (fp == NULL ||
680 689 zonecfg_reverse_scratch(fp, name, altname,
681 690 sizeof (altname), rev_altroot,
682 691 sizeof (rev_altroot)) == -1) {
683 692 zerror(gettext("could not resolve scratch "
684 693 "zone %s"), name);
685 694 retv = Z_ERR;
686 695 continue;
687 696 }
688 697 /* Ignore zones in other alternate roots */
689 698 if (strcmp(rev_altroot, altroot) != 0)
690 699 continue;
691 700 (void) strcpy(name, altname);
692 701 } else {
693 702 /* Ignore non-scratch when in an alternate root */
694 703 if (inaltroot && strcmp(name, GLOBAL_ZONENAME) != 0)
695 704 continue;
696 705 }
697 706 if (lookup_zone_info(name, zids[i], zentp) != Z_OK) {
698 707 /*
699 708 * There is a race condition where the zone may have
700 709 * shutdown since we retrieved the number of running
701 710 * zones above. This is not an error, there will be
702 711 * an empty slot at the end of the list.
703 712 */
704 713 continue;
705 714 }
706 715 zentp++;
707 716 }
708 717 nzents = zentp - zents;
709 718 if (fp != NULL)
710 719 zonecfg_close_scratch(fp);
711 720
712 721 free(zids);
713 722 return (retv);
714 723 }
715 724
716 725 static int
717 726 zone_print_list(zone_state_t min_state, boolean_t verbose, boolean_t parsable)
718 727 {
719 728 int i;
720 729 zone_entry_t zent;
721 730 FILE *cookie;
722 731 char *name;
723 732
724 733 /*
725 734 * First get the list of running zones from the kernel and print them.
726 735 * If that is all we need, then return.
727 736 */
728 737 if ((i = fetch_zents()) != Z_OK) {
729 738 /*
730 739 * No need for error messages; fetch_zents() has already taken
731 740 * care of this.
732 741 */
733 742 return (i);
734 743 }
735 744 for (i = 0; i < nzents; i++)
736 745 zone_print(&zents[i], verbose, parsable);
737 746 if (min_state >= ZONE_STATE_RUNNING)
738 747 return (Z_OK);
739 748 /*
740 749 * Next, get the full list of zones from the configuration, skipping
741 750 * any we have already printed.
742 751 */
743 752 cookie = setzoneent();
744 753 while ((name = getzoneent(cookie)) != NULL) {
745 754 for (i = 0; i < nzents; i++) {
746 755 if (strcmp(zents[i].zname, name) == 0)
747 756 break;
748 757 }
749 758 if (i < nzents) {
750 759 free(name);
751 760 continue;
752 761 }
753 762 if (lookup_zone_info(name, ZONE_ID_UNDEFINED, &zent) != Z_OK) {
754 763 free(name);
755 764 continue;
756 765 }
757 766 free(name);
758 767 if (zent.zstate_num >= min_state)
|
↓ open down ↓ |
153 lines elided |
↑ open up ↑ |
759 768 zone_print(&zent, verbose, parsable);
760 769 }
761 770 endzoneent(cookie);
762 771 return (Z_OK);
763 772 }
764 773
765 774 /*
766 775 * Retrieve a zone entry by name. Returns NULL if no such zone exists.
767 776 */
768 777 static zone_entry_t *
769 -lookup_running_zone(const char *str)
778 +lookup_running_zone(const char *name)
770 779 {
771 - int i;
780 + zoneid_t zid;
781 + zone_entry_t *zent;
772 782
773 - if (fetch_zents() != Z_OK)
783 + if ((zid = getzoneidbyname(name)) == -1)
774 784 return (NULL);
775 785
776 - for (i = 0; i < nzents; i++) {
777 - if (strcmp(str, zents[i].zname) == 0)
778 - return (&zents[i]);
786 + if ((zent = malloc(sizeof (zone_entry_t))) == NULL)
787 + return (NULL);
788 +
789 + if (lookup_zone_info(name, zid, zent) != Z_OK) {
790 + free(zent);
791 + return (NULL);
779 792 }
780 - return (NULL);
793 + return (zent);
781 794 }
782 795
783 796 /*
784 797 * Check a bit in a mode_t: if on is B_TRUE, that bit should be on; if
785 798 * B_FALSE, it should be off. Return B_TRUE if the mode is bad (incorrect).
786 799 */
787 800 static boolean_t
788 801 bad_mode_bit(mode_t mode, mode_t bit, boolean_t on, char *file)
789 802 {
790 803 char *str;
791 804
792 805 assert(bit == S_IRUSR || bit == S_IWUSR || bit == S_IXUSR ||
793 806 bit == S_IRGRP || bit == S_IWGRP || bit == S_IXGRP ||
794 807 bit == S_IROTH || bit == S_IWOTH || bit == S_IXOTH);
795 808 /*
796 809 * TRANSLATION_NOTE
797 810 * The strings below will be used as part of a larger message,
798 811 * either:
799 812 * (file name) must be (owner|group|world) (read|writ|execut)able
800 813 * or
801 814 * (file name) must not be (owner|group|world) (read|writ|execut)able
802 815 */
803 816 switch (bit) {
804 817 case S_IRUSR:
805 818 str = gettext("owner readable");
806 819 break;
807 820 case S_IWUSR:
808 821 str = gettext("owner writable");
809 822 break;
810 823 case S_IXUSR:
811 824 str = gettext("owner executable");
812 825 break;
813 826 case S_IRGRP:
814 827 str = gettext("group readable");
815 828 break;
816 829 case S_IWGRP:
817 830 str = gettext("group writable");
818 831 break;
819 832 case S_IXGRP:
820 833 str = gettext("group executable");
821 834 break;
822 835 case S_IROTH:
823 836 str = gettext("world readable");
824 837 break;
825 838 case S_IWOTH:
826 839 str = gettext("world writable");
827 840 break;
828 841 case S_IXOTH:
829 842 str = gettext("world executable");
830 843 break;
831 844 }
832 845 if ((mode & bit) == (on ? 0 : bit)) {
833 846 /*
834 847 * TRANSLATION_NOTE
835 848 * The first parameter below is a file name; the second
836 849 * is one of the "(owner|group|world) (read|writ|execut)able"
837 850 * strings from above.
838 851 */
839 852 /*
840 853 * The code below could be simplified but not in a way
841 854 * that would easily translate to non-English locales.
842 855 */
843 856 if (on) {
844 857 (void) fprintf(stderr, gettext("%s must be %s.\n"),
845 858 file, str);
846 859 } else {
847 860 (void) fprintf(stderr, gettext("%s must not be %s.\n"),
848 861 file, str);
849 862 }
850 863 return (B_TRUE);
851 864 }
852 865 return (B_FALSE);
853 866 }
854 867
855 868 /*
856 869 * We want to make sure that no zone has its zone path as a child node
857 870 * (in the directory sense) of any other. We do that by comparing this
858 871 * zone's path to the path of all other (non-global) zones. The comparison
859 872 * in each case is simple: add '/' to the end of the path, then do a
860 873 * strncmp() of the two paths, using the length of the shorter one.
861 874 */
862 875
863 876 static int
864 877 crosscheck_zonepaths(char *path)
865 878 {
866 879 char rpath[MAXPATHLEN]; /* resolved path */
867 880 char path_copy[MAXPATHLEN]; /* copy of original path */
868 881 char rpath_copy[MAXPATHLEN]; /* copy of original rpath */
869 882 struct zoneent *ze;
870 883 int res, err;
871 884 FILE *cookie;
872 885
873 886 cookie = setzoneent();
874 887 while ((ze = getzoneent_private(cookie)) != NULL) {
875 888 /* Skip zones which are not installed. */
876 889 if (ze->zone_state < ZONE_STATE_INSTALLED) {
877 890 free(ze);
878 891 continue;
879 892 }
880 893 /* Skip the global zone and the current target zone. */
881 894 if (strcmp(ze->zone_name, GLOBAL_ZONENAME) == 0 ||
882 895 strcmp(ze->zone_name, target_zone) == 0) {
883 896 free(ze);
884 897 continue;
885 898 }
886 899 if (strlen(ze->zone_path) == 0) {
887 900 /* old index file without path, fall back */
888 901 if ((err = zone_get_zonepath(ze->zone_name,
889 902 ze->zone_path, sizeof (ze->zone_path))) != Z_OK) {
890 903 errno = err;
891 904 zperror2(ze->zone_name,
892 905 gettext("could not get zone path"));
893 906 free(ze);
894 907 continue;
895 908 }
896 909 }
897 910 (void) snprintf(path_copy, sizeof (path_copy), "%s%s",
898 911 zonecfg_get_root(), ze->zone_path);
899 912 res = resolvepath(path_copy, rpath, sizeof (rpath));
900 913 if (res == -1) {
901 914 if (errno != ENOENT) {
902 915 zperror(path_copy, B_FALSE);
903 916 free(ze);
904 917 return (Z_ERR);
905 918 }
906 919 (void) printf(gettext("WARNING: zone %s is installed, "
907 920 "but its %s %s does not exist.\n"), ze->zone_name,
908 921 "zonepath", path_copy);
909 922 free(ze);
910 923 continue;
911 924 }
912 925 rpath[res] = '\0';
913 926 (void) snprintf(path_copy, sizeof (path_copy), "%s/", path);
914 927 (void) snprintf(rpath_copy, sizeof (rpath_copy), "%s/", rpath);
915 928 if (strncmp(path_copy, rpath_copy,
916 929 min(strlen(path_copy), strlen(rpath_copy))) == 0) {
917 930 /*
918 931 * TRANSLATION_NOTE
919 932 * zonepath is a literal that should not be translated.
920 933 */
921 934 (void) fprintf(stderr, gettext("%s zonepath (%s) and "
922 935 "%s zonepath (%s) overlap.\n"),
923 936 target_zone, path, ze->zone_name, rpath);
924 937 free(ze);
925 938 return (Z_ERR);
926 939 }
927 940 free(ze);
928 941 }
929 942 endzoneent(cookie);
930 943 return (Z_OK);
931 944 }
932 945
933 946 static int
934 947 validate_zonepath(char *path, int cmd_num)
935 948 {
936 949 int res; /* result of last library/system call */
937 950 boolean_t err = B_FALSE; /* have we run into an error? */
938 951 struct stat stbuf;
939 952 struct statvfs64 vfsbuf;
940 953 char rpath[MAXPATHLEN]; /* resolved path */
941 954 char ppath[MAXPATHLEN]; /* parent path */
942 955 char rppath[MAXPATHLEN]; /* resolved parent path */
943 956 char rootpath[MAXPATHLEN]; /* root path */
944 957 zone_state_t state;
945 958
946 959 if (path[0] != '/') {
947 960 (void) fprintf(stderr,
948 961 gettext("%s is not an absolute path.\n"), path);
949 962 return (Z_ERR);
950 963 }
951 964 if ((res = resolvepath(path, rpath, sizeof (rpath))) == -1) {
952 965 if ((errno != ENOENT) ||
953 966 (cmd_num != CMD_VERIFY && cmd_num != CMD_INSTALL &&
954 967 cmd_num != CMD_CLONE && cmd_num != CMD_MOVE)) {
955 968 zperror(path, B_FALSE);
956 969 return (Z_ERR);
957 970 }
958 971 if (cmd_num == CMD_VERIFY) {
959 972 /*
960 973 * TRANSLATION_NOTE
961 974 * zoneadm is a literal that should not be translated.
962 975 */
963 976 (void) fprintf(stderr, gettext("WARNING: %s does not "
964 977 "exist, so it could not be verified.\nWhen "
965 978 "'zoneadm %s' is run, '%s' will try to create\n%s, "
966 979 "and '%s' will be tried again,\nbut the '%s' may "
967 980 "fail if:\nthe parent directory of %s is group- or "
968 981 "other-writable\nor\n%s overlaps with any other "
969 982 "installed zones.\n"), path,
970 983 cmd_to_str(CMD_INSTALL), cmd_to_str(CMD_INSTALL),
971 984 path, cmd_to_str(CMD_VERIFY),
972 985 cmd_to_str(CMD_VERIFY), path, path);
973 986 return (Z_OK);
974 987 }
975 988 /*
976 989 * The zonepath is supposed to be mode 700 but its
977 990 * parent(s) 755. So use 755 on the mkdirp() then
978 991 * chmod() the zonepath itself to 700.
979 992 */
980 993 if (mkdirp(path, DEFAULT_DIR_MODE) < 0) {
981 994 zperror(path, B_FALSE);
982 995 return (Z_ERR);
983 996 }
984 997 /*
985 998 * If the chmod() fails, report the error, but might
986 999 * as well continue the verify procedure.
987 1000 */
988 1001 if (chmod(path, S_IRWXU) != 0)
989 1002 zperror(path, B_FALSE);
990 1003 /*
991 1004 * Since the mkdir() succeeded, we should not have to
992 1005 * worry about a subsequent ENOENT, thus this should
993 1006 * only recurse once.
994 1007 */
995 1008 return (validate_zonepath(path, cmd_num));
996 1009 }
997 1010 rpath[res] = '\0';
998 1011 if (strcmp(path, rpath) != 0) {
999 1012 errno = Z_RESOLVED_PATH;
1000 1013 zperror(path, B_TRUE);
1001 1014 return (Z_ERR);
1002 1015 }
1003 1016 if ((res = stat(rpath, &stbuf)) != 0) {
1004 1017 zperror(rpath, B_FALSE);
1005 1018 return (Z_ERR);
1006 1019 }
1007 1020 if (!S_ISDIR(stbuf.st_mode)) {
1008 1021 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1009 1022 rpath);
1010 1023 return (Z_ERR);
1011 1024 }
1012 1025 if (strcmp(stbuf.st_fstype, MNTTYPE_TMPFS) == 0) {
1013 1026 (void) printf(gettext("WARNING: %s is on a temporary "
1014 1027 "file system.\n"), rpath);
1015 1028 }
1016 1029 if (crosscheck_zonepaths(rpath) != Z_OK)
1017 1030 return (Z_ERR);
1018 1031 /*
1019 1032 * Try to collect and report as many minor errors as possible
1020 1033 * before returning, so the user can learn everything that needs
1021 1034 * to be fixed up front.
1022 1035 */
1023 1036 if (stbuf.st_uid != 0) {
1024 1037 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1025 1038 rpath);
1026 1039 err = B_TRUE;
1027 1040
1028 1041 /* Try to change owner */
1029 1042 if (cmd_num != CMD_VERIFY) {
1030 1043 (void) fprintf(stderr, gettext("%s: changing owner "
1031 1044 "to root.\n"), rpath);
1032 1045 if (chown(rpath, 0, -1) != 0) {
1033 1046 zperror(rpath, B_FALSE);
1034 1047 return (Z_ERR);
1035 1048 } else {
1036 1049 err = B_FALSE;
1037 1050 }
1038 1051 }
1039 1052 }
1040 1053 err |= bad_mode_bit(stbuf.st_mode, S_IRUSR, B_TRUE, rpath);
1041 1054 err |= bad_mode_bit(stbuf.st_mode, S_IWUSR, B_TRUE, rpath);
1042 1055 err |= bad_mode_bit(stbuf.st_mode, S_IXUSR, B_TRUE, rpath);
1043 1056 err |= bad_mode_bit(stbuf.st_mode, S_IRGRP, B_FALSE, rpath);
1044 1057 err |= bad_mode_bit(stbuf.st_mode, S_IWGRP, B_FALSE, rpath);
1045 1058 err |= bad_mode_bit(stbuf.st_mode, S_IXGRP, B_FALSE, rpath);
1046 1059 err |= bad_mode_bit(stbuf.st_mode, S_IROTH, B_FALSE, rpath);
1047 1060 err |= bad_mode_bit(stbuf.st_mode, S_IWOTH, B_FALSE, rpath);
1048 1061 err |= bad_mode_bit(stbuf.st_mode, S_IXOTH, B_FALSE, rpath);
1049 1062
1050 1063 /* If the group perms are wrong, fix them */
1051 1064 if (err && (cmd_num != CMD_VERIFY)) {
1052 1065 (void) fprintf(stderr, gettext("%s: changing permissions "
1053 1066 "to 0700.\n"), rpath);
1054 1067 if (chmod(rpath, S_IRWXU) != 0) {
1055 1068 zperror(path, B_FALSE);
1056 1069 } else {
1057 1070 err = B_FALSE;
1058 1071 }
1059 1072 }
1060 1073
1061 1074 (void) snprintf(ppath, sizeof (ppath), "%s/..", path);
1062 1075 if ((res = resolvepath(ppath, rppath, sizeof (rppath))) == -1) {
1063 1076 zperror(ppath, B_FALSE);
1064 1077 return (Z_ERR);
1065 1078 }
1066 1079 rppath[res] = '\0';
1067 1080 if ((res = stat(rppath, &stbuf)) != 0) {
1068 1081 zperror(rppath, B_FALSE);
1069 1082 return (Z_ERR);
1070 1083 }
1071 1084 /* theoretically impossible */
1072 1085 if (!S_ISDIR(stbuf.st_mode)) {
1073 1086 (void) fprintf(stderr, gettext("%s is not a directory.\n"),
1074 1087 rppath);
1075 1088 return (Z_ERR);
1076 1089 }
1077 1090 if (stbuf.st_uid != 0) {
1078 1091 (void) fprintf(stderr, gettext("%s is not owned by root.\n"),
1079 1092 rppath);
1080 1093 err = B_TRUE;
1081 1094 }
1082 1095 err |= bad_mode_bit(stbuf.st_mode, S_IRUSR, B_TRUE, rppath);
1083 1096 err |= bad_mode_bit(stbuf.st_mode, S_IWUSR, B_TRUE, rppath);
1084 1097 err |= bad_mode_bit(stbuf.st_mode, S_IXUSR, B_TRUE, rppath);
1085 1098 err |= bad_mode_bit(stbuf.st_mode, S_IWGRP, B_FALSE, rppath);
1086 1099 err |= bad_mode_bit(stbuf.st_mode, S_IWOTH, B_FALSE, rppath);
1087 1100 if (strcmp(rpath, rppath) == 0) {
1088 1101 (void) fprintf(stderr, gettext("%s is its own parent.\n"),
1089 1102 rppath);
1090 1103 err = B_TRUE;
1091 1104 }
1092 1105
1093 1106 if (statvfs64(rpath, &vfsbuf) != 0) {
1094 1107 zperror(rpath, B_FALSE);
1095 1108 return (Z_ERR);
1096 1109 }
1097 1110 if (strcmp(vfsbuf.f_basetype, MNTTYPE_NFS) == 0) {
1098 1111 /*
1099 1112 * TRANSLATION_NOTE
1100 1113 * Zonepath and NFS are literals that should not be translated.
1101 1114 */
1102 1115 (void) fprintf(stderr, gettext("Zonepath %s is on an NFS "
1103 1116 "mounted file system.\n"
1104 1117 "\tA local file system must be used.\n"), rpath);
1105 1118 return (Z_ERR);
1106 1119 }
1107 1120 if (vfsbuf.f_flag & ST_NOSUID) {
1108 1121 /*
1109 1122 * TRANSLATION_NOTE
1110 1123 * Zonepath and nosuid are literals that should not be
1111 1124 * translated.
1112 1125 */
1113 1126 (void) fprintf(stderr, gettext("Zonepath %s is on a nosuid "
1114 1127 "file system.\n"), rpath);
1115 1128 return (Z_ERR);
1116 1129 }
1117 1130
1118 1131 if ((res = zone_get_state(target_zone, &state)) != Z_OK) {
1119 1132 errno = res;
1120 1133 zperror2(target_zone, gettext("could not get state"));
1121 1134 return (Z_ERR);
1122 1135 }
1123 1136 /*
1124 1137 * The existence of the root path is only bad in the configured state,
1125 1138 * as it is *supposed* to be there at the installed and later states.
1126 1139 * However, the root path is expected to be there if the zone is
1127 1140 * detached.
1128 1141 * State/command mismatches are caught earlier in verify_details().
1129 1142 */
1130 1143 if (state == ZONE_STATE_CONFIGURED && cmd_num != CMD_ATTACH) {
1131 1144 if (snprintf(rootpath, sizeof (rootpath), "%s/root", rpath) >=
1132 1145 sizeof (rootpath)) {
1133 1146 /*
1134 1147 * TRANSLATION_NOTE
1135 1148 * Zonepath is a literal that should not be translated.
1136 1149 */
1137 1150 (void) fprintf(stderr,
1138 1151 gettext("Zonepath %s is too long.\n"), rpath);
1139 1152 return (Z_ERR);
1140 1153 }
1141 1154 if ((res = stat(rootpath, &stbuf)) == 0) {
1142 1155 if (zonecfg_detached(rpath)) {
1143 1156 (void) fprintf(stderr,
1144 1157 gettext("Cannot %s detached "
1145 1158 "zone.\nUse attach or remove %s "
1146 1159 "directory.\n"), cmd_to_str(cmd_num),
1147 1160 rpath);
1148 1161 return (Z_ERR);
1149 1162 }
1150 1163
1151 1164 /* Not detached, check if it really looks ok. */
1152 1165
1153 1166 if (!S_ISDIR(stbuf.st_mode)) {
1154 1167 (void) fprintf(stderr, gettext("%s is not a "
1155 1168 "directory.\n"), rootpath);
1156 1169 return (Z_ERR);
1157 1170 }
1158 1171
1159 1172 if (stbuf.st_uid != 0) {
1160 1173 (void) fprintf(stderr, gettext("%s is not "
1161 1174 "owned by root.\n"), rootpath);
1162 1175 return (Z_ERR);
1163 1176 }
1164 1177
1165 1178 if ((stbuf.st_mode & 0777) != 0755) {
1166 1179 (void) fprintf(stderr, gettext("%s mode is not "
1167 1180 "0755.\n"), rootpath);
1168 1181 return (Z_ERR);
1169 1182 }
1170 1183 }
1171 1184 }
1172 1185
1173 1186 return (err ? Z_ERR : Z_OK);
1174 1187 }
1175 1188
1176 1189 static int
1177 1190 invoke_brand_handler(int cmd_num, char *argv[])
1178 1191 {
1179 1192 zone_dochandle_t handle;
1180 1193 int err;
1181 1194
1182 1195 if ((handle = zonecfg_init_handle()) == NULL) {
1183 1196 zperror(cmd_to_str(cmd_num), B_TRUE);
1184 1197 return (Z_ERR);
1185 1198 }
1186 1199 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
1187 1200 errno = err;
1188 1201 zperror(cmd_to_str(cmd_num), B_TRUE);
1189 1202 zonecfg_fini_handle(handle);
1190 1203 return (Z_ERR);
1191 1204 }
1192 1205 if (verify_brand(handle, cmd_num, argv) != Z_OK) {
1193 1206 zonecfg_fini_handle(handle);
1194 1207 return (Z_ERR);
1195 1208 }
1196 1209 zonecfg_fini_handle(handle);
1197 1210 return (Z_OK);
1198 1211 }
1199 1212
1200 1213 static int
1201 1214 ready_func(int argc, char *argv[])
1202 1215 {
1203 1216 zone_cmd_arg_t zarg;
1204 1217 int arg;
1205 1218
1206 1219 if (zonecfg_in_alt_root()) {
1207 1220 zerror(gettext("cannot ready zone in alternate root"));
1208 1221 return (Z_ERR);
1209 1222 }
1210 1223
1211 1224 optind = 0;
1212 1225 if ((arg = getopt(argc, argv, "?")) != EOF) {
1213 1226 switch (arg) {
1214 1227 case '?':
1215 1228 sub_usage(SHELP_READY, CMD_READY);
1216 1229 return (optopt == '?' ? Z_OK : Z_USAGE);
1217 1230 default:
1218 1231 sub_usage(SHELP_READY, CMD_READY);
1219 1232 return (Z_USAGE);
1220 1233 }
1221 1234 }
1222 1235 if (argc > optind) {
1223 1236 sub_usage(SHELP_READY, CMD_READY);
1224 1237 return (Z_USAGE);
1225 1238 }
1226 1239 if (sanity_check(target_zone, CMD_READY, B_FALSE, B_FALSE, B_FALSE)
1227 1240 != Z_OK)
1228 1241 return (Z_ERR);
1229 1242 if (verify_details(CMD_READY, argv) != Z_OK)
1230 1243 return (Z_ERR);
1231 1244
1232 1245 zarg.cmd = Z_READY;
1233 1246 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) != 0) {
1234 1247 zerror(gettext("call to %s failed"), "zoneadmd");
1235 1248 return (Z_ERR);
1236 1249 }
1237 1250 return (Z_OK);
1238 1251 }
1239 1252
1240 1253 static int
1241 1254 boot_func(int argc, char *argv[])
1242 1255 {
1243 1256 zone_cmd_arg_t zarg;
1244 1257 boolean_t force = B_FALSE;
1245 1258 int arg;
1246 1259
1247 1260 if (zonecfg_in_alt_root()) {
1248 1261 zerror(gettext("cannot boot zone in alternate root"));
1249 1262 return (Z_ERR);
1250 1263 }
1251 1264
1252 1265 zarg.bootbuf[0] = '\0';
1253 1266
1254 1267 /*
1255 1268 * The following getopt processes arguments to zone boot; that
1256 1269 * is to say, the [here] portion of the argument string:
1257 1270 *
1258 1271 * zoneadm -z myzone boot [here] -- -v -m verbose
1259 1272 *
1260 1273 * Where [here] can either be nothing, -? (in which case we bail
1261 1274 * and print usage), -f (a private option to indicate that the
1262 1275 * boot operation should be 'forced'), or -s. Support for -s is
1263 1276 * vestigal and obsolete, but is retained because it was a
1264 1277 * documented interface and there are known consumers including
1265 1278 * admin/install; the proper way to specify boot arguments like -s
1266 1279 * is:
1267 1280 *
1268 1281 * zoneadm -z myzone boot -- -s -v -m verbose.
1269 1282 */
1270 1283 optind = 0;
1271 1284 while ((arg = getopt(argc, argv, "?fs")) != EOF) {
1272 1285 switch (arg) {
1273 1286 case '?':
1274 1287 sub_usage(SHELP_BOOT, CMD_BOOT);
1275 1288 return (optopt == '?' ? Z_OK : Z_USAGE);
1276 1289 case 's':
1277 1290 (void) strlcpy(zarg.bootbuf, "-s",
1278 1291 sizeof (zarg.bootbuf));
1279 1292 break;
1280 1293 case 'f':
1281 1294 force = B_TRUE;
1282 1295 break;
1283 1296 default:
1284 1297 sub_usage(SHELP_BOOT, CMD_BOOT);
1285 1298 return (Z_USAGE);
1286 1299 }
1287 1300 }
1288 1301
1289 1302 for (; optind < argc; optind++) {
1290 1303 if (strlcat(zarg.bootbuf, argv[optind],
1291 1304 sizeof (zarg.bootbuf)) >= sizeof (zarg.bootbuf)) {
1292 1305 zerror(gettext("Boot argument list too long"));
1293 1306 return (Z_ERR);
1294 1307 }
1295 1308 if (optind < argc - 1)
1296 1309 if (strlcat(zarg.bootbuf, " ", sizeof (zarg.bootbuf)) >=
1297 1310 sizeof (zarg.bootbuf)) {
1298 1311 zerror(gettext("Boot argument list too long"));
1299 1312 return (Z_ERR);
1300 1313 }
1301 1314 }
1302 1315 if (sanity_check(target_zone, CMD_BOOT, B_FALSE, B_FALSE, force)
1303 1316 != Z_OK)
1304 1317 return (Z_ERR);
1305 1318 if (verify_details(CMD_BOOT, argv) != Z_OK)
1306 1319 return (Z_ERR);
1307 1320 zarg.cmd = force ? Z_FORCEBOOT : Z_BOOT;
1308 1321 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) != 0) {
1309 1322 zerror(gettext("call to %s failed"), "zoneadmd");
1310 1323 return (Z_ERR);
1311 1324 }
1312 1325
1313 1326 return (Z_OK);
1314 1327 }
1315 1328
1316 1329 static void
1317 1330 fake_up_local_zone(zoneid_t zid, zone_entry_t *zeptr)
1318 1331 {
1319 1332 ssize_t result;
1320 1333 uuid_t uuid;
1321 1334 FILE *fp;
1322 1335 ushort_t flags;
1323 1336
1324 1337 (void) memset(zeptr, 0, sizeof (*zeptr));
1325 1338
1326 1339 zeptr->zid = zid;
1327 1340
1328 1341 /*
1329 1342 * Since we're looking up our own (non-global) zone name,
1330 1343 * we can be assured that it will succeed.
1331 1344 */
1332 1345 result = getzonenamebyid(zid, zeptr->zname, sizeof (zeptr->zname));
1333 1346 assert(result >= 0);
1334 1347 if (zonecfg_is_scratch(zeptr->zname) &&
1335 1348 (fp = zonecfg_open_scratch("", B_FALSE)) != NULL) {
1336 1349 (void) zonecfg_reverse_scratch(fp, zeptr->zname, zeptr->zname,
1337 1350 sizeof (zeptr->zname), NULL, 0);
1338 1351 zonecfg_close_scratch(fp);
1339 1352 }
1340 1353
1341 1354 if (is_system_labeled()) {
1342 1355 (void) zone_getattr(zid, ZONE_ATTR_ROOT, zeptr->zroot,
1343 1356 sizeof (zeptr->zroot));
1344 1357 (void) strlcpy(zeptr->zbrand, NATIVE_BRAND_NAME,
1345 1358 sizeof (zeptr->zbrand));
1346 1359 } else {
1347 1360 (void) strlcpy(zeptr->zroot, "/", sizeof (zeptr->zroot));
1348 1361 (void) zone_getattr(zid, ZONE_ATTR_BRAND, zeptr->zbrand,
1349 1362 sizeof (zeptr->zbrand));
1350 1363 }
1351 1364
1352 1365 zeptr->zstate_str = "running";
1353 1366 if (zonecfg_get_uuid(zeptr->zname, uuid) == Z_OK &&
1354 1367 !uuid_is_null(uuid))
1355 1368 uuid_unparse(uuid, zeptr->zuuid);
1356 1369
1357 1370 if (zone_getattr(zid, ZONE_ATTR_FLAGS, &flags, sizeof (flags)) < 0) {
1358 1371 zperror2(zeptr->zname, gettext("could not get zone flags"));
1359 1372 exit(Z_ERR);
1360 1373 }
1361 1374 if (flags & ZF_NET_EXCL)
1362 1375 zeptr->ziptype = ZS_EXCLUSIVE;
1363 1376 else
1364 1377 zeptr->ziptype = ZS_SHARED;
1365 1378 }
1366 1379
1367 1380 static int
1368 1381 list_func(int argc, char *argv[])
1369 1382 {
1370 1383 zone_entry_t *zentp, zent;
1371 1384 int arg, retv;
1372 1385 boolean_t output = B_FALSE, verbose = B_FALSE, parsable = B_FALSE;
1373 1386 zone_state_t min_state = ZONE_STATE_RUNNING;
1374 1387 zoneid_t zone_id = getzoneid();
1375 1388
1376 1389 if (target_zone == NULL) {
1377 1390 /* all zones: default view to running but allow override */
1378 1391 optind = 0;
1379 1392 while ((arg = getopt(argc, argv, "?cipv")) != EOF) {
1380 1393 switch (arg) {
1381 1394 case '?':
1382 1395 sub_usage(SHELP_LIST, CMD_LIST);
1383 1396 return (optopt == '?' ? Z_OK : Z_USAGE);
1384 1397 /*
1385 1398 * The 'i' and 'c' options are not mutually
1386 1399 * exclusive so if 'c' is given, then min_state
1387 1400 * is set to 0 (ZONE_STATE_CONFIGURED) which is
1388 1401 * the lowest possible state. If 'i' is given,
1389 1402 * then min_state is set to be the lowest state
1390 1403 * so far.
1391 1404 */
1392 1405 case 'c':
1393 1406 min_state = ZONE_STATE_CONFIGURED;
1394 1407 break;
1395 1408 case 'i':
1396 1409 min_state = min(ZONE_STATE_INSTALLED,
1397 1410 min_state);
1398 1411
1399 1412 break;
1400 1413 case 'p':
1401 1414 parsable = B_TRUE;
1402 1415 break;
1403 1416 case 'v':
1404 1417 verbose = B_TRUE;
1405 1418 break;
1406 1419 default:
1407 1420 sub_usage(SHELP_LIST, CMD_LIST);
1408 1421 return (Z_USAGE);
1409 1422 }
1410 1423 }
1411 1424 if (parsable && verbose) {
1412 1425 zerror(gettext("%s -p and -v are mutually exclusive."),
1413 1426 cmd_to_str(CMD_LIST));
1414 1427 return (Z_ERR);
1415 1428 }
1416 1429 if (zone_id == GLOBAL_ZONEID || is_system_labeled()) {
1417 1430 retv = zone_print_list(min_state, verbose, parsable);
1418 1431 } else {
1419 1432 fake_up_local_zone(zone_id, &zent);
1420 1433 retv = Z_OK;
1421 1434 zone_print(&zent, verbose, parsable);
1422 1435 }
1423 1436 return (retv);
1424 1437 }
1425 1438
1426 1439 /*
1427 1440 * Specific target zone: disallow -i/-c suboptions.
1428 1441 */
1429 1442 optind = 0;
1430 1443 while ((arg = getopt(argc, argv, "?pv")) != EOF) {
1431 1444 switch (arg) {
1432 1445 case '?':
1433 1446 sub_usage(SHELP_LIST, CMD_LIST);
1434 1447 return (optopt == '?' ? Z_OK : Z_USAGE);
1435 1448 case 'p':
1436 1449 parsable = B_TRUE;
1437 1450 break;
1438 1451 case 'v':
1439 1452 verbose = B_TRUE;
1440 1453 break;
1441 1454 default:
1442 1455 sub_usage(SHELP_LIST, CMD_LIST);
1443 1456 return (Z_USAGE);
1444 1457 }
1445 1458 }
1446 1459 if (parsable && verbose) {
1447 1460 zerror(gettext("%s -p and -v are mutually exclusive."),
1448 1461 cmd_to_str(CMD_LIST));
1449 1462 return (Z_ERR);
1450 1463 }
1451 1464 if (argc > optind) {
1452 1465 sub_usage(SHELP_LIST, CMD_LIST);
1453 1466 return (Z_USAGE);
1454 1467 }
1455 1468 if (zone_id != GLOBAL_ZONEID && !is_system_labeled()) {
1456 1469 fake_up_local_zone(zone_id, &zent);
1457 1470 /*
1458 1471 * main() will issue a Z_NO_ZONE error if it cannot get an
1459 1472 * id for target_zone, which in a non-global zone should
1460 1473 * happen for any zone name except `zonename`. Thus we
1461 1474 * assert() that here but don't otherwise check.
1462 1475 */
1463 1476 assert(strcmp(zent.zname, target_zone) == 0);
1464 1477 zone_print(&zent, verbose, parsable);
1465 1478 output = B_TRUE;
1466 1479 } else if ((zentp = lookup_running_zone(target_zone)) != NULL) {
1467 1480 zone_print(zentp, verbose, parsable);
1468 1481 output = B_TRUE;
1469 1482 } else if (lookup_zone_info(target_zone, ZONE_ID_UNDEFINED,
1470 1483 &zent) == Z_OK) {
1471 1484 zone_print(&zent, verbose, parsable);
1472 1485 output = B_TRUE;
1473 1486 }
1474 1487
1475 1488 /*
1476 1489 * Invoke brand-specific handler. Note that we do this
1477 1490 * only if we're in the global zone, and target_zone is specified
1478 1491 * and it is not the global zone.
1479 1492 */
1480 1493 if (zone_id == GLOBAL_ZONEID && target_zone != NULL &&
1481 1494 strcmp(target_zone, GLOBAL_ZONENAME) != 0)
1482 1495 if (invoke_brand_handler(CMD_LIST, argv) != Z_OK)
1483 1496 return (Z_ERR);
1484 1497
1485 1498 return (output ? Z_OK : Z_ERR);
1486 1499 }
1487 1500
1488 1501 int
1489 1502 do_subproc(char *cmdbuf)
1490 1503 {
1491 1504 void (*saveint)(int);
1492 1505 void (*saveterm)(int);
1493 1506 void (*savequit)(int);
1494 1507 void (*savehup)(int);
1495 1508 int pid, child, status;
1496 1509
1497 1510 if ((child = vfork()) == 0) {
1498 1511 (void) execl("/bin/sh", "sh", "-c", cmdbuf, (char *)NULL);
1499 1512 }
1500 1513
1501 1514 if (child == -1)
1502 1515 return (-1);
1503 1516
1504 1517 saveint = sigset(SIGINT, SIG_IGN);
1505 1518 saveterm = sigset(SIGTERM, SIG_IGN);
1506 1519 savequit = sigset(SIGQUIT, SIG_IGN);
1507 1520 savehup = sigset(SIGHUP, SIG_IGN);
1508 1521
1509 1522 while ((pid = waitpid(child, &status, 0)) != child && pid != -1)
1510 1523 ;
1511 1524
1512 1525 (void) sigset(SIGINT, saveint);
1513 1526 (void) sigset(SIGTERM, saveterm);
1514 1527 (void) sigset(SIGQUIT, savequit);
1515 1528 (void) sigset(SIGHUP, savehup);
1516 1529
1517 1530 return (pid == -1 ? -1 : status);
1518 1531 }
1519 1532
1520 1533 int
1521 1534 subproc_status(const char *cmd, int status, boolean_t verbose_failure)
1522 1535 {
1523 1536 if (WIFEXITED(status)) {
1524 1537 int exit_code = WEXITSTATUS(status);
1525 1538
1526 1539 if ((verbose_failure) && (exit_code != ZONE_SUBPROC_OK))
1527 1540 zerror(gettext("'%s' failed with exit code %d."), cmd,
1528 1541 exit_code);
1529 1542
1530 1543 return (exit_code);
1531 1544 } else if (WIFSIGNALED(status)) {
1532 1545 int signal = WTERMSIG(status);
1533 1546 char sigstr[SIG2STR_MAX];
1534 1547
1535 1548 if (sig2str(signal, sigstr) == 0) {
1536 1549 zerror(gettext("'%s' terminated by signal SIG%s."), cmd,
1537 1550 sigstr);
1538 1551 } else {
1539 1552 zerror(gettext("'%s' terminated by an unknown signal."),
1540 1553 cmd);
1541 1554 }
1542 1555 } else {
1543 1556 zerror(gettext("'%s' failed for unknown reasons."), cmd);
1544 1557 }
1545 1558
1546 1559 /*
1547 1560 * Assume a subprocess that died due to a signal or an unknown error
1548 1561 * should be considered an exit code of ZONE_SUBPROC_FATAL, as the
1549 1562 * user will likely need to do some manual cleanup.
1550 1563 */
1551 1564 return (ZONE_SUBPROC_FATAL);
1552 1565 }
1553 1566
1554 1567 static int
1555 1568 auth_check(char *user, char *zone, int cmd_num)
1556 1569 {
1557 1570 char authname[MAXAUTHS];
1558 1571
1559 1572 switch (cmd_num) {
1560 1573 case CMD_LIST:
1561 1574 case CMD_HELP:
1562 1575 return (Z_OK);
1563 1576 case SOURCE_ZONE:
1564 1577 (void) strlcpy(authname, ZONE_CLONEFROM_AUTH, MAXAUTHS);
1565 1578 break;
1566 1579 case CMD_BOOT:
1567 1580 case CMD_HALT:
1568 1581 case CMD_READY:
1569 1582 case CMD_SHUTDOWN:
1570 1583 case CMD_REBOOT:
1571 1584 case CMD_SYSBOOT:
1572 1585 case CMD_VERIFY:
1573 1586 case CMD_INSTALL:
1574 1587 case CMD_UNINSTALL:
1575 1588 case CMD_MOUNT:
1576 1589 case CMD_UNMOUNT:
1577 1590 case CMD_CLONE:
1578 1591 case CMD_MOVE:
1579 1592 case CMD_DETACH:
1580 1593 case CMD_ATTACH:
1581 1594 case CMD_MARK:
1582 1595 case CMD_APPLY:
1583 1596 default:
1584 1597 (void) strlcpy(authname, ZONE_MANAGE_AUTH, MAXAUTHS);
1585 1598 break;
1586 1599 }
1587 1600 (void) strlcat(authname, KV_OBJECT, MAXAUTHS);
1588 1601 (void) strlcat(authname, zone, MAXAUTHS);
1589 1602 if (chkauthattr(authname, user) == 0) {
1590 1603 return (Z_ERR);
1591 1604 } else {
1592 1605 /*
1593 1606 * Some subcommands, e.g. install, run subcommands,
1594 1607 * e.g. sysidcfg, that require a real uid of root,
1595 1608 * so switch to root, here.
1596 1609 */
1597 1610 if (setuid(0) == -1) {
1598 1611 zperror(gettext("insufficient privilege"), B_TRUE);
1599 1612 return (Z_ERR);
1600 1613 }
1601 1614 return (Z_OK);
1602 1615 }
1603 1616 }
1604 1617
1605 1618 /*
1606 1619 * Various sanity checks; make sure:
1607 1620 * 1. We're in the global zone.
1608 1621 * 2. The calling user has sufficient privilege.
1609 1622 * 3. The target zone is neither the global zone nor anything starting with
1610 1623 * "SUNW".
1611 1624 * 4a. If we're looking for a 'not running' (i.e., configured or installed)
1612 1625 * zone, the name service knows about it.
1613 1626 * 4b. For some operations which expect a zone not to be running, that it is
1614 1627 * not already running (or ready).
1615 1628 */
1616 1629 static int
1617 1630 sanity_check(char *zone, int cmd_num, boolean_t running,
1618 1631 boolean_t unsafe_when_running, boolean_t force)
1619 1632 {
1620 1633 zone_entry_t *zent;
1621 1634 priv_set_t *privset;
1622 1635 zone_state_t state, min_state;
1623 1636 char kernzone[ZONENAME_MAX];
1624 1637 FILE *fp;
1625 1638
1626 1639 if (getzoneid() != GLOBAL_ZONEID) {
1627 1640 switch (cmd_num) {
1628 1641 case CMD_HALT:
1629 1642 zerror(gettext("use %s to %s this zone."), "halt(1M)",
1630 1643 cmd_to_str(cmd_num));
1631 1644 break;
1632 1645 case CMD_SHUTDOWN:
1633 1646 zerror(gettext("use %s to %s this zone."),
1634 1647 "shutdown(1M)", cmd_to_str(cmd_num));
1635 1648 break;
1636 1649 case CMD_REBOOT:
1637 1650 zerror(gettext("use %s to %s this zone."),
1638 1651 "reboot(1M)", cmd_to_str(cmd_num));
1639 1652 break;
1640 1653 default:
1641 1654 zerror(gettext("must be in the global zone to %s a "
1642 1655 "zone."), cmd_to_str(cmd_num));
1643 1656 break;
1644 1657 }
1645 1658 return (Z_ERR);
1646 1659 }
1647 1660
1648 1661 if ((privset = priv_allocset()) == NULL) {
1649 1662 zerror(gettext("%s failed"), "priv_allocset");
1650 1663 return (Z_ERR);
1651 1664 }
1652 1665
1653 1666 if (getppriv(PRIV_EFFECTIVE, privset) != 0) {
1654 1667 zerror(gettext("%s failed"), "getppriv");
1655 1668 priv_freeset(privset);
1656 1669 return (Z_ERR);
1657 1670 }
1658 1671
1659 1672 if (priv_isfullset(privset) == B_FALSE) {
1660 1673 zerror(gettext("only a privileged user may %s a zone."),
1661 1674 cmd_to_str(cmd_num));
1662 1675 priv_freeset(privset);
1663 1676 return (Z_ERR);
1664 1677 }
1665 1678 priv_freeset(privset);
1666 1679
1667 1680 if (zone == NULL) {
1668 1681 zerror(gettext("no zone specified"));
1669 1682 return (Z_ERR);
1670 1683 }
1671 1684
1672 1685 if (auth_check(username, zone, cmd_num) == Z_ERR) {
1673 1686 zerror(gettext("User %s is not authorized to %s this zone."),
1674 1687 username, cmd_to_str(cmd_num));
1675 1688 return (Z_ERR);
1676 1689 }
1677 1690
1678 1691 if (strcmp(zone, GLOBAL_ZONENAME) == 0) {
1679 1692 zerror(gettext("%s operation is invalid for the global zone."),
1680 1693 cmd_to_str(cmd_num));
1681 1694 return (Z_ERR);
1682 1695 }
1683 1696
1684 1697 if (strncmp(zone, "SUNW", 4) == 0) {
1685 1698 zerror(gettext("%s operation is invalid for zones starting "
1686 1699 "with SUNW."), cmd_to_str(cmd_num));
1687 1700 return (Z_ERR);
1688 1701 }
1689 1702
1690 1703 if (!zonecfg_in_alt_root()) {
1691 1704 zent = lookup_running_zone(zone);
1692 1705 } else if ((fp = zonecfg_open_scratch("", B_FALSE)) == NULL) {
1693 1706 zent = NULL;
1694 1707 } else {
1695 1708 if (zonecfg_find_scratch(fp, zone, zonecfg_get_root(),
1696 1709 kernzone, sizeof (kernzone)) == 0)
1697 1710 zent = lookup_running_zone(kernzone);
1698 1711 else
1699 1712 zent = NULL;
1700 1713 zonecfg_close_scratch(fp);
1701 1714 }
1702 1715
1703 1716 /*
1704 1717 * Look up from the kernel for 'running' zones.
1705 1718 */
1706 1719 if (running && !force) {
1707 1720 if (zent == NULL) {
1708 1721 zerror(gettext("not running"));
1709 1722 return (Z_ERR);
1710 1723 }
1711 1724 } else {
1712 1725 int err;
1713 1726
1714 1727 if (unsafe_when_running && zent != NULL) {
1715 1728 /* check whether the zone is ready or running */
1716 1729 if ((err = zone_get_state(zent->zname,
1717 1730 &zent->zstate_num)) != Z_OK) {
1718 1731 errno = err;
1719 1732 zperror2(zent->zname,
1720 1733 gettext("could not get state"));
1721 1734 /* can't tell, so hedge */
1722 1735 zent->zstate_str = "ready/running";
1723 1736 } else {
1724 1737 zent->zstate_str =
1725 1738 zone_state_str(zent->zstate_num);
1726 1739 }
1727 1740 zerror(gettext("%s operation is invalid for %s zones."),
1728 1741 cmd_to_str(cmd_num), zent->zstate_str);
1729 1742 return (Z_ERR);
1730 1743 }
1731 1744 if ((err = zone_get_state(zone, &state)) != Z_OK) {
1732 1745 errno = err;
1733 1746 zperror2(zone, gettext("could not get state"));
1734 1747 return (Z_ERR);
1735 1748 }
1736 1749 switch (cmd_num) {
1737 1750 case CMD_UNINSTALL:
1738 1751 if (state == ZONE_STATE_CONFIGURED) {
1739 1752 zerror(gettext("is already in state '%s'."),
1740 1753 zone_state_str(ZONE_STATE_CONFIGURED));
1741 1754 return (Z_ERR);
1742 1755 }
1743 1756 break;
1744 1757 case CMD_ATTACH:
1745 1758 if (state == ZONE_STATE_INSTALLED) {
1746 1759 zerror(gettext("is already %s."),
1747 1760 zone_state_str(ZONE_STATE_INSTALLED));
1748 1761 return (Z_ERR);
1749 1762 } else if (state == ZONE_STATE_INCOMPLETE && !force) {
1750 1763 zerror(gettext("zone is %s; %s required."),
1751 1764 zone_state_str(ZONE_STATE_INCOMPLETE),
1752 1765 cmd_to_str(CMD_UNINSTALL));
1753 1766 return (Z_ERR);
1754 1767 }
1755 1768 break;
1756 1769 case CMD_CLONE:
1757 1770 case CMD_INSTALL:
1758 1771 if (state == ZONE_STATE_INSTALLED) {
1759 1772 zerror(gettext("is already %s."),
1760 1773 zone_state_str(ZONE_STATE_INSTALLED));
1761 1774 return (Z_ERR);
1762 1775 } else if (state == ZONE_STATE_INCOMPLETE) {
1763 1776 zerror(gettext("zone is %s; %s required."),
1764 1777 zone_state_str(ZONE_STATE_INCOMPLETE),
1765 1778 cmd_to_str(CMD_UNINSTALL));
1766 1779 return (Z_ERR);
1767 1780 }
1768 1781 break;
1769 1782 case CMD_DETACH:
1770 1783 case CMD_MOVE:
1771 1784 case CMD_READY:
1772 1785 case CMD_BOOT:
1773 1786 case CMD_MOUNT:
1774 1787 case CMD_MARK:
1775 1788 if ((cmd_num == CMD_BOOT || cmd_num == CMD_MOUNT) &&
1776 1789 force)
1777 1790 min_state = ZONE_STATE_INCOMPLETE;
1778 1791 else if (cmd_num == CMD_MARK)
1779 1792 min_state = ZONE_STATE_CONFIGURED;
1780 1793 else
1781 1794 min_state = ZONE_STATE_INSTALLED;
1782 1795
1783 1796 if (state < min_state) {
1784 1797 zerror(gettext("must be %s before %s."),
1785 1798 zone_state_str(min_state),
1786 1799 cmd_to_str(cmd_num));
1787 1800 return (Z_ERR);
1788 1801 }
1789 1802 break;
1790 1803 case CMD_VERIFY:
1791 1804 if (state == ZONE_STATE_INCOMPLETE) {
1792 1805 zerror(gettext("zone is %s; %s required."),
1793 1806 zone_state_str(ZONE_STATE_INCOMPLETE),
1794 1807 cmd_to_str(CMD_UNINSTALL));
1795 1808 return (Z_ERR);
1796 1809 }
1797 1810 break;
1798 1811 case CMD_UNMOUNT:
1799 1812 if (state != ZONE_STATE_MOUNTED) {
1800 1813 zerror(gettext("must be %s before %s."),
1801 1814 zone_state_str(ZONE_STATE_MOUNTED),
1802 1815 cmd_to_str(cmd_num));
1803 1816 return (Z_ERR);
1804 1817 }
1805 1818 break;
1806 1819 case CMD_SYSBOOT:
1807 1820 if (state != ZONE_STATE_INSTALLED) {
1808 1821 zerror(gettext("%s operation is invalid for %s "
1809 1822 "zones."), cmd_to_str(cmd_num),
1810 1823 zone_state_str(state));
1811 1824 return (Z_ERR);
1812 1825 }
1813 1826 break;
1814 1827 }
1815 1828 }
1816 1829 return (Z_OK);
1817 1830 }
1818 1831
1819 1832 static int
1820 1833 halt_func(int argc, char *argv[])
1821 1834 {
1822 1835 zone_cmd_arg_t zarg;
1823 1836 int arg;
1824 1837
1825 1838 if (zonecfg_in_alt_root()) {
1826 1839 zerror(gettext("cannot halt zone in alternate root"));
1827 1840 return (Z_ERR);
1828 1841 }
1829 1842
1830 1843 optind = 0;
1831 1844 if ((arg = getopt(argc, argv, "?")) != EOF) {
1832 1845 switch (arg) {
1833 1846 case '?':
1834 1847 sub_usage(SHELP_HALT, CMD_HALT);
1835 1848 return (optopt == '?' ? Z_OK : Z_USAGE);
1836 1849 default:
1837 1850 sub_usage(SHELP_HALT, CMD_HALT);
1838 1851 return (Z_USAGE);
1839 1852 }
1840 1853 }
1841 1854 if (argc > optind) {
1842 1855 sub_usage(SHELP_HALT, CMD_HALT);
1843 1856 return (Z_USAGE);
1844 1857 }
1845 1858 /*
1846 1859 * zoneadmd should be the one to decide whether or not to proceed,
1847 1860 * so even though it seems that the fourth parameter below should
1848 1861 * perhaps be B_TRUE, it really shouldn't be.
1849 1862 */
1850 1863 if (sanity_check(target_zone, CMD_HALT, B_FALSE, B_FALSE, B_FALSE)
1851 1864 != Z_OK)
1852 1865 return (Z_ERR);
1853 1866
1854 1867 /*
1855 1868 * Invoke brand-specific handler.
1856 1869 */
1857 1870 if (invoke_brand_handler(CMD_HALT, argv) != Z_OK)
1858 1871 return (Z_ERR);
1859 1872
1860 1873 zarg.cmd = Z_HALT;
1861 1874 return ((zonecfg_call_zoneadmd(target_zone, &zarg, locale,
1862 1875 B_TRUE) == 0) ? Z_OK : Z_ERR);
1863 1876 }
1864 1877
1865 1878 static int
1866 1879 shutdown_func(int argc, char *argv[])
1867 1880 {
1868 1881 zone_cmd_arg_t zarg;
1869 1882 int arg;
1870 1883 boolean_t reboot = B_FALSE;
1871 1884
1872 1885 zarg.cmd = Z_SHUTDOWN;
1873 1886
1874 1887 if (zonecfg_in_alt_root()) {
1875 1888 zerror(gettext("cannot shut down zone in alternate root"));
1876 1889 return (Z_ERR);
1877 1890 }
1878 1891
1879 1892 optind = 0;
1880 1893 while ((arg = getopt(argc, argv, "?r")) != EOF) {
1881 1894 switch (arg) {
1882 1895 case '?':
1883 1896 sub_usage(SHELP_SHUTDOWN, CMD_SHUTDOWN);
1884 1897 return (optopt == '?' ? Z_OK : Z_USAGE);
1885 1898 case 'r':
1886 1899 reboot = B_TRUE;
1887 1900 break;
1888 1901 default:
1889 1902 sub_usage(SHELP_SHUTDOWN, CMD_SHUTDOWN);
1890 1903 return (Z_USAGE);
1891 1904 }
1892 1905 }
1893 1906
1894 1907 zarg.bootbuf[0] = '\0';
1895 1908 for (; optind < argc; optind++) {
1896 1909 if (strlcat(zarg.bootbuf, argv[optind],
1897 1910 sizeof (zarg.bootbuf)) >= sizeof (zarg.bootbuf)) {
1898 1911 zerror(gettext("Boot argument list too long"));
1899 1912 return (Z_ERR);
1900 1913 }
1901 1914 if (optind < argc - 1)
1902 1915 if (strlcat(zarg.bootbuf, " ", sizeof (zarg.bootbuf)) >=
1903 1916 sizeof (zarg.bootbuf)) {
1904 1917 zerror(gettext("Boot argument list too long"));
1905 1918 return (Z_ERR);
1906 1919 }
1907 1920 }
1908 1921
1909 1922 /*
1910 1923 * zoneadmd should be the one to decide whether or not to proceed,
1911 1924 * so even though it seems that the third parameter below should
1912 1925 * perhaps be B_TRUE, it really shouldn't be.
1913 1926 */
1914 1927 if (sanity_check(target_zone, CMD_SHUTDOWN, B_TRUE, B_FALSE, B_FALSE)
1915 1928 != Z_OK)
1916 1929 return (Z_ERR);
1917 1930
1918 1931 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) != Z_OK)
1919 1932 return (Z_ERR);
1920 1933
1921 1934 if (reboot) {
1922 1935 if (sanity_check(target_zone, CMD_BOOT, B_FALSE, B_FALSE,
1923 1936 B_FALSE) != Z_OK)
1924 1937 return (Z_ERR);
1925 1938
1926 1939 zarg.cmd = Z_BOOT;
1927 1940 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale,
1928 1941 B_TRUE) != Z_OK)
1929 1942 return (Z_ERR);
1930 1943 }
1931 1944 return (Z_OK);
1932 1945 }
1933 1946
1934 1947 static int
1935 1948 reboot_func(int argc, char *argv[])
1936 1949 {
1937 1950 zone_cmd_arg_t zarg;
1938 1951 int arg;
1939 1952
1940 1953 if (zonecfg_in_alt_root()) {
1941 1954 zerror(gettext("cannot reboot zone in alternate root"));
1942 1955 return (Z_ERR);
1943 1956 }
1944 1957
1945 1958 optind = 0;
1946 1959 if ((arg = getopt(argc, argv, "?")) != EOF) {
1947 1960 switch (arg) {
1948 1961 case '?':
1949 1962 sub_usage(SHELP_REBOOT, CMD_REBOOT);
1950 1963 return (optopt == '?' ? Z_OK : Z_USAGE);
1951 1964 default:
1952 1965 sub_usage(SHELP_REBOOT, CMD_REBOOT);
1953 1966 return (Z_USAGE);
1954 1967 }
1955 1968 }
1956 1969
1957 1970 zarg.bootbuf[0] = '\0';
1958 1971 for (; optind < argc; optind++) {
1959 1972 if (strlcat(zarg.bootbuf, argv[optind],
1960 1973 sizeof (zarg.bootbuf)) >= sizeof (zarg.bootbuf)) {
1961 1974 zerror(gettext("Boot argument list too long"));
1962 1975 return (Z_ERR);
1963 1976 }
1964 1977 if (optind < argc - 1)
1965 1978 if (strlcat(zarg.bootbuf, " ", sizeof (zarg.bootbuf)) >=
1966 1979 sizeof (zarg.bootbuf)) {
1967 1980 zerror(gettext("Boot argument list too long"));
1968 1981 return (Z_ERR);
1969 1982 }
1970 1983 }
1971 1984
1972 1985
1973 1986 /*
1974 1987 * zoneadmd should be the one to decide whether or not to proceed,
1975 1988 * so even though it seems that the fourth parameter below should
1976 1989 * perhaps be B_TRUE, it really shouldn't be.
1977 1990 */
1978 1991 if (sanity_check(target_zone, CMD_REBOOT, B_TRUE, B_FALSE, B_FALSE)
1979 1992 != Z_OK)
1980 1993 return (Z_ERR);
1981 1994 if (verify_details(CMD_REBOOT, argv) != Z_OK)
1982 1995 return (Z_ERR);
1983 1996
1984 1997 zarg.cmd = Z_REBOOT;
1985 1998 return ((zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) == 0)
1986 1999 ? Z_OK : Z_ERR);
1987 2000 }
1988 2001
1989 2002 static int
1990 2003 get_hook(brand_handle_t bh, char *cmd, size_t len, int (*bp)(brand_handle_t,
1991 2004 const char *, const char *, char *, size_t), char *zonename, char *zonepath)
1992 2005 {
1993 2006 if (strlcpy(cmd, EXEC_PREFIX, len) >= len)
1994 2007 return (Z_ERR);
1995 2008
1996 2009 if (bp(bh, zonename, zonepath, cmd + EXEC_LEN, len - EXEC_LEN) != 0)
1997 2010 return (Z_ERR);
1998 2011
1999 2012 if (strlen(cmd) <= EXEC_LEN)
2000 2013 cmd[0] = '\0';
2001 2014
2002 2015 return (Z_OK);
2003 2016 }
2004 2017
2005 2018 static int
2006 2019 verify_brand(zone_dochandle_t handle, int cmd_num, char *argv[])
2007 2020 {
2008 2021 char cmdbuf[MAXPATHLEN];
2009 2022 int err;
2010 2023 char zonepath[MAXPATHLEN];
2011 2024 brand_handle_t bh = NULL;
2012 2025 int status, i;
2013 2026
2014 2027 /*
2015 2028 * Fetch the verify command from the brand configuration.
2016 2029 * "exec" the command so that the returned status is that of
2017 2030 * the command and not the shell.
2018 2031 */
2019 2032 if (handle == NULL) {
2020 2033 (void) strlcpy(zonepath, "-", sizeof (zonepath));
2021 2034 } else if ((err = zonecfg_get_zonepath(handle, zonepath,
2022 2035 sizeof (zonepath))) != Z_OK) {
2023 2036 errno = err;
2024 2037 zperror(cmd_to_str(cmd_num), B_TRUE);
2025 2038 return (Z_ERR);
2026 2039 }
2027 2040 if ((bh = brand_open(target_brand)) == NULL) {
2028 2041 zerror(gettext("missing or invalid brand"));
2029 2042 return (Z_ERR);
2030 2043 }
2031 2044
2032 2045 /*
2033 2046 * If the brand has its own verification routine, execute it now.
2034 2047 * The verification routine validates the intended zoneadm
2035 2048 * operation for the specific brand. The zoneadm subcommand and
2036 2049 * all its arguments are passed to the routine.
2037 2050 */
2038 2051 err = get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_verify_adm,
2039 2052 target_zone, zonepath);
2040 2053 brand_close(bh);
2041 2054 if (err != Z_OK)
2042 2055 return (Z_BRAND_ERROR);
2043 2056 if (cmdbuf[0] == '\0')
2044 2057 return (Z_OK);
2045 2058
2046 2059 if (strlcat(cmdbuf, cmd_to_str(cmd_num),
2047 2060 sizeof (cmdbuf)) >= sizeof (cmdbuf))
2048 2061 return (Z_ERR);
2049 2062
2050 2063 /* Build the argv string */
2051 2064 i = 0;
2052 2065 while (argv[i] != NULL) {
2053 2066 if ((strlcat(cmdbuf, " ",
2054 2067 sizeof (cmdbuf)) >= sizeof (cmdbuf)) ||
2055 2068 (strlcat(cmdbuf, argv[i++],
2056 2069 sizeof (cmdbuf)) >= sizeof (cmdbuf)))
2057 2070 return (Z_ERR);
2058 2071 }
2059 2072
2060 2073 status = do_subproc(cmdbuf);
2061 2074 err = subproc_status(gettext("brand-specific verification"),
2062 2075 status, B_FALSE);
2063 2076
2064 2077 return ((err == ZONE_SUBPROC_OK) ? Z_OK : Z_BRAND_ERROR);
2065 2078 }
2066 2079
2067 2080 static int
2068 2081 verify_rctls(zone_dochandle_t handle)
2069 2082 {
2070 2083 struct zone_rctltab rctltab;
2071 2084 size_t rbs = rctlblk_size();
2072 2085 rctlblk_t *rctlblk;
2073 2086 int error = Z_INVAL;
2074 2087
2075 2088 if ((rctlblk = malloc(rbs)) == NULL) {
2076 2089 zerror(gettext("failed to allocate %lu bytes: %s"), rbs,
2077 2090 strerror(errno));
2078 2091 return (Z_NOMEM);
2079 2092 }
2080 2093
2081 2094 if (zonecfg_setrctlent(handle) != Z_OK) {
2082 2095 zerror(gettext("zonecfg_setrctlent failed"));
2083 2096 free(rctlblk);
2084 2097 return (error);
2085 2098 }
2086 2099
2087 2100 rctltab.zone_rctl_valptr = NULL;
2088 2101 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
2089 2102 struct zone_rctlvaltab *rctlval;
2090 2103 const char *name = rctltab.zone_rctl_name;
2091 2104
2092 2105 if (!zonecfg_is_rctl(name)) {
2093 2106 zerror(gettext("WARNING: Ignoring unrecognized rctl "
2094 2107 "'%s'."), name);
2095 2108 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2096 2109 rctltab.zone_rctl_valptr = NULL;
2097 2110 continue;
2098 2111 }
2099 2112
2100 2113 for (rctlval = rctltab.zone_rctl_valptr; rctlval != NULL;
2101 2114 rctlval = rctlval->zone_rctlval_next) {
2102 2115 if (zonecfg_construct_rctlblk(rctlval, rctlblk)
2103 2116 != Z_OK) {
2104 2117 zerror(gettext("invalid rctl value: "
2105 2118 "(priv=%s,limit=%s,action%s)"),
2106 2119 rctlval->zone_rctlval_priv,
2107 2120 rctlval->zone_rctlval_limit,
2108 2121 rctlval->zone_rctlval_action);
2109 2122 goto out;
2110 2123 }
2111 2124 if (!zonecfg_valid_rctl(name, rctlblk)) {
2112 2125 zerror(gettext("(priv=%s,limit=%s,action=%s) "
2113 2126 "is not a valid value for rctl '%s'"),
2114 2127 rctlval->zone_rctlval_priv,
2115 2128 rctlval->zone_rctlval_limit,
2116 2129 rctlval->zone_rctlval_action,
2117 2130 name);
2118 2131 goto out;
2119 2132 }
2120 2133 }
2121 2134 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2122 2135 }
2123 2136 rctltab.zone_rctl_valptr = NULL;
2124 2137 error = Z_OK;
2125 2138 out:
2126 2139 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2127 2140 (void) zonecfg_endrctlent(handle);
2128 2141 free(rctlblk);
2129 2142 return (error);
2130 2143 }
2131 2144
2132 2145 static int
2133 2146 verify_pool(zone_dochandle_t handle)
2134 2147 {
2135 2148 char poolname[MAXPATHLEN];
2136 2149 pool_conf_t *poolconf;
2137 2150 pool_t *pool;
2138 2151 int status;
2139 2152 int error;
2140 2153
2141 2154 /*
2142 2155 * This ends up being very similar to the check done in zoneadmd.
2143 2156 */
2144 2157 error = zonecfg_get_pool(handle, poolname, sizeof (poolname));
2145 2158 if (error == Z_NO_ENTRY || (error == Z_OK && strlen(poolname) == 0)) {
2146 2159 /*
2147 2160 * No pool specified.
2148 2161 */
2149 2162 return (0);
2150 2163 }
2151 2164 if (error != Z_OK) {
2152 2165 zperror(gettext("Unable to retrieve pool name from "
2153 2166 "configuration"), B_TRUE);
2154 2167 return (error);
2155 2168 }
2156 2169 /*
2157 2170 * Don't do anything if pools aren't enabled.
2158 2171 */
2159 2172 if (pool_get_status(&status) != PO_SUCCESS || status != POOL_ENABLED) {
2160 2173 zerror(gettext("WARNING: pools facility not active; "
2161 2174 "zone will not be bound to pool '%s'."), poolname);
2162 2175 return (Z_OK);
2163 2176 }
2164 2177 /*
2165 2178 * Try to provide a sane error message if the requested pool doesn't
2166 2179 * exist. It isn't clear that pools-related failures should
2167 2180 * necessarily translate to a failure to verify the zone configuration,
2168 2181 * hence they are not considered errors.
2169 2182 */
2170 2183 if ((poolconf = pool_conf_alloc()) == NULL) {
2171 2184 zerror(gettext("WARNING: pool_conf_alloc failed; "
2172 2185 "using default pool"));
2173 2186 return (Z_OK);
2174 2187 }
2175 2188 if (pool_conf_open(poolconf, pool_dynamic_location(), PO_RDONLY) !=
2176 2189 PO_SUCCESS) {
2177 2190 zerror(gettext("WARNING: pool_conf_open failed; "
2178 2191 "using default pool"));
2179 2192 pool_conf_free(poolconf);
2180 2193 return (Z_OK);
2181 2194 }
2182 2195 pool = pool_get_pool(poolconf, poolname);
2183 2196 (void) pool_conf_close(poolconf);
2184 2197 pool_conf_free(poolconf);
2185 2198 if (pool == NULL) {
2186 2199 zerror(gettext("WARNING: pool '%s' not found. "
2187 2200 "using default pool"), poolname);
2188 2201 }
2189 2202
2190 2203 return (Z_OK);
2191 2204 }
2192 2205
2193 2206 /*
2194 2207 * Verify that the special device/file system exists and is valid.
2195 2208 */
2196 2209 static int
2197 2210 verify_fs_special(struct zone_fstab *fstab)
2198 2211 {
2199 2212 struct stat64 st;
2200 2213
2201 2214 /*
2202 2215 * This validation is really intended for standard zone administration.
2203 2216 * If we are in a mini-root or some other upgrade situation where
2204 2217 * we are using the scratch zone, just by-pass this.
2205 2218 */
2206 2219 if (zonecfg_in_alt_root())
2207 2220 return (Z_OK);
2208 2221
2209 2222 if (strcmp(fstab->zone_fs_type, MNTTYPE_ZFS) == 0)
2210 2223 return (verify_fs_zfs(fstab));
2211 2224
2212 2225 if (stat64(fstab->zone_fs_special, &st) != 0) {
2213 2226 (void) fprintf(stderr, gettext("could not verify fs "
2214 2227 "%s: could not access %s: %s\n"), fstab->zone_fs_dir,
2215 2228 fstab->zone_fs_special, strerror(errno));
2216 2229 return (Z_ERR);
2217 2230 }
2218 2231
2219 2232 if (strcmp(st.st_fstype, MNTTYPE_NFS) == 0) {
2220 2233 /*
2221 2234 * TRANSLATION_NOTE
2222 2235 * fs and NFS are literals that should
2223 2236 * not be translated.
2224 2237 */
2225 2238 (void) fprintf(stderr, gettext("cannot verify "
2226 2239 "fs %s: NFS mounted file system.\n"
2227 2240 "\tA local file system must be used.\n"),
2228 2241 fstab->zone_fs_special);
2229 2242 return (Z_ERR);
2230 2243 }
2231 2244
2232 2245 return (Z_OK);
2233 2246 }
2234 2247
2235 2248 static int
2236 2249 isregfile(const char *path)
2237 2250 {
2238 2251 struct stat64 st;
2239 2252
2240 2253 if (stat64(path, &st) == -1)
2241 2254 return (-1);
2242 2255
2243 2256 return (S_ISREG(st.st_mode));
2244 2257 }
2245 2258
2246 2259 static int
2247 2260 verify_filesystems(zone_dochandle_t handle)
2248 2261 {
2249 2262 int return_code = Z_OK;
2250 2263 struct zone_fstab fstab;
2251 2264 char cmdbuf[MAXPATHLEN];
2252 2265 struct stat st;
2253 2266
2254 2267 /*
2255 2268 * Since the actual mount point is not known until the dependent mounts
2256 2269 * are performed, we don't attempt any path validation here: that will
2257 2270 * happen later when zoneadmd actually does the mounts.
2258 2271 */
2259 2272 if (zonecfg_setfsent(handle) != Z_OK) {
2260 2273 (void) fprintf(stderr, gettext("could not verify file systems: "
2261 2274 "unable to enumerate mounts\n"));
2262 2275 return (Z_ERR);
2263 2276 }
2264 2277 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
2265 2278 if (!zonecfg_valid_fs_type(fstab.zone_fs_type)) {
2266 2279 (void) fprintf(stderr, gettext("cannot verify fs %s: "
2267 2280 "type %s is not allowed.\n"), fstab.zone_fs_dir,
2268 2281 fstab.zone_fs_type);
2269 2282 return_code = Z_ERR;
2270 2283 goto next_fs;
2271 2284 }
2272 2285 /*
2273 2286 * Verify /usr/lib/fs/<fstype>/mount exists.
2274 2287 */
2275 2288 if (snprintf(cmdbuf, sizeof (cmdbuf), "/usr/lib/fs/%s/mount",
2276 2289 fstab.zone_fs_type) > sizeof (cmdbuf)) {
2277 2290 (void) fprintf(stderr, gettext("cannot verify fs %s: "
2278 2291 "type %s is too long.\n"), fstab.zone_fs_dir,
2279 2292 fstab.zone_fs_type);
2280 2293 return_code = Z_ERR;
2281 2294 goto next_fs;
2282 2295 }
2283 2296 if (stat(cmdbuf, &st) != 0) {
2284 2297 (void) fprintf(stderr, gettext("could not verify fs "
2285 2298 "%s: could not access %s: %s\n"), fstab.zone_fs_dir,
2286 2299 cmdbuf, strerror(errno));
2287 2300 return_code = Z_ERR;
2288 2301 goto next_fs;
2289 2302 }
2290 2303 if (!S_ISREG(st.st_mode)) {
2291 2304 (void) fprintf(stderr, gettext("could not verify fs "
2292 2305 "%s: %s is not a regular file\n"),
2293 2306 fstab.zone_fs_dir, cmdbuf);
2294 2307 return_code = Z_ERR;
2295 2308 goto next_fs;
2296 2309 }
2297 2310 /*
2298 2311 * If zone_fs_raw is set, verify that there's an fsck
2299 2312 * binary for it. If zone_fs_raw is not set, and it's
2300 2313 * not a regular file (lofi mount), and there's an fsck
2301 2314 * binary for it, complain.
2302 2315 */
2303 2316 if (snprintf(cmdbuf, sizeof (cmdbuf), "/usr/lib/fs/%s/fsck",
2304 2317 fstab.zone_fs_type) > sizeof (cmdbuf)) {
2305 2318 (void) fprintf(stderr, gettext("cannot verify fs %s: "
2306 2319 "type %s is too long.\n"), fstab.zone_fs_dir,
2307 2320 fstab.zone_fs_type);
2308 2321 return_code = Z_ERR;
2309 2322 goto next_fs;
2310 2323 }
2311 2324 if (fstab.zone_fs_raw[0] != '\0' &&
2312 2325 (stat(cmdbuf, &st) != 0 || !S_ISREG(st.st_mode))) {
2313 2326 (void) fprintf(stderr, gettext("cannot verify fs %s: "
2314 2327 "'raw' device specified but "
2315 2328 "no fsck executable exists for %s\n"),
2316 2329 fstab.zone_fs_dir, fstab.zone_fs_type);
2317 2330 return_code = Z_ERR;
2318 2331 goto next_fs;
2319 2332 } else if (fstab.zone_fs_raw[0] == '\0' &&
2320 2333 stat(cmdbuf, &st) == 0 &&
2321 2334 isregfile(fstab.zone_fs_special) != 1) {
2322 2335 (void) fprintf(stderr, gettext("could not verify fs "
2323 2336 "%s: must specify 'raw' device for %s "
2324 2337 "file systems\n"),
2325 2338 fstab.zone_fs_dir, fstab.zone_fs_type);
2326 2339 return_code = Z_ERR;
2327 2340 goto next_fs;
2328 2341 }
2329 2342
2330 2343 /* Verify fs_special. */
2331 2344 if ((return_code = verify_fs_special(&fstab)) != Z_OK)
2332 2345 goto next_fs;
2333 2346
2334 2347 /* Verify fs_raw. */
2335 2348 if (fstab.zone_fs_raw[0] != '\0' &&
2336 2349 stat(fstab.zone_fs_raw, &st) != 0) {
2337 2350 /*
2338 2351 * TRANSLATION_NOTE
2339 2352 * fs is a literal that should not be translated.
2340 2353 */
2341 2354 (void) fprintf(stderr, gettext("could not verify fs "
2342 2355 "%s: could not access %s: %s\n"), fstab.zone_fs_dir,
2343 2356 fstab.zone_fs_raw, strerror(errno));
2344 2357 return_code = Z_ERR;
2345 2358 goto next_fs;
2346 2359 }
2347 2360 next_fs:
2348 2361 zonecfg_free_fs_option_list(fstab.zone_fs_options);
2349 2362 }
2350 2363 (void) zonecfg_endfsent(handle);
2351 2364
2352 2365 return (return_code);
2353 2366 }
2354 2367
2355 2368 static int
2356 2369 verify_limitpriv(zone_dochandle_t handle)
2357 2370 {
2358 2371 char *privname = NULL;
2359 2372 int err;
2360 2373 priv_set_t *privs;
2361 2374
2362 2375 if ((privs = priv_allocset()) == NULL) {
2363 2376 zperror(gettext("failed to allocate privilege set"), B_FALSE);
2364 2377 return (Z_NOMEM);
2365 2378 }
2366 2379 err = zonecfg_get_privset(handle, privs, &privname);
2367 2380 switch (err) {
2368 2381 case Z_OK:
2369 2382 break;
2370 2383 case Z_PRIV_PROHIBITED:
2371 2384 (void) fprintf(stderr, gettext("privilege \"%s\" is not "
2372 2385 "permitted within the zone's privilege set\n"), privname);
2373 2386 break;
2374 2387 case Z_PRIV_REQUIRED:
2375 2388 (void) fprintf(stderr, gettext("required privilege \"%s\" is "
2376 2389 "missing from the zone's privilege set\n"), privname);
2377 2390 break;
2378 2391 case Z_PRIV_UNKNOWN:
2379 2392 (void) fprintf(stderr, gettext("unknown privilege \"%s\" "
2380 2393 "specified in the zone's privilege set\n"), privname);
2381 2394 break;
2382 2395 default:
2383 2396 zperror(
2384 2397 gettext("failed to determine the zone's privilege set"),
2385 2398 B_TRUE);
2386 2399 break;
2387 2400 }
2388 2401 free(privname);
2389 2402 priv_freeset(privs);
2390 2403 return (err);
2391 2404 }
2392 2405
2393 2406 static void
2394 2407 free_local_netifs(int if_cnt, struct net_if **if_list)
2395 2408 {
2396 2409 int i;
2397 2410
2398 2411 for (i = 0; i < if_cnt; i++) {
2399 2412 free(if_list[i]->name);
2400 2413 free(if_list[i]);
2401 2414 }
2402 2415 free(if_list);
2403 2416 }
2404 2417
2405 2418 /*
2406 2419 * Get a list of the network interfaces, along with their address families,
2407 2420 * that are plumbed in the global zone. See if_tcp(7p) for a description
2408 2421 * of the ioctls used here.
2409 2422 */
2410 2423 static int
2411 2424 get_local_netifs(int *if_cnt, struct net_if ***if_list)
2412 2425 {
2413 2426 int s;
2414 2427 int i;
2415 2428 int res = Z_OK;
2416 2429 int space_needed;
2417 2430 int cnt = 0;
2418 2431 struct lifnum if_num;
2419 2432 struct lifconf if_conf;
2420 2433 struct lifreq *if_reqp;
2421 2434 char *if_buf;
2422 2435 struct net_if **local_ifs = NULL;
2423 2436
2424 2437 *if_cnt = 0;
2425 2438 *if_list = NULL;
2426 2439
2427 2440 if ((s = socket(SOCKET_AF(AF_INET), SOCK_DGRAM, 0)) < 0)
2428 2441 return (Z_ERR);
2429 2442
2430 2443 /*
2431 2444 * Come back here in the unlikely event that the number of interfaces
2432 2445 * increases between the time we get the count and the time we do the
2433 2446 * SIOCGLIFCONF ioctl.
2434 2447 */
2435 2448 retry:
2436 2449 /* Get the number of interfaces. */
2437 2450 if_num.lifn_family = AF_UNSPEC;
2438 2451 if_num.lifn_flags = LIFC_NOXMIT;
2439 2452 if (ioctl(s, SIOCGLIFNUM, &if_num) < 0) {
2440 2453 (void) close(s);
2441 2454 return (Z_ERR);
2442 2455 }
2443 2456
2444 2457 /* Get the interface configuration list. */
2445 2458 space_needed = if_num.lifn_count * sizeof (struct lifreq);
2446 2459 if ((if_buf = malloc(space_needed)) == NULL) {
2447 2460 (void) close(s);
2448 2461 return (Z_ERR);
2449 2462 }
2450 2463 if_conf.lifc_family = AF_UNSPEC;
2451 2464 if_conf.lifc_flags = LIFC_NOXMIT;
2452 2465 if_conf.lifc_len = space_needed;
2453 2466 if_conf.lifc_buf = if_buf;
2454 2467 if (ioctl(s, SIOCGLIFCONF, &if_conf) < 0) {
2455 2468 free(if_buf);
2456 2469 /*
2457 2470 * SIOCGLIFCONF returns EINVAL if the buffer we passed in is
2458 2471 * too small. In this case go back and get the new if cnt.
2459 2472 */
2460 2473 if (errno == EINVAL)
2461 2474 goto retry;
2462 2475
2463 2476 (void) close(s);
2464 2477 return (Z_ERR);
2465 2478 }
2466 2479 (void) close(s);
2467 2480
2468 2481 /* Get the name and address family for each interface. */
2469 2482 if_reqp = if_conf.lifc_req;
2470 2483 for (i = 0; i < (if_conf.lifc_len / sizeof (struct lifreq)); i++) {
2471 2484 struct net_if **p;
2472 2485 struct lifreq req;
2473 2486
2474 2487 if (strcmp(LOOPBACK_IF, if_reqp->lifr_name) == 0) {
2475 2488 if_reqp++;
2476 2489 continue;
2477 2490 }
2478 2491
2479 2492 if ((s = socket(SOCKET_AF(if_reqp->lifr_addr.ss_family),
2480 2493 SOCK_DGRAM, 0)) == -1) {
2481 2494 res = Z_ERR;
2482 2495 break;
2483 2496 }
2484 2497
2485 2498 (void) strncpy(req.lifr_name, if_reqp->lifr_name,
2486 2499 sizeof (req.lifr_name));
2487 2500 if (ioctl(s, SIOCGLIFADDR, &req) < 0) {
2488 2501 (void) close(s);
2489 2502 if_reqp++;
2490 2503 continue;
2491 2504 }
2492 2505
2493 2506 if ((p = (struct net_if **)realloc(local_ifs,
2494 2507 sizeof (struct net_if *) * (cnt + 1))) == NULL) {
2495 2508 res = Z_ERR;
2496 2509 break;
2497 2510 }
2498 2511 local_ifs = p;
2499 2512
2500 2513 if ((local_ifs[cnt] = malloc(sizeof (struct net_if))) == NULL) {
2501 2514 res = Z_ERR;
2502 2515 break;
2503 2516 }
2504 2517
2505 2518 if ((local_ifs[cnt]->name = strdup(if_reqp->lifr_name))
2506 2519 == NULL) {
2507 2520 free(local_ifs[cnt]);
2508 2521 res = Z_ERR;
2509 2522 break;
2510 2523 }
2511 2524 local_ifs[cnt]->af = req.lifr_addr.ss_family;
2512 2525 cnt++;
2513 2526
2514 2527 (void) close(s);
2515 2528 if_reqp++;
2516 2529 }
2517 2530
2518 2531 free(if_buf);
2519 2532
2520 2533 if (res != Z_OK) {
2521 2534 free_local_netifs(cnt, local_ifs);
2522 2535 } else {
2523 2536 *if_cnt = cnt;
2524 2537 *if_list = local_ifs;
2525 2538 }
2526 2539
2527 2540 return (res);
2528 2541 }
2529 2542
2530 2543 static char *
2531 2544 af2str(int af)
2532 2545 {
2533 2546 switch (af) {
2534 2547 case AF_INET:
2535 2548 return ("IPv4");
2536 2549 case AF_INET6:
2537 2550 return ("IPv6");
2538 2551 default:
2539 2552 return ("Unknown");
2540 2553 }
2541 2554 }
2542 2555
2543 2556 /*
2544 2557 * Cross check the network interface name and address family with the
2545 2558 * interfaces that are set up in the global zone so that we can print the
2546 2559 * appropriate error message.
2547 2560 */
2548 2561 static void
2549 2562 print_net_err(char *phys, char *addr, int af, char *msg)
2550 2563 {
2551 2564 int i;
2552 2565 int local_if_cnt = 0;
2553 2566 struct net_if **local_ifs = NULL;
2554 2567 boolean_t found_if = B_FALSE;
2555 2568 boolean_t found_af = B_FALSE;
2556 2569
2557 2570 if (get_local_netifs(&local_if_cnt, &local_ifs) != Z_OK) {
2558 2571 (void) fprintf(stderr,
2559 2572 gettext("could not verify %s %s=%s %s=%s\n\t%s\n"),
2560 2573 "net", "address", addr, "physical", phys, msg);
2561 2574 return;
2562 2575 }
2563 2576
2564 2577 for (i = 0; i < local_if_cnt; i++) {
2565 2578 if (strcmp(phys, local_ifs[i]->name) == 0) {
2566 2579 found_if = B_TRUE;
2567 2580 if (af == local_ifs[i]->af) {
2568 2581 found_af = B_TRUE;
2569 2582 break;
2570 2583 }
2571 2584 }
2572 2585 }
2573 2586
2574 2587 free_local_netifs(local_if_cnt, local_ifs);
2575 2588
2576 2589 if (!found_if) {
2577 2590 (void) fprintf(stderr,
2578 2591 gettext("could not verify %s %s=%s\n\t"
2579 2592 "network interface %s is not plumbed in the global zone\n"),
2580 2593 "net", "physical", phys, phys);
2581 2594 return;
2582 2595 }
2583 2596
2584 2597 /*
2585 2598 * Print this error if we were unable to find the address family
2586 2599 * for this interface. If the af variable is not initialized to
2587 2600 * to something meaningful by the caller (not AF_UNSPEC) then we
2588 2601 * also skip this message since it wouldn't be informative.
2589 2602 */
2590 2603 if (!found_af && af != AF_UNSPEC) {
2591 2604 (void) fprintf(stderr,
2592 2605 gettext("could not verify %s %s=%s %s=%s\n\tthe %s address "
2593 2606 "family is not configured on this network interface in "
2594 2607 "the\n\tglobal zone\n"),
2595 2608 "net", "address", addr, "physical", phys, af2str(af));
2596 2609 return;
2597 2610 }
2598 2611
2599 2612 (void) fprintf(stderr,
2600 2613 gettext("could not verify %s %s=%s %s=%s\n\t%s\n"),
2601 2614 "net", "address", addr, "physical", phys, msg);
2602 2615 }
2603 2616
2604 2617 static int
2605 2618 verify_handle(int cmd_num, zone_dochandle_t handle, char *argv[])
2606 2619 {
2607 2620 struct zone_nwiftab nwiftab;
2608 2621 int return_code = Z_OK;
2609 2622 int err;
2610 2623 boolean_t in_alt_root;
2611 2624 zone_iptype_t iptype;
2612 2625 dladm_handle_t dh;
2613 2626 dladm_status_t status;
2614 2627 datalink_id_t linkid;
2615 2628 char errmsg[DLADM_STRSIZE];
2616 2629
2617 2630 in_alt_root = zonecfg_in_alt_root();
2618 2631 if (in_alt_root)
2619 2632 goto no_net;
2620 2633
2621 2634 if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK) {
2622 2635 errno = err;
2623 2636 zperror(cmd_to_str(cmd_num), B_TRUE);
2624 2637 zonecfg_fini_handle(handle);
2625 2638 return (Z_ERR);
2626 2639 }
2627 2640 if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
2628 2641 errno = err;
2629 2642 zperror(cmd_to_str(cmd_num), B_TRUE);
2630 2643 zonecfg_fini_handle(handle);
2631 2644 return (Z_ERR);
2632 2645 }
2633 2646 while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
2634 2647 struct lifreq lifr;
2635 2648 sa_family_t af = AF_UNSPEC;
2636 2649 char dl_owner_zname[ZONENAME_MAX];
2637 2650 zoneid_t dl_owner_zid;
2638 2651 zoneid_t target_zid;
2639 2652 int res;
2640 2653
2641 2654 /* skip any loopback interfaces */
2642 2655 if (strcmp(nwiftab.zone_nwif_physical, "lo0") == 0)
2643 2656 continue;
2644 2657 switch (iptype) {
2645 2658 case ZS_SHARED:
2646 2659 if ((res = zonecfg_valid_net_address(
2647 2660 nwiftab.zone_nwif_address, &lifr)) != Z_OK) {
2648 2661 print_net_err(nwiftab.zone_nwif_physical,
2649 2662 nwiftab.zone_nwif_address, af,
2650 2663 zonecfg_strerror(res));
2651 2664 return_code = Z_ERR;
2652 2665 continue;
2653 2666 }
2654 2667 af = lifr.lifr_addr.ss_family;
2655 2668 if (!zonecfg_ifname_exists(af,
2656 2669 nwiftab.zone_nwif_physical)) {
2657 2670 /*
2658 2671 * The interface failed to come up. We continue
2659 2672 * on anyway for the sake of consistency: a
2660 2673 * zone is not shut down if the interface fails
2661 2674 * any time after boot, nor does the global zone
2662 2675 * fail to boot if an interface fails.
2663 2676 */
2664 2677 (void) fprintf(stderr,
2665 2678 gettext("WARNING: skipping network "
2666 2679 "interface '%s' which may not be "
2667 2680 "present/plumbed in the global "
2668 2681 "zone.\n"),
2669 2682 nwiftab.zone_nwif_physical);
2670 2683 }
2671 2684 break;
2672 2685 case ZS_EXCLUSIVE:
2673 2686 /* Warning if it exists for either IPv4 or IPv6 */
2674 2687
2675 2688 if (zonecfg_ifname_exists(AF_INET,
2676 2689 nwiftab.zone_nwif_physical) ||
2677 2690 zonecfg_ifname_exists(AF_INET6,
2678 2691 nwiftab.zone_nwif_physical)) {
2679 2692 (void) fprintf(stderr,
2680 2693 gettext("WARNING: skipping network "
2681 2694 "interface '%s' which is used in the "
2682 2695 "global zone.\n"),
2683 2696 nwiftab.zone_nwif_physical);
2684 2697 break;
2685 2698 }
2686 2699
2687 2700 /*
2688 2701 * Verify that the datalink exists and that it isn't
2689 2702 * already assigned to a zone.
2690 2703 */
2691 2704 if ((status = dladm_open(&dh)) == DLADM_STATUS_OK) {
2692 2705 status = dladm_name2info(dh,
2693 2706 nwiftab.zone_nwif_physical, &linkid, NULL,
2694 2707 NULL, NULL);
2695 2708 dladm_close(dh);
2696 2709 }
2697 2710 if (status != DLADM_STATUS_OK) {
2698 2711 (void) fprintf(stderr,
2699 2712 gettext("WARNING: skipping network "
2700 2713 "interface '%s': %s\n"),
2701 2714 nwiftab.zone_nwif_physical,
2702 2715 dladm_status2str(status, errmsg));
2703 2716 break;
2704 2717 }
2705 2718 dl_owner_zid = ALL_ZONES;
2706 2719 if (zone_check_datalink(&dl_owner_zid, linkid) != 0)
2707 2720 break;
2708 2721
2709 2722 /*
2710 2723 * If the zone being verified is
2711 2724 * running and owns the interface
2712 2725 */
2713 2726 target_zid = getzoneidbyname(target_zone);
2714 2727 if (target_zid == dl_owner_zid)
2715 2728 break;
2716 2729
2717 2730 /* Zone id match failed, use name to check */
2718 2731 if (getzonenamebyid(dl_owner_zid, dl_owner_zname,
2719 2732 ZONENAME_MAX) < 0) {
2720 2733 /* No name, show ID instead */
2721 2734 (void) snprintf(dl_owner_zname, ZONENAME_MAX,
2722 2735 "<%d>", dl_owner_zid);
2723 2736 } else if (strcmp(dl_owner_zname, target_zone) == 0)
2724 2737 break;
2725 2738
2726 2739 /*
2727 2740 * Note here we only report a warning that
2728 2741 * the interface is already in use by another
2729 2742 * running zone, and the verify process just
2730 2743 * goes on, if the interface is still in use
2731 2744 * when this zone really boots up, zoneadmd
2732 2745 * will find it. If the name of the zone which
2733 2746 * owns this interface cannot be determined,
2734 2747 * then it is not possible to determine if there
2735 2748 * is a conflict so just report it as a warning.
2736 2749 */
2737 2750 (void) fprintf(stderr,
2738 2751 gettext("WARNING: skipping network interface "
2739 2752 "'%s' which is used by the non-global zone "
2740 2753 "'%s'.\n"), nwiftab.zone_nwif_physical,
2741 2754 dl_owner_zname);
2742 2755 break;
2743 2756 }
2744 2757 }
2745 2758 (void) zonecfg_endnwifent(handle);
2746 2759 no_net:
2747 2760
2748 2761 /* verify that lofs has not been excluded from the kernel */
2749 2762 if (!(cmd_num == CMD_DETACH || cmd_num == CMD_ATTACH ||
2750 2763 cmd_num == CMD_MOVE || cmd_num == CMD_CLONE) &&
2751 2764 modctl(MODLOAD, 1, "fs/lofs", NULL) != 0) {
2752 2765 if (errno == ENXIO)
2753 2766 (void) fprintf(stderr, gettext("could not verify "
2754 2767 "lofs(7FS): possibly excluded in /etc/system\n"));
2755 2768 else
2756 2769 (void) fprintf(stderr, gettext("could not verify "
2757 2770 "lofs(7FS): %s\n"), strerror(errno));
2758 2771 return_code = Z_ERR;
2759 2772 }
2760 2773
2761 2774 if (verify_filesystems(handle) != Z_OK)
2762 2775 return_code = Z_ERR;
2763 2776 if (!in_alt_root && verify_rctls(handle) != Z_OK)
2764 2777 return_code = Z_ERR;
2765 2778 if (!in_alt_root && verify_pool(handle) != Z_OK)
2766 2779 return_code = Z_ERR;
2767 2780 if (!in_alt_root && verify_brand(handle, cmd_num, argv) != Z_OK)
2768 2781 return_code = Z_ERR;
2769 2782 if (!in_alt_root && verify_datasets(handle) != Z_OK)
2770 2783 return_code = Z_ERR;
2771 2784
2772 2785 /*
2773 2786 * As the "mount" command is used for patching/upgrading of zones
2774 2787 * or other maintenance processes, the zone's privilege set is not
2775 2788 * checked in this case. Instead, the default, safe set of
|
↓ open down ↓ |
1985 lines elided |
↑ open up ↑ |
2776 2789 * privileges will be used when this zone is created in the
2777 2790 * kernel.
2778 2791 */
2779 2792 if (!in_alt_root && cmd_num != CMD_MOUNT &&
2780 2793 verify_limitpriv(handle) != Z_OK)
2781 2794 return_code = Z_ERR;
2782 2795
2783 2796 return (return_code);
2784 2797 }
2785 2798
2799 +/*
2800 + * Called when readying or booting a zone. We double check that the zone's
2801 + * debug ID is set and is unique. This covers the case of pre-existing zones
2802 + * with no ID. Also, its possible that a zone was migrated to this host
2803 + * and as a result it has a duplicate ID. In this case we preserve the ID
2804 + * of the first zone we match on in the index file (since it was there before
2805 + * the current zone) and we assign a new unique ID to the current zone.
2806 + * Return true if we assigned a new ID, indicating that the zone configuration
2807 + * needs to be saved.
2808 + */
2809 +static boolean_t
2810 +verify_fix_did(zone_dochandle_t handle)
2811 +{
2812 + zoneid_t mydid;
2813 + zone_entry_t zent;
2814 + FILE *cookie;
2815 + char *name;
2816 + boolean_t fix = B_FALSE;
2817 +
2818 + mydid = zonecfg_get_did(handle);
2819 + if (mydid == -1) {
2820 + zonecfg_set_did(handle);
2821 + return (B_TRUE);
2822 + }
2823 +
2824 + /* Get the full list of zones from the configuration. */
2825 + cookie = setzoneent();
2826 + while ((name = getzoneent(cookie)) != NULL) {
2827 + if (strcmp(target_zone, name) == 0) {
2828 + free(name);
2829 + break; /* Once we find our entry, stop. */
2830 + }
2831 +
2832 + if (strcmp(name, "global") == 0 ||
2833 + lookup_zone_info(name, ZONE_ID_UNDEFINED, &zent) != Z_OK) {
2834 + free(name);
2835 + continue;
2836 + }
2837 +
2838 + free(name);
2839 + if (zent.zdid == mydid) {
2840 + fix = B_TRUE;
2841 + break;
2842 + }
2843 + }
2844 + endzoneent(cookie);
2845 +
2846 + if (fix) {
2847 + zonecfg_set_did(handle);
2848 + return (B_TRUE);
2849 + }
2850 +
2851 + return (B_FALSE);
2852 +}
2853 +
2786 2854 static int
2787 2855 verify_details(int cmd_num, char *argv[])
2788 2856 {
2789 2857 zone_dochandle_t handle;
2790 2858 char zonepath[MAXPATHLEN], checkpath[MAXPATHLEN];
2791 2859 int return_code = Z_OK;
2792 2860 int err;
2793 2861
2794 2862 if ((handle = zonecfg_init_handle()) == NULL) {
2795 2863 zperror(cmd_to_str(cmd_num), B_TRUE);
2796 2864 return (Z_ERR);
2797 2865 }
2798 2866 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
2799 2867 errno = err;
2800 2868 zperror(cmd_to_str(cmd_num), B_TRUE);
2801 2869 zonecfg_fini_handle(handle);
2802 2870 return (Z_ERR);
2803 2871 }
2804 2872 if ((err = zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath))) !=
2805 2873 Z_OK) {
2806 2874 errno = err;
2807 2875 zperror(cmd_to_str(cmd_num), B_TRUE);
2808 2876 zonecfg_fini_handle(handle);
2809 2877 return (Z_ERR);
2810 2878 }
2811 2879 /*
2812 2880 * zonecfg_get_zonepath() gets its data from the XML repository.
2813 2881 * Verify this against the index file, which is checked first by
2814 2882 * zone_get_zonepath(). If they don't match, bail out.
2815 2883 */
2816 2884 if ((err = zone_get_zonepath(target_zone, checkpath,
2817 2885 sizeof (checkpath))) != Z_OK) {
2818 2886 errno = err;
2819 2887 zperror2(target_zone, gettext("could not get zone path"));
2820 2888 zonecfg_fini_handle(handle);
2821 2889 return (Z_ERR);
2822 2890 }
2823 2891 if (strcmp(zonepath, checkpath) != 0) {
2824 2892 /*
2825 2893 * TRANSLATION_NOTE
2826 2894 * XML and zonepath are literals that should not be translated.
2827 2895 */
2828 2896 (void) fprintf(stderr, gettext("The XML repository has "
2829 2897 "zonepath '%s',\nbut the index file has zonepath '%s'.\n"
2830 2898 "These must match, so fix the incorrect entry.\n"),
2831 2899 zonepath, checkpath);
2832 2900 zonecfg_fini_handle(handle);
2833 2901 return (Z_ERR);
2834 2902 }
|
↓ open down ↓ |
39 lines elided |
↑ open up ↑ |
2835 2903 if (cmd_num != CMD_ATTACH &&
2836 2904 validate_zonepath(zonepath, cmd_num) != Z_OK) {
2837 2905 (void) fprintf(stderr, gettext("could not verify zonepath %s "
2838 2906 "because of the above errors.\n"), zonepath);
2839 2907 return_code = Z_ERR;
2840 2908 }
2841 2909
2842 2910 if (verify_handle(cmd_num, handle, argv) != Z_OK)
2843 2911 return_code = Z_ERR;
2844 2912
2913 + if (cmd_num == CMD_READY || cmd_num == CMD_BOOT) {
2914 + int vcommit = 0, obscommit = 0;
2915 +
2916 + vcommit = verify_fix_did(handle);
2917 + obscommit = zonecfg_fix_obsolete(handle);
2918 +
2919 + if (vcommit || obscommit)
2920 + if (zonecfg_save(handle) != Z_OK)
2921 + (void) fprintf(stderr, gettext("Could not save "
2922 + "updated configuration.\n"));
2923 + }
2924 +
2845 2925 zonecfg_fini_handle(handle);
2846 2926 if (return_code == Z_ERR)
2847 2927 (void) fprintf(stderr,
2848 2928 gettext("%s: zone %s failed to verify\n"),
2849 2929 execname, target_zone);
2850 2930 return (return_code);
2851 2931 }
2852 2932
2853 2933 static int
2854 2934 verify_func(int argc, char *argv[])
2855 2935 {
2856 2936 int arg;
2857 2937
2858 2938 optind = 0;
2859 2939 if ((arg = getopt(argc, argv, "?")) != EOF) {
2860 2940 switch (arg) {
2861 2941 case '?':
2862 2942 sub_usage(SHELP_VERIFY, CMD_VERIFY);
2863 2943 return (optopt == '?' ? Z_OK : Z_USAGE);
2864 2944 default:
2865 2945 sub_usage(SHELP_VERIFY, CMD_VERIFY);
2866 2946 return (Z_USAGE);
2867 2947 }
2868 2948 }
2869 2949 if (argc > optind) {
2870 2950 sub_usage(SHELP_VERIFY, CMD_VERIFY);
2871 2951 return (Z_USAGE);
2872 2952 }
2873 2953 if (sanity_check(target_zone, CMD_VERIFY, B_FALSE, B_FALSE, B_FALSE)
2874 2954 != Z_OK)
2875 2955 return (Z_ERR);
2876 2956 return (verify_details(CMD_VERIFY, argv));
2877 2957 }
2878 2958
2879 2959 static int
2880 2960 addoptions(char *buf, char *argv[], size_t len)
2881 2961 {
2882 2962 int i = 0;
2883 2963
2884 2964 if (buf[0] == '\0')
2885 2965 return (Z_OK);
2886 2966
2887 2967 while (argv[i] != NULL) {
2888 2968 if (strlcat(buf, " ", len) >= len ||
2889 2969 strlcat(buf, argv[i++], len) >= len) {
2890 2970 zerror("Command line too long");
2891 2971 return (Z_ERR);
2892 2972 }
2893 2973 }
2894 2974
2895 2975 return (Z_OK);
2896 2976 }
2897 2977
2898 2978 static int
2899 2979 addopt(char *buf, int opt, char *optarg, size_t bufsize)
2900 2980 {
2901 2981 char optstring[4];
2902 2982
2903 2983 if (opt > 0)
2904 2984 (void) sprintf(optstring, " -%c", opt);
2905 2985 else
2906 2986 (void) strcpy(optstring, " ");
2907 2987
2908 2988 if ((strlcat(buf, optstring, bufsize) > bufsize))
2909 2989 return (Z_ERR);
2910 2990
2911 2991 if ((optarg != NULL) && (strlcat(buf, optarg, bufsize) > bufsize))
2912 2992 return (Z_ERR);
2913 2993
2914 2994 return (Z_OK);
2915 2995 }
2916 2996
2917 2997 /* ARGSUSED */
2918 2998 static int
2919 2999 install_func(int argc, char *argv[])
2920 3000 {
2921 3001 char cmdbuf[MAXPATHLEN];
2922 3002 char postcmdbuf[MAXPATHLEN];
2923 3003 int lockfd;
2924 3004 int arg, err, subproc_err;
2925 3005 char zonepath[MAXPATHLEN];
2926 3006 brand_handle_t bh = NULL;
2927 3007 int status;
2928 3008 boolean_t do_postinstall = B_FALSE;
2929 3009 boolean_t brand_help = B_FALSE;
2930 3010 char opts[128];
2931 3011
2932 3012 if (target_zone == NULL) {
2933 3013 sub_usage(SHELP_INSTALL, CMD_INSTALL);
2934 3014 return (Z_USAGE);
2935 3015 }
2936 3016
2937 3017 if (zonecfg_in_alt_root()) {
2938 3018 zerror(gettext("cannot install zone in alternate root"));
2939 3019 return (Z_ERR);
2940 3020 }
2941 3021
2942 3022 if ((err = zone_get_zonepath(target_zone, zonepath,
2943 3023 sizeof (zonepath))) != Z_OK) {
2944 3024 errno = err;
2945 3025 zperror2(target_zone, gettext("could not get zone path"));
2946 3026 return (Z_ERR);
2947 3027 }
2948 3028
2949 3029 /* Fetch the install command from the brand configuration. */
2950 3030 if ((bh = brand_open(target_brand)) == NULL) {
2951 3031 zerror(gettext("missing or invalid brand"));
2952 3032 return (Z_ERR);
2953 3033 }
2954 3034
2955 3035 if (get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_install,
2956 3036 target_zone, zonepath) != Z_OK) {
2957 3037 zerror("invalid brand configuration: missing install resource");
2958 3038 brand_close(bh);
2959 3039 return (Z_ERR);
2960 3040 }
2961 3041
2962 3042 if (get_hook(bh, postcmdbuf, sizeof (postcmdbuf), brand_get_postinstall,
2963 3043 target_zone, zonepath) != Z_OK) {
2964 3044 zerror("invalid brand configuration: missing postinstall "
2965 3045 "resource");
2966 3046 brand_close(bh);
2967 3047 return (Z_ERR);
2968 3048 }
2969 3049
2970 3050 if (postcmdbuf[0] != '\0')
2971 3051 do_postinstall = B_TRUE;
2972 3052
2973 3053 (void) strcpy(opts, "?x:");
2974 3054 /*
2975 3055 * Fetch the list of recognized command-line options from
2976 3056 * the brand configuration file.
2977 3057 */
2978 3058 if (brand_get_installopts(bh, opts + strlen(opts),
2979 3059 sizeof (opts) - strlen(opts)) != 0) {
2980 3060 zerror("invalid brand configuration: missing "
2981 3061 "install options resource");
2982 3062 brand_close(bh);
2983 3063 return (Z_ERR);
2984 3064 }
2985 3065
2986 3066 brand_close(bh);
2987 3067
2988 3068 if (cmdbuf[0] == '\0') {
2989 3069 zerror("Missing brand install command");
2990 3070 return (Z_ERR);
2991 3071 }
2992 3072
2993 3073 /* Check the argv string for args we handle internally */
2994 3074 optind = 0;
2995 3075 opterr = 0;
2996 3076 while ((arg = getopt(argc, argv, opts)) != EOF) {
2997 3077 switch (arg) {
2998 3078 case '?':
2999 3079 if (optopt == '?') {
3000 3080 sub_usage(SHELP_INSTALL, CMD_INSTALL);
3001 3081 brand_help = B_TRUE;
3002 3082 }
3003 3083 /* Ignore unknown options - may be brand specific. */
3004 3084 break;
3005 3085 default:
3006 3086 /* Ignore unknown options - may be brand specific. */
3007 3087 break;
3008 3088 }
3009 3089
3010 3090 /*
3011 3091 * Append the option to the command line passed to the
3012 3092 * brand-specific install and postinstall routines.
3013 3093 */
3014 3094 if (addopt(cmdbuf, optopt, optarg, sizeof (cmdbuf)) != Z_OK) {
3015 3095 zerror("Install command line too long");
3016 3096 return (Z_ERR);
3017 3097 }
3018 3098 if (addopt(postcmdbuf, optopt, optarg, sizeof (postcmdbuf))
3019 3099 != Z_OK) {
3020 3100 zerror("Post-Install command line too long");
3021 3101 return (Z_ERR);
3022 3102 }
3023 3103 }
3024 3104
3025 3105 for (; optind < argc; optind++) {
3026 3106 if (addopt(cmdbuf, 0, argv[optind], sizeof (cmdbuf)) != Z_OK) {
3027 3107 zerror("Install command line too long");
3028 3108 return (Z_ERR);
3029 3109 }
3030 3110
3031 3111 if (addopt(postcmdbuf, 0, argv[optind], sizeof (postcmdbuf))
3032 3112 != Z_OK) {
3033 3113 zerror("Post-Install command line too long");
3034 3114 return (Z_ERR);
3035 3115 }
3036 3116 }
3037 3117
3038 3118 if (!brand_help) {
3039 3119 if (sanity_check(target_zone, CMD_INSTALL, B_FALSE, B_TRUE,
3040 3120 B_FALSE) != Z_OK)
3041 3121 return (Z_ERR);
3042 3122 if (verify_details(CMD_INSTALL, argv) != Z_OK)
3043 3123 return (Z_ERR);
3044 3124
3045 3125 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
3046 3126 zerror(gettext("another %s may have an operation in "
3047 3127 "progress."), "zoneadm");
3048 3128 return (Z_ERR);
3049 3129 }
3050 3130 err = zone_set_state(target_zone, ZONE_STATE_INCOMPLETE);
3051 3131 if (err != Z_OK) {
3052 3132 errno = err;
3053 3133 zperror2(target_zone, gettext("could not set state"));
3054 3134 goto done;
3055 3135 }
3056 3136
3057 3137 create_zfs_zonepath(zonepath);
3058 3138 }
3059 3139
3060 3140 status = do_subproc(cmdbuf);
3061 3141 if ((subproc_err =
3062 3142 subproc_status(gettext("brand-specific installation"), status,
3063 3143 B_FALSE)) != ZONE_SUBPROC_OK) {
3064 3144 if (subproc_err == ZONE_SUBPROC_USAGE && !brand_help) {
3065 3145 sub_usage(SHELP_INSTALL, CMD_INSTALL);
3066 3146 zonecfg_release_lock_file(target_zone, lockfd);
3067 3147 return (Z_ERR);
3068 3148 }
3069 3149 errno = subproc_err;
3070 3150 err = Z_ERR;
3071 3151 goto done;
3072 3152 }
3073 3153
3074 3154 if (brand_help)
3075 3155 return (Z_OK);
3076 3156
3077 3157 if ((err = zone_set_state(target_zone, ZONE_STATE_INSTALLED)) != Z_OK) {
3078 3158 errno = err;
3079 3159 zperror2(target_zone, gettext("could not set state"));
3080 3160 goto done;
3081 3161 }
3082 3162
3083 3163 if (do_postinstall) {
3084 3164 status = do_subproc(postcmdbuf);
3085 3165
3086 3166 if ((subproc_err =
3087 3167 subproc_status(gettext("brand-specific post-install"),
3088 3168 status, B_FALSE)) != ZONE_SUBPROC_OK) {
3089 3169 errno = subproc_err;
3090 3170 err = Z_ERR;
3091 3171 (void) zone_set_state(target_zone,
3092 3172 ZONE_STATE_INCOMPLETE);
3093 3173 }
3094 3174 }
3095 3175
3096 3176 done:
3097 3177 /*
3098 3178 * If the install script exited with ZONE_SUBPROC_NOTCOMPLETE, try to
3099 3179 * clean up the zone and leave the zone in the CONFIGURED state so that
3100 3180 * another install can be attempted without requiring an uninstall
3101 3181 * first.
3102 3182 */
3103 3183 if (subproc_err == ZONE_SUBPROC_NOTCOMPLETE) {
3104 3184 int temp_err;
3105 3185
3106 3186 if ((temp_err = cleanup_zonepath(zonepath, B_FALSE)) != Z_OK) {
3107 3187 errno = err = temp_err;
3108 3188 zperror2(target_zone,
3109 3189 gettext("cleaning up zonepath failed"));
3110 3190 } else if ((temp_err = zone_set_state(target_zone,
3111 3191 ZONE_STATE_CONFIGURED)) != Z_OK) {
3112 3192 errno = err = temp_err;
3113 3193 zperror2(target_zone, gettext("could not set state"));
3114 3194 }
3115 3195 }
3116 3196
3117 3197 if (!brand_help)
3118 3198 zonecfg_release_lock_file(target_zone, lockfd);
3119 3199 return ((err == Z_OK) ? Z_OK : Z_ERR);
3120 3200 }
3121 3201
3122 3202 static void
3123 3203 warn_dev_match(zone_dochandle_t s_handle, char *source_zone,
3124 3204 zone_dochandle_t t_handle, char *target_zone)
3125 3205 {
3126 3206 int err;
3127 3207 struct zone_devtab s_devtab;
3128 3208 struct zone_devtab t_devtab;
3129 3209
3130 3210 if ((err = zonecfg_setdevent(t_handle)) != Z_OK) {
3131 3211 errno = err;
3132 3212 zperror2(target_zone, gettext("could not enumerate devices"));
3133 3213 return;
3134 3214 }
3135 3215
3136 3216 while (zonecfg_getdevent(t_handle, &t_devtab) == Z_OK) {
3137 3217 if ((err = zonecfg_setdevent(s_handle)) != Z_OK) {
3138 3218 errno = err;
3139 3219 zperror2(source_zone,
3140 3220 gettext("could not enumerate devices"));
3141 3221 (void) zonecfg_enddevent(t_handle);
3142 3222 return;
3143 3223 }
3144 3224
3145 3225 while (zonecfg_getdevent(s_handle, &s_devtab) == Z_OK) {
3146 3226 /*
3147 3227 * Use fnmatch to catch the case where wildcards
3148 3228 * were used in one zone and the other has an
3149 3229 * explicit entry (e.g. /dev/dsk/c0t0d0s6 vs.
3150 3230 * /dev/\*dsk/c0t0d0s6).
3151 3231 */
3152 3232 if (fnmatch(t_devtab.zone_dev_match,
3153 3233 s_devtab.zone_dev_match, FNM_PATHNAME) == 0 ||
3154 3234 fnmatch(s_devtab.zone_dev_match,
3155 3235 t_devtab.zone_dev_match, FNM_PATHNAME) == 0) {
3156 3236 (void) fprintf(stderr,
3157 3237 gettext("WARNING: device '%s' "
3158 3238 "is configured in both zones.\n"),
3159 3239 t_devtab.zone_dev_match);
3160 3240 break;
3161 3241 }
3162 3242 }
3163 3243 (void) zonecfg_enddevent(s_handle);
3164 3244 }
3165 3245
3166 3246 (void) zonecfg_enddevent(t_handle);
3167 3247 }
3168 3248
3169 3249 /*
3170 3250 * Check if the specified mount option (opt) is contained within the
3171 3251 * options string.
3172 3252 */
3173 3253 static boolean_t
3174 3254 opt_match(char *opt, char *options)
3175 3255 {
3176 3256 char *p;
3177 3257 char *lastp;
3178 3258
3179 3259 if ((p = strtok_r(options, ",", &lastp)) != NULL) {
3180 3260 if (strcmp(p, opt) == 0)
3181 3261 return (B_TRUE);
3182 3262 while ((p = strtok_r(NULL, ",", &lastp)) != NULL) {
3183 3263 if (strcmp(p, opt) == 0)
3184 3264 return (B_TRUE);
3185 3265 }
3186 3266 }
3187 3267
3188 3268 return (B_FALSE);
3189 3269 }
3190 3270
3191 3271 #define RW_LOFS "WARNING: read-write lofs file system on '%s' is configured " \
3192 3272 "in both zones.\n"
3193 3273
3194 3274 static void
3195 3275 print_fs_warnings(struct zone_fstab *s_fstab, struct zone_fstab *t_fstab)
3196 3276 {
3197 3277 /*
3198 3278 * It is ok to have shared lofs mounted fs but we want to warn if
3199 3279 * either is rw since this will effect the other zone.
3200 3280 */
3201 3281 if (strcmp(t_fstab->zone_fs_type, "lofs") == 0) {
3202 3282 zone_fsopt_t *optp;
3203 3283
3204 3284 /* The default is rw so no options means rw */
3205 3285 if (t_fstab->zone_fs_options == NULL ||
3206 3286 s_fstab->zone_fs_options == NULL) {
3207 3287 (void) fprintf(stderr, gettext(RW_LOFS),
3208 3288 t_fstab->zone_fs_special);
3209 3289 return;
3210 3290 }
3211 3291
3212 3292 for (optp = s_fstab->zone_fs_options; optp != NULL;
3213 3293 optp = optp->zone_fsopt_next) {
3214 3294 if (opt_match("rw", optp->zone_fsopt_opt)) {
3215 3295 (void) fprintf(stderr, gettext(RW_LOFS),
3216 3296 s_fstab->zone_fs_special);
3217 3297 return;
3218 3298 }
3219 3299 }
3220 3300
3221 3301 for (optp = t_fstab->zone_fs_options; optp != NULL;
3222 3302 optp = optp->zone_fsopt_next) {
3223 3303 if (opt_match("rw", optp->zone_fsopt_opt)) {
3224 3304 (void) fprintf(stderr, gettext(RW_LOFS),
3225 3305 t_fstab->zone_fs_special);
3226 3306 return;
3227 3307 }
3228 3308 }
3229 3309
3230 3310 return;
3231 3311 }
3232 3312
3233 3313 /*
3234 3314 * TRANSLATION_NOTE
3235 3315 * The first variable is the file system type and the second is
3236 3316 * the file system special device. For example,
3237 3317 * WARNING: ufs file system on '/dev/dsk/c0t0d0s0' ...
3238 3318 */
3239 3319 (void) fprintf(stderr, gettext("WARNING: %s file system on '%s' "
3240 3320 "is configured in both zones.\n"), t_fstab->zone_fs_type,
3241 3321 t_fstab->zone_fs_special);
3242 3322 }
3243 3323
3244 3324 static void
3245 3325 warn_fs_match(zone_dochandle_t s_handle, char *source_zone,
3246 3326 zone_dochandle_t t_handle, char *target_zone)
3247 3327 {
3248 3328 int err;
3249 3329 struct zone_fstab s_fstab;
3250 3330 struct zone_fstab t_fstab;
3251 3331
3252 3332 if ((err = zonecfg_setfsent(t_handle)) != Z_OK) {
3253 3333 errno = err;
3254 3334 zperror2(target_zone,
3255 3335 gettext("could not enumerate file systems"));
3256 3336 return;
3257 3337 }
3258 3338
3259 3339 while (zonecfg_getfsent(t_handle, &t_fstab) == Z_OK) {
3260 3340 if ((err = zonecfg_setfsent(s_handle)) != Z_OK) {
3261 3341 errno = err;
3262 3342 zperror2(source_zone,
3263 3343 gettext("could not enumerate file systems"));
3264 3344 (void) zonecfg_endfsent(t_handle);
3265 3345 return;
3266 3346 }
3267 3347
3268 3348 while (zonecfg_getfsent(s_handle, &s_fstab) == Z_OK) {
3269 3349 if (strcmp(t_fstab.zone_fs_special,
3270 3350 s_fstab.zone_fs_special) == 0) {
3271 3351 print_fs_warnings(&s_fstab, &t_fstab);
3272 3352 break;
3273 3353 }
3274 3354 }
3275 3355 (void) zonecfg_endfsent(s_handle);
3276 3356 }
3277 3357
3278 3358 (void) zonecfg_endfsent(t_handle);
3279 3359 }
3280 3360
3281 3361 /*
3282 3362 * We don't catch the case where you used the same IP address but
3283 3363 * it is not an exact string match. For example, 192.9.0.128 vs. 192.09.0.128.
3284 3364 * However, we're not going to worry about that but we will check for
3285 3365 * a possible netmask on one of the addresses (e.g. 10.0.0.1 and 10.0.0.1/24)
3286 3366 * and handle that case as a match.
3287 3367 */
3288 3368 static void
3289 3369 warn_ip_match(zone_dochandle_t s_handle, char *source_zone,
3290 3370 zone_dochandle_t t_handle, char *target_zone)
3291 3371 {
3292 3372 int err;
3293 3373 struct zone_nwiftab s_nwiftab;
3294 3374 struct zone_nwiftab t_nwiftab;
3295 3375
3296 3376 if ((err = zonecfg_setnwifent(t_handle)) != Z_OK) {
3297 3377 errno = err;
3298 3378 zperror2(target_zone,
3299 3379 gettext("could not enumerate network interfaces"));
3300 3380 return;
3301 3381 }
3302 3382
3303 3383 while (zonecfg_getnwifent(t_handle, &t_nwiftab) == Z_OK) {
3304 3384 char *p;
3305 3385
3306 3386 /* remove an (optional) netmask from the address */
3307 3387 if ((p = strchr(t_nwiftab.zone_nwif_address, '/')) != NULL)
3308 3388 *p = '\0';
3309 3389
3310 3390 if ((err = zonecfg_setnwifent(s_handle)) != Z_OK) {
3311 3391 errno = err;
3312 3392 zperror2(source_zone,
3313 3393 gettext("could not enumerate network interfaces"));
3314 3394 (void) zonecfg_endnwifent(t_handle);
3315 3395 return;
3316 3396 }
3317 3397
3318 3398 while (zonecfg_getnwifent(s_handle, &s_nwiftab) == Z_OK) {
3319 3399 /* remove an (optional) netmask from the address */
3320 3400 if ((p = strchr(s_nwiftab.zone_nwif_address, '/'))
3321 3401 != NULL)
3322 3402 *p = '\0';
3323 3403
3324 3404 /* For exclusive-IP zones, address is not specified. */
3325 3405 if (strlen(s_nwiftab.zone_nwif_address) == 0)
3326 3406 continue;
3327 3407
3328 3408 if (strcmp(t_nwiftab.zone_nwif_address,
3329 3409 s_nwiftab.zone_nwif_address) == 0) {
3330 3410 (void) fprintf(stderr,
3331 3411 gettext("WARNING: network address '%s' "
3332 3412 "is configured in both zones.\n"),
3333 3413 t_nwiftab.zone_nwif_address);
3334 3414 break;
3335 3415 }
3336 3416 }
3337 3417 (void) zonecfg_endnwifent(s_handle);
3338 3418 }
3339 3419
3340 3420 (void) zonecfg_endnwifent(t_handle);
3341 3421 }
3342 3422
3343 3423 static void
3344 3424 warn_dataset_match(zone_dochandle_t s_handle, char *source,
3345 3425 zone_dochandle_t t_handle, char *target)
3346 3426 {
3347 3427 int err;
3348 3428 struct zone_dstab s_dstab;
3349 3429 struct zone_dstab t_dstab;
3350 3430
3351 3431 if ((err = zonecfg_setdsent(t_handle)) != Z_OK) {
3352 3432 errno = err;
3353 3433 zperror2(target, gettext("could not enumerate datasets"));
3354 3434 return;
3355 3435 }
3356 3436
3357 3437 while (zonecfg_getdsent(t_handle, &t_dstab) == Z_OK) {
3358 3438 if ((err = zonecfg_setdsent(s_handle)) != Z_OK) {
3359 3439 errno = err;
3360 3440 zperror2(source,
3361 3441 gettext("could not enumerate datasets"));
3362 3442 (void) zonecfg_enddsent(t_handle);
3363 3443 return;
3364 3444 }
3365 3445
3366 3446 while (zonecfg_getdsent(s_handle, &s_dstab) == Z_OK) {
3367 3447 if (strcmp(t_dstab.zone_dataset_name,
3368 3448 s_dstab.zone_dataset_name) == 0) {
3369 3449 target_zone = source;
3370 3450 zerror(gettext("WARNING: dataset '%s' "
3371 3451 "is configured in both zones.\n"),
3372 3452 t_dstab.zone_dataset_name);
3373 3453 break;
3374 3454 }
3375 3455 }
3376 3456 (void) zonecfg_enddsent(s_handle);
3377 3457 }
3378 3458
3379 3459 (void) zonecfg_enddsent(t_handle);
3380 3460 }
3381 3461
3382 3462 /*
3383 3463 * Check that the clone and its source have the same brand type.
3384 3464 */
3385 3465 static int
3386 3466 valid_brand_clone(char *source_zone, char *target_zone)
3387 3467 {
3388 3468 brand_handle_t bh;
3389 3469 char source_brand[MAXNAMELEN];
3390 3470
3391 3471 if ((zone_get_brand(source_zone, source_brand,
3392 3472 sizeof (source_brand))) != Z_OK) {
3393 3473 (void) fprintf(stderr, "%s: zone '%s': %s\n",
3394 3474 execname, source_zone, gettext("missing or invalid brand"));
3395 3475 return (Z_ERR);
3396 3476 }
3397 3477
3398 3478 if (strcmp(source_brand, target_brand) != 0) {
3399 3479 (void) fprintf(stderr,
3400 3480 gettext("%s: Zones '%s' and '%s' have different brand "
3401 3481 "types.\n"), execname, source_zone, target_zone);
3402 3482 return (Z_ERR);
3403 3483 }
3404 3484
3405 3485 if ((bh = brand_open(target_brand)) == NULL) {
3406 3486 zerror(gettext("missing or invalid brand"));
3407 3487 return (Z_ERR);
3408 3488 }
3409 3489 brand_close(bh);
3410 3490 return (Z_OK);
3411 3491 }
3412 3492
3413 3493 static int
3414 3494 validate_clone(char *source_zone, char *target_zone)
3415 3495 {
3416 3496 int err = Z_OK;
3417 3497 zone_dochandle_t s_handle;
3418 3498 zone_dochandle_t t_handle;
3419 3499
3420 3500 if ((t_handle = zonecfg_init_handle()) == NULL) {
3421 3501 zperror(cmd_to_str(CMD_CLONE), B_TRUE);
3422 3502 return (Z_ERR);
3423 3503 }
3424 3504 if ((err = zonecfg_get_handle(target_zone, t_handle)) != Z_OK) {
3425 3505 errno = err;
3426 3506 zperror(cmd_to_str(CMD_CLONE), B_TRUE);
3427 3507 zonecfg_fini_handle(t_handle);
3428 3508 return (Z_ERR);
3429 3509 }
3430 3510
3431 3511 if ((s_handle = zonecfg_init_handle()) == NULL) {
3432 3512 zperror(cmd_to_str(CMD_CLONE), B_TRUE);
3433 3513 zonecfg_fini_handle(t_handle);
3434 3514 return (Z_ERR);
3435 3515 }
3436 3516 if ((err = zonecfg_get_handle(source_zone, s_handle)) != Z_OK) {
3437 3517 errno = err;
3438 3518 zperror(cmd_to_str(CMD_CLONE), B_TRUE);
3439 3519 goto done;
3440 3520 }
3441 3521
3442 3522 /* verify new zone has same brand type */
3443 3523 err = valid_brand_clone(source_zone, target_zone);
3444 3524 if (err != Z_OK)
3445 3525 goto done;
3446 3526
3447 3527 /* warn about imported fs's which are the same */
3448 3528 warn_fs_match(s_handle, source_zone, t_handle, target_zone);
3449 3529
3450 3530 /* warn about imported IP addresses which are the same */
3451 3531 warn_ip_match(s_handle, source_zone, t_handle, target_zone);
3452 3532
3453 3533 /* warn about imported devices which are the same */
3454 3534 warn_dev_match(s_handle, source_zone, t_handle, target_zone);
3455 3535
3456 3536 /* warn about imported datasets which are the same */
3457 3537 warn_dataset_match(s_handle, source_zone, t_handle, target_zone);
3458 3538
3459 3539 done:
3460 3540 zonecfg_fini_handle(t_handle);
3461 3541 zonecfg_fini_handle(s_handle);
3462 3542
3463 3543 return ((err == Z_OK) ? Z_OK : Z_ERR);
3464 3544 }
3465 3545
3466 3546 static int
3467 3547 copy_zone(char *src, char *dst)
3468 3548 {
3469 3549 boolean_t out_null = B_FALSE;
3470 3550 int status;
3471 3551 char *outfile;
3472 3552 char cmdbuf[MAXPATHLEN * 2 + 128];
3473 3553
3474 3554 if ((outfile = tempnam("/var/log", "zone")) == NULL) {
3475 3555 outfile = "/dev/null";
3476 3556 out_null = B_TRUE;
3477 3557 }
3478 3558
3479 3559 /*
3480 3560 * Use find to get the list of files to copy. We need to skip
3481 3561 * files of type "socket" since cpio can't handle those but that
3482 3562 * should be ok since the app will recreate the socket when it runs.
3483 3563 * We also need to filter out anything under the .zfs subdir. Since
3484 3564 * find is running depth-first, we need the extra egrep to filter .zfs.
3485 3565 */
3486 3566 (void) snprintf(cmdbuf, sizeof (cmdbuf),
3487 3567 "cd %s && /usr/bin/find . -type s -prune -o -depth -print | "
3488 3568 "/usr/bin/egrep -v '^\\./\\.zfs$|^\\./\\.zfs/' | "
3489 3569 "/usr/bin/cpio -pdmuP@ %s > %s 2>&1",
3490 3570 src, dst, outfile);
3491 3571
3492 3572 status = do_subproc(cmdbuf);
3493 3573
3494 3574 if (subproc_status("copy", status, B_TRUE) != ZONE_SUBPROC_OK) {
3495 3575 if (!out_null)
3496 3576 (void) fprintf(stderr, gettext("\nThe copy failed.\n"
3497 3577 "More information can be found in %s\n"), outfile);
3498 3578 return (Z_ERR);
3499 3579 }
3500 3580
3501 3581 if (!out_null)
3502 3582 (void) unlink(outfile);
3503 3583
3504 3584 return (Z_OK);
3505 3585 }
3506 3586
3507 3587 /* ARGSUSED */
3508 3588 int
3509 3589 zfm_print(const struct mnttab *p, void *r)
3510 3590 {
3511 3591 zerror(" %s\n", p->mnt_mountp);
3512 3592 return (0);
3513 3593 }
3514 3594
3515 3595 int
3516 3596 clone_copy(char *source_zonepath, char *zonepath)
3517 3597 {
3518 3598 int err;
3519 3599
3520 3600 /* Don't clone the zone if anything is still mounted there */
3521 3601 if (zonecfg_find_mounts(source_zonepath, NULL, NULL)) {
3522 3602 zerror(gettext("These file systems are mounted on "
3523 3603 "subdirectories of %s.\n"), source_zonepath);
3524 3604 (void) zonecfg_find_mounts(source_zonepath, zfm_print, NULL);
3525 3605 return (Z_ERR);
3526 3606 }
3527 3607
3528 3608 /*
3529 3609 * Attempt to create a ZFS fs for the zonepath. As usual, we don't
3530 3610 * care if this works or not since we always have the default behavior
3531 3611 * of a simple directory for the zonepath.
3532 3612 */
3533 3613 create_zfs_zonepath(zonepath);
3534 3614
3535 3615 (void) printf(gettext("Copying %s..."), source_zonepath);
3536 3616 (void) fflush(stdout);
3537 3617
3538 3618 err = copy_zone(source_zonepath, zonepath);
3539 3619
3540 3620 (void) printf("\n");
3541 3621
3542 3622 return (err);
3543 3623 }
3544 3624
3545 3625 static int
3546 3626 clone_func(int argc, char *argv[])
3547 3627 {
3548 3628 char *source_zone = NULL;
3549 3629 int lockfd;
3550 3630 int err, arg;
3551 3631 char zonepath[MAXPATHLEN];
3552 3632 char source_zonepath[MAXPATHLEN];
3553 3633 zone_state_t state;
3554 3634 zone_entry_t *zent;
3555 3635 char *method = NULL;
3556 3636 char *snapshot = NULL;
3557 3637 char cmdbuf[MAXPATHLEN];
3558 3638 char postcmdbuf[MAXPATHLEN];
3559 3639 char presnapbuf[MAXPATHLEN];
3560 3640 char postsnapbuf[MAXPATHLEN];
3561 3641 char validsnapbuf[MAXPATHLEN];
3562 3642 brand_handle_t bh = NULL;
3563 3643 int status;
3564 3644 boolean_t brand_help = B_FALSE;
3565 3645
3566 3646 if (zonecfg_in_alt_root()) {
3567 3647 zerror(gettext("cannot clone zone in alternate root"));
3568 3648 return (Z_ERR);
3569 3649 }
3570 3650
3571 3651 /* Check the argv string for args we handle internally */
3572 3652 optind = 0;
3573 3653 opterr = 0;
3574 3654 while ((arg = getopt(argc, argv, "?m:s:")) != EOF) {
3575 3655 switch (arg) {
3576 3656 case '?':
3577 3657 if (optopt == '?') {
3578 3658 sub_usage(SHELP_CLONE, CMD_CLONE);
3579 3659 brand_help = B_TRUE;
3580 3660 }
3581 3661 /* Ignore unknown options - may be brand specific. */
3582 3662 break;
3583 3663 case 'm':
3584 3664 method = optarg;
3585 3665 break;
3586 3666 case 's':
3587 3667 snapshot = optarg;
3588 3668 break;
3589 3669 default:
3590 3670 /* Ignore unknown options - may be brand specific. */
3591 3671 break;
3592 3672 }
3593 3673 }
3594 3674
3595 3675 if (argc != (optind + 1)) {
3596 3676 sub_usage(SHELP_CLONE, CMD_CLONE);
3597 3677 return (Z_USAGE);
3598 3678 }
3599 3679
3600 3680 source_zone = argv[optind];
3601 3681
3602 3682 if (!brand_help) {
3603 3683 if (sanity_check(target_zone, CMD_CLONE, B_FALSE, B_TRUE,
3604 3684 B_FALSE) != Z_OK)
3605 3685 return (Z_ERR);
3606 3686 if (verify_details(CMD_CLONE, argv) != Z_OK)
3607 3687 return (Z_ERR);
3608 3688
3609 3689 /*
3610 3690 * We also need to do some extra validation on the source zone.
3611 3691 */
3612 3692 if (strcmp(source_zone, GLOBAL_ZONENAME) == 0) {
3613 3693 zerror(gettext("%s operation is invalid for the "
3614 3694 "global zone."), cmd_to_str(CMD_CLONE));
3615 3695 return (Z_ERR);
3616 3696 }
3617 3697
3618 3698 if (strncmp(source_zone, "SUNW", 4) == 0) {
3619 3699 zerror(gettext("%s operation is invalid for zones "
3620 3700 "starting with SUNW."), cmd_to_str(CMD_CLONE));
3621 3701 return (Z_ERR);
3622 3702 }
3623 3703
3624 3704 if (auth_check(username, source_zone, SOURCE_ZONE) == Z_ERR) {
3625 3705 zerror(gettext("%s operation is invalid because "
3626 3706 "user is not authorized to read source zone."),
3627 3707 cmd_to_str(CMD_CLONE));
3628 3708 return (Z_ERR);
3629 3709 }
3630 3710
3631 3711 zent = lookup_running_zone(source_zone);
3632 3712 if (zent != NULL) {
3633 3713 /* check whether the zone is ready or running */
3634 3714 if ((err = zone_get_state(zent->zname,
3635 3715 &zent->zstate_num)) != Z_OK) {
3636 3716 errno = err;
3637 3717 zperror2(zent->zname, gettext("could not get "
3638 3718 "state"));
3639 3719 /* can't tell, so hedge */
3640 3720 zent->zstate_str = "ready/running";
3641 3721 } else {
3642 3722 zent->zstate_str =
3643 3723 zone_state_str(zent->zstate_num);
3644 3724 }
3645 3725 zerror(gettext("%s operation is invalid for %s zones."),
3646 3726 cmd_to_str(CMD_CLONE), zent->zstate_str);
3647 3727 return (Z_ERR);
3648 3728 }
3649 3729
3650 3730 if ((err = zone_get_state(source_zone, &state)) != Z_OK) {
3651 3731 errno = err;
3652 3732 zperror2(source_zone, gettext("could not get state"));
3653 3733 return (Z_ERR);
3654 3734 }
3655 3735 if (state != ZONE_STATE_INSTALLED) {
3656 3736 (void) fprintf(stderr,
3657 3737 gettext("%s: zone %s is %s; %s is required.\n"),
3658 3738 execname, source_zone, zone_state_str(state),
3659 3739 zone_state_str(ZONE_STATE_INSTALLED));
3660 3740 return (Z_ERR);
3661 3741 }
3662 3742
3663 3743 /*
3664 3744 * The source zone checks out ok, continue with the clone.
3665 3745 */
3666 3746
3667 3747 if (validate_clone(source_zone, target_zone) != Z_OK)
3668 3748 return (Z_ERR);
3669 3749
3670 3750 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
3671 3751 zerror(gettext("another %s may have an operation in "
3672 3752 "progress."), "zoneadm");
3673 3753 return (Z_ERR);
3674 3754 }
3675 3755 }
3676 3756
3677 3757 if ((err = zone_get_zonepath(source_zone, source_zonepath,
3678 3758 sizeof (source_zonepath))) != Z_OK) {
3679 3759 errno = err;
3680 3760 zperror2(source_zone, gettext("could not get zone path"));
3681 3761 goto done;
3682 3762 }
3683 3763
3684 3764 if ((err = zone_get_zonepath(target_zone, zonepath, sizeof (zonepath)))
3685 3765 != Z_OK) {
3686 3766 errno = err;
3687 3767 zperror2(target_zone, gettext("could not get zone path"));
3688 3768 goto done;
3689 3769 }
3690 3770
3691 3771 /*
3692 3772 * Fetch the clone and postclone hooks from the brand configuration.
3693 3773 */
3694 3774 if ((bh = brand_open(target_brand)) == NULL) {
3695 3775 zerror(gettext("missing or invalid brand"));
3696 3776 err = Z_ERR;
3697 3777 goto done;
3698 3778 }
3699 3779
3700 3780 if (get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_clone, target_zone,
3701 3781 zonepath) != Z_OK) {
3702 3782 zerror("invalid brand configuration: missing clone resource");
3703 3783 brand_close(bh);
3704 3784 err = Z_ERR;
3705 3785 goto done;
3706 3786 }
3707 3787
3708 3788 if (get_hook(bh, postcmdbuf, sizeof (postcmdbuf), brand_get_postclone,
3709 3789 target_zone, zonepath) != Z_OK) {
3710 3790 zerror("invalid brand configuration: missing postclone "
3711 3791 "resource");
3712 3792 brand_close(bh);
3713 3793 err = Z_ERR;
3714 3794 goto done;
3715 3795 }
3716 3796
3717 3797 if (get_hook(bh, presnapbuf, sizeof (presnapbuf), brand_get_presnap,
3718 3798 source_zone, source_zonepath) != Z_OK) {
3719 3799 zerror("invalid brand configuration: missing presnap "
3720 3800 "resource");
3721 3801 brand_close(bh);
3722 3802 err = Z_ERR;
3723 3803 goto done;
3724 3804 }
3725 3805
3726 3806 if (get_hook(bh, postsnapbuf, sizeof (postsnapbuf), brand_get_postsnap,
3727 3807 source_zone, source_zonepath) != Z_OK) {
3728 3808 zerror("invalid brand configuration: missing postsnap "
3729 3809 "resource");
3730 3810 brand_close(bh);
3731 3811 err = Z_ERR;
3732 3812 goto done;
3733 3813 }
3734 3814
3735 3815 if (get_hook(bh, validsnapbuf, sizeof (validsnapbuf),
3736 3816 brand_get_validatesnap, target_zone, zonepath) != Z_OK) {
3737 3817 zerror("invalid brand configuration: missing validatesnap "
3738 3818 "resource");
3739 3819 brand_close(bh);
3740 3820 err = Z_ERR;
3741 3821 goto done;
3742 3822 }
3743 3823 brand_close(bh);
3744 3824
3745 3825 /* Append all options to clone hook. */
3746 3826 if (addoptions(cmdbuf, argv, sizeof (cmdbuf)) != Z_OK) {
3747 3827 err = Z_ERR;
3748 3828 goto done;
3749 3829 }
3750 3830
3751 3831 /* Append all options to postclone hook. */
3752 3832 if (addoptions(postcmdbuf, argv, sizeof (postcmdbuf)) != Z_OK) {
3753 3833 err = Z_ERR;
3754 3834 goto done;
3755 3835 }
3756 3836
3757 3837 if (!brand_help) {
3758 3838 if ((err = zone_set_state(target_zone, ZONE_STATE_INCOMPLETE))
3759 3839 != Z_OK) {
3760 3840 errno = err;
3761 3841 zperror2(target_zone, gettext("could not set state"));
3762 3842 goto done;
3763 3843 }
3764 3844 }
3765 3845
3766 3846 /*
3767 3847 * The clone hook is optional. If it exists, use the hook for
3768 3848 * cloning, otherwise use the built-in clone support
3769 3849 */
3770 3850 if (cmdbuf[0] != '\0') {
3771 3851 /* Run the clone hook */
3772 3852 status = do_subproc(cmdbuf);
3773 3853 if ((status = subproc_status(gettext("brand-specific clone"),
3774 3854 status, B_FALSE)) != ZONE_SUBPROC_OK) {
3775 3855 if (status == ZONE_SUBPROC_USAGE && !brand_help)
3776 3856 sub_usage(SHELP_CLONE, CMD_CLONE);
3777 3857 err = Z_ERR;
3778 3858 goto done;
3779 3859 }
3780 3860
3781 3861 if (brand_help)
3782 3862 return (Z_OK);
3783 3863
3784 3864 } else {
3785 3865 /* If just help, we're done since there is no brand help. */
3786 3866 if (brand_help)
3787 3867 return (Z_OK);
3788 3868
3789 3869 /* Run the built-in clone support. */
3790 3870
3791 3871 /* The only explicit built-in method is "copy". */
3792 3872 if (method != NULL && strcmp(method, "copy") != 0) {
3793 3873 sub_usage(SHELP_CLONE, CMD_CLONE);
3794 3874 err = Z_USAGE;
3795 3875 goto done;
3796 3876 }
3797 3877
3798 3878 if (snapshot != NULL) {
3799 3879 err = clone_snapshot_zfs(snapshot, zonepath,
3800 3880 validsnapbuf);
3801 3881 } else {
3802 3882 /*
3803 3883 * We always copy the clone unless the source is ZFS
3804 3884 * and a ZFS clone worked. We fallback to copying if
3805 3885 * the ZFS clone fails for some reason.
3806 3886 */
3807 3887 err = Z_ERR;
3808 3888 if (method == NULL && is_zonepath_zfs(source_zonepath))
3809 3889 err = clone_zfs(source_zonepath, zonepath,
3810 3890 presnapbuf, postsnapbuf);
3811 3891
3812 3892 if (err != Z_OK)
3813 3893 err = clone_copy(source_zonepath, zonepath);
3814 3894 }
3815 3895 }
3816 3896
3817 3897 if (err == Z_OK && postcmdbuf[0] != '\0') {
3818 3898 status = do_subproc(postcmdbuf);
3819 3899 if ((err = subproc_status("postclone", status, B_FALSE))
3820 3900 != ZONE_SUBPROC_OK) {
3821 3901 zerror(gettext("post-clone configuration failed."));
3822 3902 err = Z_ERR;
3823 3903 }
3824 3904 }
3825 3905
3826 3906 done:
3827 3907 /*
3828 3908 * If everything went well, we mark the zone as installed.
3829 3909 */
3830 3910 if (err == Z_OK) {
3831 3911 err = zone_set_state(target_zone, ZONE_STATE_INSTALLED);
3832 3912 if (err != Z_OK) {
3833 3913 errno = err;
3834 3914 zperror2(target_zone, gettext("could not set state"));
3835 3915 }
3836 3916 }
3837 3917 if (!brand_help)
3838 3918 zonecfg_release_lock_file(target_zone, lockfd);
3839 3919 return ((err == Z_OK) ? Z_OK : Z_ERR);
3840 3920 }
3841 3921
3842 3922 /*
3843 3923 * Used when removing a zonepath after uninstalling or cleaning up after
3844 3924 * the move subcommand. This handles a zonepath that has non-standard
3845 3925 * contents so that we will only cleanup the stuff we know about and leave
3846 3926 * any user data alone.
3847 3927 *
3848 3928 * If the "all" parameter is true then we should remove the whole zonepath
3849 3929 * even if it has non-standard files/directories in it. This can be used when
3850 3930 * we need to cleanup after moving the zonepath across file systems.
3851 3931 *
3852 3932 * We "exec" the RMCOMMAND so that the returned status is that of RMCOMMAND
3853 3933 * and not the shell.
3854 3934 */
3855 3935 static int
3856 3936 cleanup_zonepath(char *zonepath, boolean_t all)
3857 3937 {
|
↓ open down ↓ |
1003 lines elided |
↑ open up ↑ |
3858 3938 int status;
3859 3939 int i;
3860 3940 boolean_t non_std = B_FALSE;
3861 3941 struct dirent *dp;
3862 3942 DIR *dirp;
3863 3943 /*
3864 3944 * The SUNWattached.xml file is expected since it might
3865 3945 * exist if the zone was force-attached after a
3866 3946 * migration.
3867 3947 */
3868 - char *std_entries[] = {"dev", "lu", "root",
3869 - "SUNWattached.xml", NULL};
3870 - /* (MAXPATHLEN * 3) is for the 3 std_entries dirs */
3871 - char cmdbuf[sizeof (RMCOMMAND) + (MAXPATHLEN * 3) + 64];
3948 + char *std_entries[] = {"dev", "lastexited", "logs", "lu",
3949 + "root", "SUNWattached.xml", NULL};
3950 + /* (MAXPATHLEN * 5) is for the 5 std_entries dirs */
3951 + char cmdbuf[sizeof (RMCOMMAND) + (MAXPATHLEN * 5) + 64];
3872 3952
3873 3953 /*
3874 3954 * We shouldn't need these checks but lets be paranoid since we
3875 3955 * could blow away the whole system here if we got the wrong zonepath.
3876 3956 */
3877 3957 if (*zonepath == NULL || strcmp(zonepath, "/") == 0) {
3878 3958 (void) fprintf(stderr, "invalid zonepath '%s'\n", zonepath);
3879 3959 return (Z_INVAL);
3880 3960 }
3881 3961
3882 3962 /*
3883 3963 * If the dirpath is already gone (maybe it was manually removed) then
3884 3964 * we just return Z_OK so that the cleanup is successful.
3885 3965 */
3886 3966 if ((dirp = opendir(zonepath)) == NULL)
3887 3967 return (Z_OK);
3888 3968
3889 3969 /*
3890 3970 * Look through the zonepath directory to see if there are any
3891 3971 * non-standard files/dirs. Also skip .zfs since that might be
3892 3972 * there but we'll handle ZFS file systems as a special case.
3893 3973 */
3894 3974 while ((dp = readdir(dirp)) != NULL) {
3895 3975 if (strcmp(dp->d_name, ".") == 0 ||
3896 3976 strcmp(dp->d_name, "..") == 0 ||
3897 3977 strcmp(dp->d_name, ".zfs") == 0)
3898 3978 continue;
3899 3979
3900 3980 for (i = 0; std_entries[i] != NULL; i++)
3901 3981 if (strcmp(dp->d_name, std_entries[i]) == 0)
3902 3982 break;
3903 3983
3904 3984 if (std_entries[i] == NULL)
3905 3985 non_std = B_TRUE;
3906 3986 }
3907 3987 (void) closedir(dirp);
3908 3988
3909 3989 if (!all && non_std) {
3910 3990 /*
3911 3991 * There are extra, non-standard directories/files in the
3912 3992 * zonepath so we don't want to remove the zonepath. We
3913 3993 * just want to remove the standard directories and leave
3914 3994 * the user data alone.
3915 3995 */
3916 3996 (void) snprintf(cmdbuf, sizeof (cmdbuf), "exec " RMCOMMAND);
3917 3997
3918 3998 for (i = 0; std_entries[i] != NULL; i++) {
3919 3999 char tmpbuf[MAXPATHLEN];
3920 4000
3921 4001 if (snprintf(tmpbuf, sizeof (tmpbuf), " %s/%s",
3922 4002 zonepath, std_entries[i]) >= sizeof (tmpbuf) ||
3923 4003 strlcat(cmdbuf, tmpbuf, sizeof (cmdbuf)) >=
3924 4004 sizeof (cmdbuf)) {
3925 4005 (void) fprintf(stderr,
3926 4006 gettext("path is too long\n"));
3927 4007 return (Z_INVAL);
3928 4008 }
3929 4009 }
3930 4010
3931 4011 status = do_subproc(cmdbuf);
3932 4012
3933 4013 (void) fprintf(stderr, gettext("WARNING: Unable to completely "
3934 4014 "remove %s\nbecause it contains additional user data. "
3935 4015 "Only the standard directory\nentries have been "
3936 4016 "removed.\n"),
3937 4017 zonepath);
3938 4018
3939 4019 return ((subproc_status(RMCOMMAND, status, B_TRUE) ==
3940 4020 ZONE_SUBPROC_OK) ? Z_OK : Z_ERR);
3941 4021 }
3942 4022
3943 4023 /*
3944 4024 * There is nothing unexpected in the zonepath, try to get rid of the
3945 4025 * whole zonepath directory.
3946 4026 *
3947 4027 * If the zonepath is its own zfs file system, try to destroy the
3948 4028 * file system. If that fails for some reason (e.g. it has clones)
3949 4029 * then we'll just remove the contents of the zonepath.
3950 4030 */
3951 4031 if (is_zonepath_zfs(zonepath)) {
3952 4032 if (destroy_zfs(zonepath) == Z_OK)
3953 4033 return (Z_OK);
3954 4034 (void) snprintf(cmdbuf, sizeof (cmdbuf), "exec " RMCOMMAND
3955 4035 " %s/*", zonepath);
3956 4036 status = do_subproc(cmdbuf);
3957 4037 return ((subproc_status(RMCOMMAND, status, B_TRUE) ==
3958 4038 ZONE_SUBPROC_OK) ? Z_OK : Z_ERR);
3959 4039 }
3960 4040
3961 4041 (void) snprintf(cmdbuf, sizeof (cmdbuf), "exec " RMCOMMAND " %s",
3962 4042 zonepath);
3963 4043 status = do_subproc(cmdbuf);
3964 4044
3965 4045 return ((subproc_status(RMCOMMAND, status, B_TRUE) == ZONE_SUBPROC_OK)
3966 4046 ? Z_OK : Z_ERR);
3967 4047 }
3968 4048
3969 4049 static int
3970 4050 move_func(int argc, char *argv[])
3971 4051 {
3972 4052 char *new_zonepath = NULL;
3973 4053 int lockfd;
3974 4054 int err, arg;
3975 4055 char zonepath[MAXPATHLEN];
3976 4056 zone_dochandle_t handle;
3977 4057 boolean_t fast;
3978 4058 boolean_t is_zfs = B_FALSE;
3979 4059 boolean_t root_fs_mounted = B_FALSE;
3980 4060 struct dirent *dp;
3981 4061 DIR *dirp;
3982 4062 boolean_t empty = B_TRUE;
3983 4063 boolean_t revert;
3984 4064 struct stat zonepath_buf;
3985 4065 struct stat new_zonepath_buf;
3986 4066 zone_mounts_t mounts;
3987 4067
3988 4068 if (zonecfg_in_alt_root()) {
3989 4069 zerror(gettext("cannot move zone in alternate root"));
3990 4070 return (Z_ERR);
3991 4071 }
3992 4072
3993 4073 optind = 0;
3994 4074 if ((arg = getopt(argc, argv, "?")) != EOF) {
3995 4075 switch (arg) {
3996 4076 case '?':
3997 4077 sub_usage(SHELP_MOVE, CMD_MOVE);
3998 4078 return (optopt == '?' ? Z_OK : Z_USAGE);
3999 4079 default:
4000 4080 sub_usage(SHELP_MOVE, CMD_MOVE);
4001 4081 return (Z_USAGE);
4002 4082 }
4003 4083 }
4004 4084 if (argc != (optind + 1)) {
4005 4085 sub_usage(SHELP_MOVE, CMD_MOVE);
4006 4086 return (Z_USAGE);
4007 4087 }
4008 4088 new_zonepath = argv[optind];
4009 4089 if (sanity_check(target_zone, CMD_MOVE, B_FALSE, B_TRUE, B_FALSE)
4010 4090 != Z_OK)
4011 4091 return (Z_ERR);
4012 4092 if (verify_details(CMD_MOVE, argv) != Z_OK)
4013 4093 return (Z_ERR);
4014 4094
4015 4095 /*
4016 4096 * Check out the new zonepath. This has the side effect of creating
4017 4097 * a directory for the new zonepath. We depend on this later when we
4018 4098 * stat to see if we are doing a cross file system move or not.
4019 4099 */
4020 4100 if (validate_zonepath(new_zonepath, CMD_MOVE) != Z_OK)
4021 4101 return (Z_ERR);
4022 4102
4023 4103 if ((err = zone_get_zonepath(target_zone, zonepath, sizeof (zonepath)))
4024 4104 != Z_OK) {
4025 4105 errno = err;
4026 4106 zperror2(target_zone, gettext("could not get zone path"));
4027 4107 return (Z_ERR);
4028 4108 }
4029 4109
4030 4110 if (stat(zonepath, &zonepath_buf) == -1) {
4031 4111 zperror(gettext("could not stat zone path"), B_FALSE);
4032 4112 return (Z_ERR);
4033 4113 }
4034 4114
4035 4115 if (stat(new_zonepath, &new_zonepath_buf) == -1) {
4036 4116 zperror(gettext("could not stat new zone path"), B_FALSE);
4037 4117 return (Z_ERR);
4038 4118 }
4039 4119
4040 4120 /*
4041 4121 * Check if the destination directory is empty.
4042 4122 */
4043 4123 if ((dirp = opendir(new_zonepath)) == NULL) {
4044 4124 zperror(gettext("could not open new zone path"), B_FALSE);
4045 4125 return (Z_ERR);
4046 4126 }
4047 4127 while ((dp = readdir(dirp)) != (struct dirent *)0) {
4048 4128 if (strcmp(dp->d_name, ".") == 0 ||
4049 4129 strcmp(dp->d_name, "..") == 0)
4050 4130 continue;
4051 4131 empty = B_FALSE;
4052 4132 break;
4053 4133 }
4054 4134 (void) closedir(dirp);
4055 4135
4056 4136 /* Error if there is anything in the destination directory. */
4057 4137 if (!empty) {
4058 4138 (void) fprintf(stderr, gettext("could not move zone to %s: "
4059 4139 "directory not empty\n"), new_zonepath);
4060 4140 return (Z_ERR);
4061 4141 }
4062 4142
4063 4143 /*
4064 4144 * Collect information about mounts within the zone's zonepath.
4065 4145 * Overlay mounts on the zone's root directory are erroneous.
4066 4146 * Bail if we encounter any unexpected mounts.
4067 4147 */
4068 4148 if (zone_mounts_init(&mounts, zonepath) != 0)
4069 4149 return (Z_ERR);
4070 4150 if (mounts.num_root_overlay_mounts != 0) {
4071 4151 zerror(gettext("%d overlay mount(s) detected on %s/root."),
4072 4152 mounts.num_root_overlay_mounts, zonepath);
4073 4153 goto err_and_mounts_destroy;
4074 4154 }
4075 4155 if (mounts.num_unexpected_mounts != 0)
4076 4156 goto err_and_mounts_destroy;
4077 4157
4078 4158 /*
4079 4159 * Check if we are moving in the same file system and can do a fast
4080 4160 * move or if we are crossing file systems and have to copy the data.
4081 4161 */
4082 4162 fast = (zonepath_buf.st_dev == new_zonepath_buf.st_dev);
4083 4163
4084 4164 if ((handle = zonecfg_init_handle()) == NULL) {
4085 4165 zperror(cmd_to_str(CMD_MOVE), B_TRUE);
4086 4166 goto err_and_mounts_destroy;
4087 4167 }
4088 4168
4089 4169 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
4090 4170 errno = err;
4091 4171 zperror(cmd_to_str(CMD_MOVE), B_TRUE);
4092 4172 goto err_and_fini_handle;
4093 4173 }
4094 4174
4095 4175 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
4096 4176 zerror(gettext("another %s may have an operation in progress."),
4097 4177 "zoneadm");
4098 4178 goto err_and_fini_handle;
4099 4179 }
4100 4180
4101 4181 /*
4102 4182 * Unmount the zone's root filesystem before we move the zone's
4103 4183 * zonepath.
4104 4184 */
4105 4185 if (zone_unmount_rootfs(&mounts, zonepath, B_FALSE) != 0)
4106 4186 goto err_and_rele_lockfile;
4107 4187
4108 4188 /*
4109 4189 * We're making some file system changes now so we have to clean up
4110 4190 * the file system before we are done. This will either clean up the
4111 4191 * new zonepath if the zonecfg update failed or it will clean up the
4112 4192 * old zonepath if everything is ok.
4113 4193 */
4114 4194 revert = B_TRUE;
4115 4195
4116 4196 if (is_zonepath_zfs(zonepath) &&
4117 4197 move_zfs(zonepath, new_zonepath) != Z_ERR) {
4118 4198 is_zfs = B_TRUE;
4119 4199
4120 4200 } else if (fast) {
4121 4201 /* same file system, use rename for a quick move */
4122 4202
4123 4203 /*
4124 4204 * Remove the new_zonepath directory that got created above
4125 4205 * during the validation. It gets in the way of the rename.
4126 4206 */
4127 4207 if (rmdir(new_zonepath) != 0) {
4128 4208 zperror(gettext("could not rmdir new zone path"),
4129 4209 B_FALSE);
4130 4210 (void) zone_mount_rootfs(&mounts, zonepath);
4131 4211 goto err_and_rele_lockfile;
4132 4212 }
4133 4213
4134 4214 if (rename(zonepath, new_zonepath) != 0) {
4135 4215 /*
4136 4216 * If this fails we don't need to do all of the
4137 4217 * cleanup that happens for the rest of the code
4138 4218 * so just return from this error.
4139 4219 */
4140 4220 zperror(gettext("could not move zone"), B_FALSE);
4141 4221 (void) zone_mount_rootfs(&mounts, zonepath);
4142 4222 goto err_and_rele_lockfile;
4143 4223 }
4144 4224
4145 4225 } else {
4146 4226 /*
4147 4227 * Attempt to create a ZFS fs for the new zonepath. As usual,
4148 4228 * we don't care if this works or not since we always have the
4149 4229 * default behavior of a simple directory for the zonepath.
4150 4230 */
4151 4231 create_zfs_zonepath(new_zonepath);
4152 4232
4153 4233 (void) printf(gettext(
4154 4234 "Moving across file systems; copying zonepath %s..."),
4155 4235 zonepath);
4156 4236 (void) fflush(stdout);
4157 4237
4158 4238 err = copy_zone(zonepath, new_zonepath);
4159 4239
4160 4240 (void) printf("\n");
4161 4241 if (err != Z_OK)
4162 4242 goto done;
4163 4243 }
4164 4244
4165 4245 /*
4166 4246 * Mount the zone's root filesystem in the new zonepath if there was
4167 4247 * a root mount prior to the move.
4168 4248 */
4169 4249 if (zone_mount_rootfs(&mounts, new_zonepath) != 0) {
4170 4250 err = Z_ERR;
4171 4251 goto done;
4172 4252 }
4173 4253 root_fs_mounted = B_TRUE;
4174 4254
4175 4255 if ((err = zonecfg_set_zonepath(handle, new_zonepath)) != Z_OK) {
4176 4256 errno = err;
4177 4257 zperror(gettext("could not set new zonepath"), B_TRUE);
4178 4258 goto done;
4179 4259 }
4180 4260
4181 4261 if ((err = zonecfg_save(handle)) != Z_OK) {
4182 4262 errno = err;
4183 4263 zperror(gettext("zonecfg save failed"), B_TRUE);
4184 4264 goto done;
4185 4265 }
4186 4266
4187 4267 revert = B_FALSE;
4188 4268
4189 4269 done:
4190 4270 zonecfg_fini_handle(handle);
4191 4271 zonecfg_release_lock_file(target_zone, lockfd);
4192 4272
4193 4273 /*
4194 4274 * Clean up the file system based on how things went. We either
4195 4275 * clean up the new zonepath if the operation failed for some reason
4196 4276 * or we clean up the old zonepath if everything is ok.
4197 4277 */
4198 4278 if (revert) {
4199 4279 /*
4200 4280 * Check for the unlikely scenario in which the zone's
4201 4281 * zonepath and its root file system moved but libzonecfg
4202 4282 * couldn't save the new zonepath to the zone's configuration
4203 4283 * file. The mounted root filesystem must be unmounted before
4204 4284 * zoneadm restores the zone's zonepath.
4205 4285 */
4206 4286 if (root_fs_mounted && zone_unmount_rootfs(&mounts,
4207 4287 new_zonepath, B_TRUE) != 0) {
4208 4288 /*
4209 4289 * We can't forcibly unmount the zone's root file system
4210 4290 * from the new zonepath. Bail!
4211 4291 */
4212 4292 zerror(gettext("fatal error: cannot unmount %s/root\n"),
4213 4293 new_zonepath);
4214 4294 goto err_and_mounts_destroy;
4215 4295 }
4216 4296
4217 4297 /* The zonecfg update failed, cleanup the new zonepath. */
4218 4298 if (is_zfs) {
4219 4299 if (move_zfs(new_zonepath, zonepath) == Z_ERR) {
4220 4300 (void) fprintf(stderr, gettext("could not "
4221 4301 "restore zonepath, the zfs mountpoint is "
4222 4302 "set as:\n%s\n"), new_zonepath);
4223 4303 /*
4224 4304 * err is already != Z_OK since we're reverting
4225 4305 */
4226 4306 } else {
4227 4307 (void) zone_mount_rootfs(&mounts, zonepath);
4228 4308 }
4229 4309 } else if (fast) {
4230 4310 if (rename(new_zonepath, zonepath) != 0) {
4231 4311 zperror(gettext("could not restore zonepath"),
4232 4312 B_FALSE);
4233 4313 /*
4234 4314 * err is already != Z_OK since we're reverting
4235 4315 */
4236 4316 } else {
4237 4317 (void) zone_mount_rootfs(&mounts, zonepath);
4238 4318 }
4239 4319 } else {
4240 4320 (void) printf(gettext("Cleaning up zonepath %s..."),
4241 4321 new_zonepath);
4242 4322 (void) fflush(stdout);
4243 4323 err = cleanup_zonepath(new_zonepath, B_TRUE);
4244 4324 (void) printf("\n");
4245 4325
4246 4326 if (err != Z_OK) {
4247 4327 errno = err;
4248 4328 zperror(gettext("could not remove new "
4249 4329 "zonepath"), B_TRUE);
4250 4330 } else {
4251 4331 /*
4252 4332 * Because we're reverting we know the mainline
4253 4333 * code failed but we just reused the err
4254 4334 * variable so we reset it back to Z_ERR.
4255 4335 */
4256 4336 err = Z_ERR;
4257 4337 }
4258 4338
4259 4339 (void) zone_mount_rootfs(&mounts, zonepath);
4260 4340 }
4261 4341 } else {
4262 4342 /* The move was successful, cleanup the old zonepath. */
4263 4343 if (!is_zfs && !fast) {
4264 4344 (void) printf(
4265 4345 gettext("Cleaning up zonepath %s..."), zonepath);
4266 4346 (void) fflush(stdout);
4267 4347 err = cleanup_zonepath(zonepath, B_TRUE);
4268 4348 (void) printf("\n");
4269 4349
4270 4350 if (err != Z_OK) {
4271 4351 errno = err;
4272 4352 zperror(gettext("could not remove zonepath"),
4273 4353 B_TRUE);
4274 4354 }
4275 4355 }
4276 4356 }
4277 4357
4278 4358 zone_mounts_destroy(&mounts);
4279 4359 return ((err == Z_OK) ? Z_OK : Z_ERR);
4280 4360
4281 4361 err_and_rele_lockfile:
4282 4362 zonecfg_release_lock_file(target_zone, lockfd);
4283 4363 err_and_fini_handle:
4284 4364 zonecfg_fini_handle(handle);
4285 4365 err_and_mounts_destroy:
4286 4366 zone_mounts_destroy(&mounts);
4287 4367 return (Z_ERR);
4288 4368 }
4289 4369
4290 4370 /* ARGSUSED */
4291 4371 static int
4292 4372 detach_func(int argc, char *argv[])
4293 4373 {
4294 4374 int lockfd = -1;
4295 4375 int err, arg;
4296 4376 char zonepath[MAXPATHLEN];
4297 4377 char cmdbuf[MAXPATHLEN];
4298 4378 char precmdbuf[MAXPATHLEN];
4299 4379 boolean_t execute = B_TRUE;
4300 4380 boolean_t brand_help = B_FALSE;
4301 4381 brand_handle_t bh = NULL;
4302 4382 int status;
4303 4383
4304 4384 if (zonecfg_in_alt_root()) {
4305 4385 zerror(gettext("cannot detach zone in alternate root"));
4306 4386 return (Z_ERR);
4307 4387 }
4308 4388
4309 4389 /* Check the argv string for args we handle internally */
4310 4390 optind = 0;
4311 4391 opterr = 0;
4312 4392 while ((arg = getopt(argc, argv, "?n")) != EOF) {
4313 4393 switch (arg) {
4314 4394 case '?':
4315 4395 if (optopt == '?') {
4316 4396 sub_usage(SHELP_DETACH, CMD_DETACH);
4317 4397 brand_help = B_TRUE;
4318 4398 }
4319 4399 /* Ignore unknown options - may be brand specific. */
4320 4400 break;
4321 4401 case 'n':
4322 4402 execute = B_FALSE;
4323 4403 break;
4324 4404 default:
4325 4405 /* Ignore unknown options - may be brand specific. */
4326 4406 break;
4327 4407 }
4328 4408 }
4329 4409
4330 4410 if (brand_help)
4331 4411 execute = B_FALSE;
4332 4412
4333 4413 if (execute) {
4334 4414 if (sanity_check(target_zone, CMD_DETACH, B_FALSE, B_TRUE,
4335 4415 B_FALSE) != Z_OK)
4336 4416 return (Z_ERR);
4337 4417 if (verify_details(CMD_DETACH, argv) != Z_OK)
4338 4418 return (Z_ERR);
4339 4419 } else {
4340 4420 /*
4341 4421 * We want a dry-run to work for a non-privileged user so we
4342 4422 * only do minimal validation.
4343 4423 */
4344 4424 if (target_zone == NULL) {
4345 4425 zerror(gettext("no zone specified"));
4346 4426 return (Z_ERR);
4347 4427 }
4348 4428
4349 4429 if (strcmp(target_zone, GLOBAL_ZONENAME) == 0) {
4350 4430 zerror(gettext("%s operation is invalid for the "
4351 4431 "global zone."), cmd_to_str(CMD_DETACH));
4352 4432 return (Z_ERR);
4353 4433 }
4354 4434 }
4355 4435
4356 4436 if ((err = zone_get_zonepath(target_zone, zonepath, sizeof (zonepath)))
4357 4437 != Z_OK) {
4358 4438 errno = err;
4359 4439 zperror2(target_zone, gettext("could not get zone path"));
4360 4440 return (Z_ERR);
4361 4441 }
4362 4442
4363 4443 /* Fetch the detach and predetach hooks from the brand configuration. */
4364 4444 if ((bh = brand_open(target_brand)) == NULL) {
4365 4445 zerror(gettext("missing or invalid brand"));
4366 4446 return (Z_ERR);
4367 4447 }
4368 4448
4369 4449 if (get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_detach, target_zone,
4370 4450 zonepath) != Z_OK) {
4371 4451 zerror("invalid brand configuration: missing detach resource");
4372 4452 brand_close(bh);
4373 4453 return (Z_ERR);
4374 4454 }
4375 4455
4376 4456 if (get_hook(bh, precmdbuf, sizeof (precmdbuf), brand_get_predetach,
4377 4457 target_zone, zonepath) != Z_OK) {
4378 4458 zerror("invalid brand configuration: missing predetach "
4379 4459 "resource");
4380 4460 brand_close(bh);
4381 4461 return (Z_ERR);
4382 4462 }
4383 4463 brand_close(bh);
4384 4464
4385 4465 /* Append all options to predetach hook. */
4386 4466 if (addoptions(precmdbuf, argv, sizeof (precmdbuf)) != Z_OK)
4387 4467 return (Z_ERR);
4388 4468
4389 4469 /* Append all options to detach hook. */
4390 4470 if (addoptions(cmdbuf, argv, sizeof (cmdbuf)) != Z_OK)
4391 4471 return (Z_ERR);
4392 4472
4393 4473 if (execute && zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
4394 4474 zerror(gettext("another %s may have an operation in progress."),
4395 4475 "zoneadm");
4396 4476 return (Z_ERR);
4397 4477 }
4398 4478
4399 4479 /* If we have a brand predetach hook, run it. */
4400 4480 if (!brand_help && precmdbuf[0] != '\0') {
4401 4481 status = do_subproc(precmdbuf);
4402 4482 if (subproc_status(gettext("brand-specific predetach"),
4403 4483 status, B_FALSE) != ZONE_SUBPROC_OK) {
4404 4484
4405 4485 if (execute) {
4406 4486 assert(lockfd >= 0);
4407 4487 zonecfg_release_lock_file(target_zone, lockfd);
4408 4488 lockfd = -1;
4409 4489 }
4410 4490
4411 4491 assert(lockfd == -1);
4412 4492 return (Z_ERR);
4413 4493 }
4414 4494 }
4415 4495
4416 4496 if (cmdbuf[0] != '\0') {
4417 4497 /* Run the detach hook */
4418 4498 status = do_subproc(cmdbuf);
4419 4499 if ((status = subproc_status(gettext("brand-specific detach"),
4420 4500 status, B_FALSE)) != ZONE_SUBPROC_OK) {
4421 4501 if (status == ZONE_SUBPROC_USAGE && !brand_help)
4422 4502 sub_usage(SHELP_DETACH, CMD_DETACH);
4423 4503
4424 4504 if (execute) {
4425 4505 assert(lockfd >= 0);
4426 4506 zonecfg_release_lock_file(target_zone, lockfd);
4427 4507 lockfd = -1;
4428 4508 }
4429 4509
4430 4510 assert(lockfd == -1);
4431 4511 return (Z_ERR);
4432 4512 }
4433 4513
4434 4514 } else {
4435 4515 zone_dochandle_t handle;
4436 4516
4437 4517 /* If just help, we're done since there is no brand help. */
4438 4518 if (brand_help) {
4439 4519 assert(lockfd == -1);
4440 4520 return (Z_OK);
4441 4521 }
4442 4522
4443 4523 /*
4444 4524 * Run the built-in detach support. Just generate a simple
4445 4525 * zone definition XML file and detach.
4446 4526 */
4447 4527
4448 4528 /* Don't detach the zone if anything is still mounted there */
4449 4529 if (execute && zonecfg_find_mounts(zonepath, NULL, NULL)) {
4450 4530 (void) fprintf(stderr, gettext("These file systems are "
4451 4531 "mounted on subdirectories of %s.\n"), zonepath);
4452 4532 (void) zonecfg_find_mounts(zonepath, zfm_print, NULL);
4453 4533 err = ZONE_SUBPROC_NOTCOMPLETE;
4454 4534 goto done;
4455 4535 }
4456 4536
4457 4537 if ((handle = zonecfg_init_handle()) == NULL) {
4458 4538 zperror(cmd_to_str(CMD_DETACH), B_TRUE);
4459 4539 err = ZONE_SUBPROC_NOTCOMPLETE;
4460 4540 goto done;
4461 4541 }
4462 4542
4463 4543 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
4464 4544 errno = err;
4465 4545 zperror(cmd_to_str(CMD_DETACH), B_TRUE);
4466 4546
4467 4547 } else if ((err = zonecfg_detach_save(handle,
4468 4548 (execute ? 0 : ZONE_DRY_RUN))) != Z_OK) {
4469 4549 errno = err;
4470 4550 zperror(gettext("saving the detach manifest failed"),
4471 4551 B_TRUE);
4472 4552 }
4473 4553
4474 4554 zonecfg_fini_handle(handle);
4475 4555 if (err != Z_OK)
4476 4556 goto done;
4477 4557 }
4478 4558
4479 4559 /*
4480 4560 * Set the zone state back to configured unless we are running with the
4481 4561 * no-execute option.
4482 4562 */
4483 4563 if (execute && (err = zone_set_state(target_zone,
4484 4564 ZONE_STATE_CONFIGURED)) != Z_OK) {
4485 4565 errno = err;
4486 4566 zperror(gettext("could not reset state"), B_TRUE);
4487 4567 }
4488 4568
4489 4569 done:
4490 4570 if (execute) {
4491 4571 assert(lockfd >= 0);
4492 4572 zonecfg_release_lock_file(target_zone, lockfd);
4493 4573 lockfd = -1;
4494 4574 }
4495 4575
4496 4576 assert(lockfd == -1);
4497 4577 return ((err == Z_OK) ? Z_OK : Z_ERR);
4498 4578 }
4499 4579
4500 4580 /*
4501 4581 * Determine the brand when doing a dry-run attach. The zone does not have to
4502 4582 * exist, so we have to read the incoming manifest to determine the zone's
4503 4583 * brand.
4504 4584 *
4505 4585 * Because the manifest has to be processed twice; once to determine the brand
4506 4586 * and once to do the brand-specific attach logic, we always read it into a tmp
4507 4587 * file. This handles the manifest coming from stdin or a regular file. The
4508 4588 * tmpname parameter returns the name of the temporary file that the manifest
4509 4589 * was read into.
4510 4590 */
4511 4591 static int
4512 4592 dryrun_get_brand(char *manifest_path, char *tmpname, int size)
4513 4593 {
4514 4594 int fd;
4515 4595 int err;
4516 4596 int res = Z_OK;
4517 4597 zone_dochandle_t local_handle;
4518 4598 zone_dochandle_t rem_handle = NULL;
4519 4599 int len;
4520 4600 int ofd;
4521 4601 char buf[512];
4522 4602
4523 4603 if (strcmp(manifest_path, "-") == 0) {
4524 4604 fd = STDIN_FILENO;
4525 4605 } else {
4526 4606 if ((fd = open(manifest_path, O_RDONLY)) < 0) {
4527 4607 if (getcwd(buf, sizeof (buf)) == NULL)
4528 4608 (void) strlcpy(buf, "/", sizeof (buf));
4529 4609 zerror(gettext("could not open manifest path %s%s: %s"),
4530 4610 (*manifest_path == '/' ? "" : buf), manifest_path,
4531 4611 strerror(errno));
4532 4612 return (Z_ERR);
4533 4613 }
4534 4614 }
4535 4615
4536 4616 (void) snprintf(tmpname, size, "/var/run/zone.%d", getpid());
4537 4617
4538 4618 if ((ofd = open(tmpname, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)) < 0) {
4539 4619 zperror(gettext("could not save manifest"), B_FALSE);
4540 4620 (void) close(fd);
4541 4621 return (Z_ERR);
4542 4622 }
4543 4623
4544 4624 while ((len = read(fd, buf, sizeof (buf))) > 0) {
4545 4625 if (write(ofd, buf, len) == -1) {
4546 4626 zperror(gettext("could not save manifest"), B_FALSE);
4547 4627 (void) close(ofd);
4548 4628 (void) close(fd);
4549 4629 return (Z_ERR);
4550 4630 }
4551 4631 }
4552 4632
4553 4633 if (close(ofd) != 0) {
4554 4634 zperror(gettext("could not save manifest"), B_FALSE);
4555 4635 (void) close(fd);
4556 4636 return (Z_ERR);
4557 4637 }
4558 4638
4559 4639 (void) close(fd);
4560 4640
4561 4641 if ((fd = open(tmpname, O_RDONLY)) < 0) {
4562 4642 zperror(gettext("could not open manifest path"), B_FALSE);
4563 4643 return (Z_ERR);
4564 4644 }
4565 4645
4566 4646 if ((local_handle = zonecfg_init_handle()) == NULL) {
4567 4647 zperror(cmd_to_str(CMD_ATTACH), B_TRUE);
4568 4648 res = Z_ERR;
4569 4649 goto done;
4570 4650 }
4571 4651
4572 4652 if ((rem_handle = zonecfg_init_handle()) == NULL) {
4573 4653 zperror(cmd_to_str(CMD_ATTACH), B_TRUE);
4574 4654 res = Z_ERR;
4575 4655 goto done;
4576 4656 }
4577 4657
4578 4658 if ((err = zonecfg_attach_manifest(fd, local_handle, rem_handle))
4579 4659 != Z_OK) {
4580 4660 res = Z_ERR;
4581 4661
4582 4662 if (err == Z_INVALID_DOCUMENT) {
4583 4663 struct stat st;
4584 4664 char buf[6];
4585 4665
4586 4666 if (strcmp(manifest_path, "-") == 0) {
4587 4667 zerror(gettext("Input is not a valid XML "
4588 4668 "file"));
4589 4669 goto done;
4590 4670 }
4591 4671
4592 4672 if (fstat(fd, &st) == -1 || !S_ISREG(st.st_mode)) {
4593 4673 zerror(gettext("%s is not an XML file"),
4594 4674 manifest_path);
4595 4675 goto done;
4596 4676 }
4597 4677
4598 4678 bzero(buf, sizeof (buf));
4599 4679 (void) lseek(fd, 0L, SEEK_SET);
4600 4680 if (read(fd, buf, sizeof (buf) - 1) < 0 ||
4601 4681 strncmp(buf, "<?xml", 5) != 0)
4602 4682 zerror(gettext("%s is not an XML file"),
4603 4683 manifest_path);
4604 4684 else
4605 4685 zerror(gettext("Cannot attach to an earlier "
4606 4686 "release of the operating system"));
4607 4687 } else {
4608 4688 zperror(cmd_to_str(CMD_ATTACH), B_TRUE);
4609 4689 }
4610 4690 goto done;
4611 4691 }
4612 4692
4613 4693 /* Retrieve remote handle brand type. */
4614 4694 if (zonecfg_get_brand(rem_handle, target_brand, sizeof (target_brand))
4615 4695 != Z_OK) {
4616 4696 zerror(gettext("missing or invalid brand"));
4617 4697 exit(Z_ERR);
4618 4698 }
4619 4699
4620 4700 done:
4621 4701 zonecfg_fini_handle(local_handle);
4622 4702 zonecfg_fini_handle(rem_handle);
4623 4703 (void) close(fd);
4624 4704
4625 4705 return ((res == Z_OK) ? Z_OK : Z_ERR);
4626 4706 }
4627 4707
4628 4708 /* ARGSUSED */
4629 4709 static int
4630 4710 attach_func(int argc, char *argv[])
4631 4711 {
4632 4712 int lockfd = -1;
4633 4713 int err, arg;
4634 4714 boolean_t force = B_FALSE;
4635 4715 zone_dochandle_t handle;
4636 4716 char zonepath[MAXPATHLEN];
4637 4717 char cmdbuf[MAXPATHLEN];
4638 4718 char postcmdbuf[MAXPATHLEN];
4639 4719 boolean_t execute = B_TRUE;
4640 4720 boolean_t brand_help = B_FALSE;
4641 4721 char *manifest_path;
4642 4722 char tmpmanifest[80];
4643 4723 int manifest_pos;
4644 4724 brand_handle_t bh = NULL;
4645 4725 int status;
4646 4726 int last_index = 0;
4647 4727 int offset;
4648 4728 char *up;
4649 4729 boolean_t forced_update = B_FALSE;
4650 4730
4651 4731 if (zonecfg_in_alt_root()) {
4652 4732 zerror(gettext("cannot attach zone in alternate root"));
4653 4733 return (Z_ERR);
4654 4734 }
4655 4735
4656 4736 /* Check the argv string for args we handle internally */
4657 4737 optind = 0;
4658 4738 opterr = 0;
4659 4739 while ((arg = getopt(argc, argv, "?Fn:U")) != EOF) {
4660 4740 switch (arg) {
4661 4741 case '?':
4662 4742 if (optopt == '?') {
4663 4743 sub_usage(SHELP_ATTACH, CMD_ATTACH);
4664 4744 brand_help = B_TRUE;
4665 4745 }
4666 4746 /* Ignore unknown options - may be brand specific. */
4667 4747 break;
4668 4748 case 'F':
4669 4749 force = B_TRUE;
4670 4750 break;
4671 4751 case 'n':
4672 4752 execute = B_FALSE;
4673 4753 manifest_path = optarg;
4674 4754 manifest_pos = optind - 1;
4675 4755 break;
4676 4756 case 'U':
4677 4757 /*
4678 4758 * Undocumented 'force update' option for p2v update on
4679 4759 * attach when zone is in the incomplete state. Change
4680 4760 * the option back to 'u' and set forced_update flag.
4681 4761 */
4682 4762 if (optind == last_index)
4683 4763 offset = optind;
4684 4764 else
4685 4765 offset = optind - 1;
4686 4766 if ((up = index(argv[offset], 'U')) != NULL)
4687 4767 *up = 'u';
4688 4768 forced_update = B_TRUE;
4689 4769 break;
4690 4770 default:
4691 4771 /* Ignore unknown options - may be brand specific. */
4692 4772 break;
4693 4773 }
4694 4774 last_index = optind;
4695 4775 }
4696 4776
4697 4777 if (brand_help) {
4698 4778 force = B_FALSE;
4699 4779 execute = B_TRUE;
4700 4780 }
4701 4781
4702 4782 /* dry-run and force flags are mutually exclusive */
4703 4783 if (!execute && force) {
4704 4784 zerror(gettext("-F and -n flags are mutually exclusive"));
4705 4785 return (Z_ERR);
4706 4786 }
4707 4787
4708 4788 /*
4709 4789 * If the no-execute option was specified, we don't do validation and
4710 4790 * need to figure out the brand, since there is no zone required to be
4711 4791 * configured for this option.
4712 4792 */
4713 4793 if (execute) {
4714 4794 if (!brand_help) {
4715 4795 if (sanity_check(target_zone, CMD_ATTACH, B_FALSE,
4716 4796 B_TRUE, forced_update) != Z_OK)
4717 4797 return (Z_ERR);
4718 4798 if (verify_details(CMD_ATTACH, argv) != Z_OK)
4719 4799 return (Z_ERR);
4720 4800 }
4721 4801
4722 4802 if ((err = zone_get_zonepath(target_zone, zonepath,
4723 4803 sizeof (zonepath))) != Z_OK) {
4724 4804 errno = err;
4725 4805 zperror2(target_zone,
4726 4806 gettext("could not get zone path"));
4727 4807 return (Z_ERR);
4728 4808 }
4729 4809 } else {
4730 4810 if (dryrun_get_brand(manifest_path, tmpmanifest,
4731 4811 sizeof (tmpmanifest)) != Z_OK)
4732 4812 return (Z_ERR);
4733 4813
4734 4814 argv[manifest_pos] = tmpmanifest;
4735 4815 target_zone = "-";
4736 4816 (void) strlcpy(zonepath, "-", sizeof (zonepath));
4737 4817
4738 4818 /* Run the brand's verify_adm hook. */
4739 4819 if (verify_brand(NULL, CMD_ATTACH, argv) != Z_OK)
4740 4820 return (Z_ERR);
4741 4821 }
4742 4822
4743 4823 /*
4744 4824 * Fetch the attach and postattach hooks from the brand configuration.
4745 4825 */
4746 4826 if ((bh = brand_open(target_brand)) == NULL) {
4747 4827 zerror(gettext("missing or invalid brand"));
4748 4828 return (Z_ERR);
4749 4829 }
4750 4830
4751 4831 if (get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_attach, target_zone,
4752 4832 zonepath) != Z_OK) {
4753 4833 zerror("invalid brand configuration: missing attach resource");
4754 4834 brand_close(bh);
4755 4835 return (Z_ERR);
4756 4836 }
4757 4837
4758 4838 if (get_hook(bh, postcmdbuf, sizeof (postcmdbuf), brand_get_postattach,
4759 4839 target_zone, zonepath) != Z_OK) {
4760 4840 zerror("invalid brand configuration: missing postattach "
4761 4841 "resource");
4762 4842 brand_close(bh);
4763 4843 return (Z_ERR);
4764 4844 }
4765 4845 brand_close(bh);
4766 4846
4767 4847 /* Append all options to attach hook. */
4768 4848 if (addoptions(cmdbuf, argv, sizeof (cmdbuf)) != Z_OK)
4769 4849 return (Z_ERR);
4770 4850
4771 4851 /* Append all options to postattach hook. */
4772 4852 if (addoptions(postcmdbuf, argv, sizeof (postcmdbuf)) != Z_OK)
4773 4853 return (Z_ERR);
4774 4854
4775 4855 if (execute && !brand_help) {
4776 4856 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
4777 4857 zerror(gettext("another %s may have an operation in "
4778 4858 "progress."), "zoneadm");
4779 4859 return (Z_ERR);
4780 4860 }
4781 4861 }
4782 4862
4783 4863 if (!force) {
4784 4864 /*
4785 4865 * Not a force-attach, so we need to actually do the work.
4786 4866 */
4787 4867 if (cmdbuf[0] != '\0') {
4788 4868 /* Run the attach hook */
4789 4869 status = do_subproc(cmdbuf);
4790 4870 if ((status = subproc_status(gettext("brand-specific "
4791 4871 "attach"), status, B_FALSE)) != ZONE_SUBPROC_OK) {
4792 4872 if (status == ZONE_SUBPROC_USAGE && !brand_help)
4793 4873 sub_usage(SHELP_ATTACH, CMD_ATTACH);
4794 4874
4795 4875 if (execute && !brand_help) {
4796 4876 assert(zonecfg_lock_file_held(&lockfd));
4797 4877 zonecfg_release_lock_file(target_zone,
4798 4878 lockfd);
4799 4879 lockfd = -1;
4800 4880 }
4801 4881
4802 4882 assert(lockfd == -1);
4803 4883 return (Z_ERR);
4804 4884 }
4805 4885 }
4806 4886
4807 4887 /*
4808 4888 * Else run the built-in attach support.
4809 4889 * This is a no-op since there is nothing to validate.
4810 4890 */
4811 4891
4812 4892 /* If dry-run or help, then we're done. */
4813 4893 if (!execute || brand_help) {
4814 4894 if (!execute)
4815 4895 (void) unlink(tmpmanifest);
4816 4896 assert(lockfd == -1);
4817 4897 return (Z_OK);
4818 4898 }
4819 4899 }
4820 4900
4821 4901 /* Now we can validate that the zonepath exists. */
4822 4902 if (validate_zonepath(zonepath, CMD_ATTACH) != Z_OK) {
4823 4903 (void) fprintf(stderr, gettext("could not verify zonepath %s "
4824 4904 "because of the above errors.\n"), zonepath);
4825 4905
4826 4906 assert(zonecfg_lock_file_held(&lockfd));
4827 4907 zonecfg_release_lock_file(target_zone, lockfd);
4828 4908 return (Z_ERR);
4829 4909 }
4830 4910
4831 4911 if ((handle = zonecfg_init_handle()) == NULL) {
4832 4912 zperror(cmd_to_str(CMD_ATTACH), B_TRUE);
4833 4913 err = Z_ERR;
4834 4914 } else if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
4835 4915 errno = err;
4836 4916 zperror(cmd_to_str(CMD_ATTACH), B_TRUE);
4837 4917 zonecfg_fini_handle(handle);
4838 4918 } else {
4839 4919 zonecfg_rm_detached(handle, force);
4840 4920 zonecfg_fini_handle(handle);
4841 4921 }
4842 4922
4843 4923 if (err == Z_OK &&
4844 4924 (err = zone_set_state(target_zone, ZONE_STATE_INSTALLED)) != Z_OK) {
4845 4925 errno = err;
4846 4926 zperror(gettext("could not reset state"), B_TRUE);
4847 4927 }
4848 4928
4849 4929 assert(zonecfg_lock_file_held(&lockfd));
4850 4930 zonecfg_release_lock_file(target_zone, lockfd);
4851 4931 lockfd = -1;
4852 4932
4853 4933 /* If we have a brand postattach hook, run it. */
4854 4934 if (err == Z_OK && !force && postcmdbuf[0] != '\0') {
4855 4935 status = do_subproc(postcmdbuf);
4856 4936 if (subproc_status(gettext("brand-specific postattach"),
4857 4937 status, B_FALSE) != ZONE_SUBPROC_OK) {
4858 4938 if ((err = zone_set_state(target_zone,
4859 4939 ZONE_STATE_CONFIGURED)) != Z_OK) {
4860 4940 errno = err;
4861 4941 zperror(gettext("could not reset state"),
4862 4942 B_TRUE);
4863 4943 }
4864 4944 }
4865 4945 }
4866 4946
4867 4947 assert(lockfd == -1);
4868 4948 return ((err == Z_OK) ? Z_OK : Z_ERR);
4869 4949 }
4870 4950
4871 4951 /*
4872 4952 * On input, TRUE => yes, FALSE => no.
4873 4953 * On return, TRUE => 1, FALSE => 0, could not ask => -1.
4874 4954 */
4875 4955
4876 4956 static int
4877 4957 ask_yesno(boolean_t default_answer, const char *question)
4878 4958 {
4879 4959 char line[64]; /* should be large enough to answer yes or no */
4880 4960
4881 4961 if (!isatty(STDIN_FILENO))
4882 4962 return (-1);
4883 4963 for (;;) {
4884 4964 (void) printf("%s (%s)? ", question,
4885 4965 default_answer ? "[y]/n" : "y/[n]");
4886 4966 if (fgets(line, sizeof (line), stdin) == NULL ||
4887 4967 line[0] == '\n')
4888 4968 return (default_answer ? 1 : 0);
4889 4969 if (tolower(line[0]) == 'y')
4890 4970 return (1);
4891 4971 if (tolower(line[0]) == 'n')
4892 4972 return (0);
4893 4973 }
4894 4974 }
4895 4975
4896 4976 /* ARGSUSED */
4897 4977 static int
4898 4978 uninstall_func(int argc, char *argv[])
4899 4979 {
4900 4980 char line[ZONENAME_MAX + 128]; /* Enough for "Are you sure ..." */
4901 4981 char rootpath[MAXPATHLEN], zonepath[MAXPATHLEN];
4902 4982 char cmdbuf[MAXPATHLEN];
4903 4983 char precmdbuf[MAXPATHLEN];
4904 4984 boolean_t force = B_FALSE;
4905 4985 int lockfd, answer;
4906 4986 int err, arg;
4907 4987 boolean_t brand_help = B_FALSE;
4908 4988 brand_handle_t bh = NULL;
4909 4989 int status;
4910 4990
4911 4991 if (zonecfg_in_alt_root()) {
4912 4992 zerror(gettext("cannot uninstall zone in alternate root"));
4913 4993 return (Z_ERR);
4914 4994 }
4915 4995
4916 4996 /* Check the argv string for args we handle internally */
4917 4997 optind = 0;
4918 4998 opterr = 0;
4919 4999 while ((arg = getopt(argc, argv, "?F")) != EOF) {
4920 5000 switch (arg) {
4921 5001 case '?':
4922 5002 if (optopt == '?') {
4923 5003 sub_usage(SHELP_UNINSTALL, CMD_UNINSTALL);
4924 5004 brand_help = B_TRUE;
4925 5005 }
4926 5006 /* Ignore unknown options - may be brand specific. */
4927 5007 break;
4928 5008 case 'F':
4929 5009 force = B_TRUE;
4930 5010 break;
4931 5011 default:
4932 5012 /* Ignore unknown options - may be brand specific. */
4933 5013 break;
4934 5014 }
4935 5015 }
4936 5016
4937 5017 if (!brand_help) {
4938 5018 if (sanity_check(target_zone, CMD_UNINSTALL, B_FALSE, B_TRUE,
4939 5019 B_FALSE) != Z_OK)
4940 5020 return (Z_ERR);
4941 5021
4942 5022 /*
4943 5023 * Invoke brand-specific handler.
4944 5024 */
4945 5025 if (invoke_brand_handler(CMD_UNINSTALL, argv) != Z_OK)
4946 5026 return (Z_ERR);
4947 5027
4948 5028 if (!force) {
4949 5029 (void) snprintf(line, sizeof (line),
4950 5030 gettext("Are you sure you want to %s zone %s"),
4951 5031 cmd_to_str(CMD_UNINSTALL), target_zone);
4952 5032 if ((answer = ask_yesno(B_FALSE, line)) == 0) {
4953 5033 return (Z_OK);
4954 5034 } else if (answer == -1) {
4955 5035 zerror(gettext("Input not from terminal and -F "
4956 5036 "not specified: %s not done."),
4957 5037 cmd_to_str(CMD_UNINSTALL));
4958 5038 return (Z_ERR);
4959 5039 }
4960 5040 }
4961 5041 }
4962 5042
4963 5043 if ((err = zone_get_zonepath(target_zone, zonepath,
4964 5044 sizeof (zonepath))) != Z_OK) {
4965 5045 errno = err;
4966 5046 zperror2(target_zone, gettext("could not get zone path"));
4967 5047 return (Z_ERR);
4968 5048 }
4969 5049
4970 5050 /*
4971 5051 * Fetch the uninstall and preuninstall hooks from the brand
4972 5052 * configuration.
4973 5053 */
4974 5054 if ((bh = brand_open(target_brand)) == NULL) {
4975 5055 zerror(gettext("missing or invalid brand"));
4976 5056 return (Z_ERR);
4977 5057 }
4978 5058
4979 5059 if (get_hook(bh, cmdbuf, sizeof (cmdbuf), brand_get_uninstall,
4980 5060 target_zone, zonepath) != Z_OK) {
4981 5061 zerror("invalid brand configuration: missing uninstall "
4982 5062 "resource");
4983 5063 brand_close(bh);
4984 5064 return (Z_ERR);
4985 5065 }
4986 5066
4987 5067 if (get_hook(bh, precmdbuf, sizeof (precmdbuf), brand_get_preuninstall,
4988 5068 target_zone, zonepath) != Z_OK) {
4989 5069 zerror("invalid brand configuration: missing preuninstall "
4990 5070 "resource");
4991 5071 brand_close(bh);
4992 5072 return (Z_ERR);
4993 5073 }
4994 5074 brand_close(bh);
4995 5075
4996 5076 /* Append all options to preuninstall hook. */
4997 5077 if (addoptions(precmdbuf, argv, sizeof (precmdbuf)) != Z_OK)
4998 5078 return (Z_ERR);
4999 5079
5000 5080 /* Append all options to uninstall hook. */
5001 5081 if (addoptions(cmdbuf, argv, sizeof (cmdbuf)) != Z_OK)
5002 5082 return (Z_ERR);
5003 5083
5004 5084 if (!brand_help) {
5005 5085 if ((err = zone_get_rootpath(target_zone, rootpath,
5006 5086 sizeof (rootpath))) != Z_OK) {
5007 5087 errno = err;
5008 5088 zperror2(target_zone, gettext("could not get root "
5009 5089 "path"));
5010 5090 return (Z_ERR);
5011 5091 }
5012 5092
5013 5093 /*
5014 5094 * If there seems to be a zoneadmd running for this zone, call
5015 5095 * it to tell it that an uninstall is happening; if all goes
5016 5096 * well it will then shut itself down.
5017 5097 */
5018 5098 if (zonecfg_ping_zoneadmd(target_zone) == Z_OK) {
5019 5099 zone_cmd_arg_t zarg;
5020 5100 zarg.cmd = Z_NOTE_UNINSTALLING;
5021 5101 /* we don't care too much if this fails, just plow on */
5022 5102 (void) zonecfg_call_zoneadmd(target_zone, &zarg, locale,
5023 5103 B_TRUE);
5024 5104 }
5025 5105
5026 5106 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
5027 5107 zerror(gettext("another %s may have an operation in "
5028 5108 "progress."), "zoneadm");
5029 5109 return (Z_ERR);
5030 5110 }
5031 5111
5032 5112 /* Don't uninstall the zone if anything is mounted there */
5033 5113 err = zonecfg_find_mounts(rootpath, NULL, NULL);
5034 5114 if (err) {
5035 5115 zerror(gettext("These file systems are mounted on "
5036 5116 "subdirectories of %s.\n"), rootpath);
5037 5117 (void) zonecfg_find_mounts(rootpath, zfm_print, NULL);
5038 5118 zonecfg_release_lock_file(target_zone, lockfd);
5039 5119 return (Z_ERR);
5040 5120 }
5041 5121 }
5042 5122
5043 5123 /* If we have a brand preuninstall hook, run it. */
5044 5124 if (!brand_help && precmdbuf[0] != '\0') {
5045 5125 status = do_subproc(precmdbuf);
5046 5126 if (subproc_status(gettext("brand-specific preuninstall"),
5047 5127 status, B_FALSE) != ZONE_SUBPROC_OK) {
5048 5128 zonecfg_release_lock_file(target_zone, lockfd);
5049 5129 return (Z_ERR);
5050 5130 }
5051 5131 }
5052 5132
5053 5133 if (!brand_help) {
5054 5134 err = zone_set_state(target_zone, ZONE_STATE_INCOMPLETE);
5055 5135 if (err != Z_OK) {
5056 5136 errno = err;
5057 5137 zperror2(target_zone, gettext("could not set state"));
5058 5138 goto bad;
5059 5139 }
5060 5140 }
5061 5141
5062 5142 /*
5063 5143 * If there is a brand uninstall hook, use it, otherwise use the
5064 5144 * built-in uninstall code.
5065 5145 */
5066 5146 if (cmdbuf[0] != '\0') {
5067 5147 /* Run the uninstall hook */
5068 5148 status = do_subproc(cmdbuf);
5069 5149 if ((status = subproc_status(gettext("brand-specific "
5070 5150 "uninstall"), status, B_FALSE)) != ZONE_SUBPROC_OK) {
5071 5151 if (status == ZONE_SUBPROC_USAGE && !brand_help)
5072 5152 sub_usage(SHELP_UNINSTALL, CMD_UNINSTALL);
5073 5153 if (!brand_help)
5074 5154 zonecfg_release_lock_file(target_zone, lockfd);
5075 5155 return (Z_ERR);
5076 5156 }
5077 5157
5078 5158 if (brand_help)
5079 5159 return (Z_OK);
5080 5160 } else {
5081 5161 /* If just help, we're done since there is no brand help. */
5082 5162 if (brand_help)
5083 5163 return (Z_OK);
5084 5164
5085 5165 /* Run the built-in uninstall support. */
5086 5166 if ((err = cleanup_zonepath(zonepath, B_FALSE)) != Z_OK) {
5087 5167 errno = err;
5088 5168 zperror2(target_zone, gettext("cleaning up zonepath "
5089 5169 "failed"));
5090 5170 goto bad;
5091 5171 }
5092 5172 }
5093 5173
5094 5174 err = zone_set_state(target_zone, ZONE_STATE_CONFIGURED);
5095 5175 if (err != Z_OK) {
5096 5176 errno = err;
5097 5177 zperror2(target_zone, gettext("could not reset state"));
5098 5178 }
5099 5179 bad:
5100 5180 zonecfg_release_lock_file(target_zone, lockfd);
5101 5181 return (err);
5102 5182 }
5103 5183
5104 5184 /* ARGSUSED */
5105 5185 static int
5106 5186 mount_func(int argc, char *argv[])
5107 5187 {
5108 5188 zone_cmd_arg_t zarg;
5109 5189 boolean_t force = B_FALSE;
5110 5190 int arg;
5111 5191
5112 5192 /*
5113 5193 * The only supported subargument to the "mount" subcommand is
5114 5194 * "-f", which forces us to mount a zone in the INCOMPLETE state.
5115 5195 */
5116 5196 optind = 0;
5117 5197 if ((arg = getopt(argc, argv, "f")) != EOF) {
5118 5198 switch (arg) {
5119 5199 case 'f':
5120 5200 force = B_TRUE;
5121 5201 break;
5122 5202 default:
5123 5203 return (Z_USAGE);
5124 5204 }
5125 5205 }
5126 5206 if (argc > optind)
5127 5207 return (Z_USAGE);
5128 5208
5129 5209 if (sanity_check(target_zone, CMD_MOUNT, B_FALSE, B_FALSE, force)
5130 5210 != Z_OK)
5131 5211 return (Z_ERR);
5132 5212 if (verify_details(CMD_MOUNT, argv) != Z_OK)
5133 5213 return (Z_ERR);
5134 5214
5135 5215 zarg.cmd = force ? Z_FORCEMOUNT : Z_MOUNT;
5136 5216 zarg.bootbuf[0] = '\0';
5137 5217 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) != 0) {
5138 5218 zerror(gettext("call to %s failed"), "zoneadmd");
5139 5219 return (Z_ERR);
5140 5220 }
5141 5221 return (Z_OK);
5142 5222 }
5143 5223
5144 5224 /* ARGSUSED */
5145 5225 static int
5146 5226 unmount_func(int argc, char *argv[])
5147 5227 {
5148 5228 zone_cmd_arg_t zarg;
5149 5229
5150 5230 if (argc > 0)
5151 5231 return (Z_USAGE);
5152 5232 if (sanity_check(target_zone, CMD_UNMOUNT, B_FALSE, B_FALSE, B_FALSE)
5153 5233 != Z_OK)
5154 5234 return (Z_ERR);
5155 5235
5156 5236 zarg.cmd = Z_UNMOUNT;
5157 5237 if (zonecfg_call_zoneadmd(target_zone, &zarg, locale, B_TRUE) != 0) {
5158 5238 zerror(gettext("call to %s failed"), "zoneadmd");
5159 5239 return (Z_ERR);
5160 5240 }
5161 5241 return (Z_OK);
5162 5242 }
5163 5243
5164 5244 static int
5165 5245 mark_func(int argc, char *argv[])
5166 5246 {
5167 5247 int err, lockfd;
5168 5248 int arg;
5169 5249 boolean_t force = B_FALSE;
5170 5250 int state;
5171 5251
5172 5252 optind = 0;
5173 5253 opterr = 0;
5174 5254 while ((arg = getopt(argc, argv, "F")) != EOF) {
5175 5255 switch (arg) {
5176 5256 case 'F':
5177 5257 force = B_TRUE;
5178 5258 break;
5179 5259 default:
5180 5260 return (Z_USAGE);
5181 5261 }
5182 5262 }
5183 5263
5184 5264 if (argc != (optind + 1))
5185 5265 return (Z_USAGE);
5186 5266
5187 5267 if (strcmp(argv[optind], "configured") == 0)
5188 5268 state = ZONE_STATE_CONFIGURED;
5189 5269 else if (strcmp(argv[optind], "incomplete") == 0)
5190 5270 state = ZONE_STATE_INCOMPLETE;
5191 5271 else if (strcmp(argv[optind], "installed") == 0)
5192 5272 state = ZONE_STATE_INSTALLED;
5193 5273 else
5194 5274 return (Z_USAGE);
5195 5275
5196 5276 if (state != ZONE_STATE_INCOMPLETE && !force)
5197 5277 return (Z_USAGE);
5198 5278
5199 5279 if (sanity_check(target_zone, CMD_MARK, B_FALSE, B_TRUE, B_FALSE)
5200 5280 != Z_OK)
5201 5281 return (Z_ERR);
5202 5282
5203 5283 /*
5204 5284 * Invoke brand-specific handler.
5205 5285 */
5206 5286 if (invoke_brand_handler(CMD_MARK, argv) != Z_OK)
5207 5287 return (Z_ERR);
5208 5288
5209 5289 if (zonecfg_grab_lock_file(target_zone, &lockfd) != Z_OK) {
5210 5290 zerror(gettext("another %s may have an operation in progress."),
5211 5291 "zoneadm");
5212 5292 return (Z_ERR);
5213 5293 }
5214 5294
5215 5295 err = zone_set_state(target_zone, state);
5216 5296 if (err != Z_OK) {
5217 5297 errno = err;
5218 5298 zperror2(target_zone, gettext("could not set state"));
5219 5299 }
5220 5300 zonecfg_release_lock_file(target_zone, lockfd);
5221 5301
5222 5302 return (err);
5223 5303 }
5224 5304
5225 5305 /*
5226 5306 * Check what scheduling class we're running under and print a warning if
5227 5307 * we're not using FSS.
5228 5308 */
5229 5309 static int
5230 5310 check_sched_fss(zone_dochandle_t handle)
5231 5311 {
5232 5312 char class_name[PC_CLNMSZ];
5233 5313
5234 5314 if (zonecfg_get_dflt_sched_class(handle, class_name,
5235 5315 sizeof (class_name)) != Z_OK) {
5236 5316 zerror(gettext("WARNING: unable to determine the zone's "
5237 5317 "scheduling class"));
5238 5318 } else if (strcmp("FSS", class_name) != 0) {
5239 5319 zerror(gettext("WARNING: The zone.cpu-shares rctl is set but\n"
5240 5320 "FSS is not the default scheduling class for this zone. "
5241 5321 "FSS will be\nused for processes in the zone but to get "
5242 5322 "the full benefit of FSS,\nit should be the default "
5243 5323 "scheduling class. See dispadmin(1M) for\nmore details."));
5244 5324 return (Z_SYSTEM);
5245 5325 }
5246 5326
5247 5327 return (Z_OK);
5248 5328 }
5249 5329
5250 5330 static int
5251 5331 check_cpu_shares_sched(zone_dochandle_t handle)
5252 5332 {
5253 5333 int err;
5254 5334 int res = Z_OK;
5255 5335 struct zone_rctltab rctl;
5256 5336
5257 5337 if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
5258 5338 errno = err;
5259 5339 zperror(cmd_to_str(CMD_APPLY), B_TRUE);
5260 5340 return (err);
5261 5341 }
5262 5342
5263 5343 while (zonecfg_getrctlent(handle, &rctl) == Z_OK) {
5264 5344 if (strcmp(rctl.zone_rctl_name, "zone.cpu-shares") == 0) {
5265 5345 if (check_sched_fss(handle) != Z_OK)
5266 5346 res = Z_SYSTEM;
5267 5347 break;
5268 5348 }
5269 5349 }
5270 5350
5271 5351 (void) zonecfg_endrctlent(handle);
5272 5352
5273 5353 return (res);
5274 5354 }
5275 5355
5276 5356 /*
5277 5357 * Check if there is a mix of processes running in different pools within the
5278 5358 * zone. This is currently only going to be called for the global zone from
5279 5359 * apply_func but that could be generalized in the future.
5280 5360 */
5281 5361 static boolean_t
5282 5362 mixed_pools(zoneid_t zoneid)
5283 5363 {
5284 5364 DIR *dirp;
5285 5365 dirent_t *dent;
5286 5366 boolean_t mixed = B_FALSE;
5287 5367 boolean_t poolid_set = B_FALSE;
5288 5368 poolid_t last_poolid = 0;
5289 5369
5290 5370 if ((dirp = opendir("/proc")) == NULL) {
5291 5371 zerror(gettext("could not open /proc"));
5292 5372 return (B_FALSE);
5293 5373 }
5294 5374
5295 5375 while ((dent = readdir(dirp)) != NULL) {
5296 5376 int procfd;
5297 5377 psinfo_t ps;
5298 5378 char procpath[MAXPATHLEN];
5299 5379
5300 5380 if (dent->d_name[0] == '.')
5301 5381 continue;
5302 5382
5303 5383 (void) snprintf(procpath, sizeof (procpath), "/proc/%s/psinfo",
5304 5384 dent->d_name);
5305 5385
5306 5386 if ((procfd = open(procpath, O_RDONLY)) == -1)
5307 5387 continue;
5308 5388
5309 5389 if (read(procfd, &ps, sizeof (ps)) == sizeof (psinfo_t)) {
5310 5390 /* skip processes in other zones and system processes */
5311 5391 if (zoneid != ps.pr_zoneid || ps.pr_flag & SSYS) {
5312 5392 (void) close(procfd);
5313 5393 continue;
5314 5394 }
5315 5395
5316 5396 if (poolid_set) {
5317 5397 if (ps.pr_poolid != last_poolid)
5318 5398 mixed = B_TRUE;
5319 5399 } else {
5320 5400 last_poolid = ps.pr_poolid;
5321 5401 poolid_set = B_TRUE;
5322 5402 }
5323 5403 }
5324 5404
5325 5405 (void) close(procfd);
5326 5406
5327 5407 if (mixed)
5328 5408 break;
5329 5409 }
5330 5410
5331 5411 (void) closedir(dirp);
5332 5412
5333 5413 return (mixed);
5334 5414 }
5335 5415
5336 5416 /*
5337 5417 * Check if a persistent or temporary pool is configured for the zone.
5338 5418 * This is currently only going to be called for the global zone from
5339 5419 * apply_func but that could be generalized in the future.
5340 5420 */
5341 5421 static boolean_t
5342 5422 pool_configured(zone_dochandle_t handle)
5343 5423 {
5344 5424 int err1, err2;
5345 5425 struct zone_psettab pset_tab;
5346 5426 char poolname[MAXPATHLEN];
5347 5427
5348 5428 err1 = zonecfg_lookup_pset(handle, &pset_tab);
5349 5429 err2 = zonecfg_get_pool(handle, poolname, sizeof (poolname));
5350 5430
5351 5431 if (err1 == Z_NO_ENTRY &&
5352 5432 (err2 == Z_NO_ENTRY || (err2 == Z_OK && strlen(poolname) == 0)))
5353 5433 return (B_FALSE);
5354 5434
5355 5435 return (B_TRUE);
5356 5436 }
5357 5437
5358 5438 /*
5359 5439 * This is an undocumented interface which is currently only used to apply
5360 5440 * the global zone resource management settings when the system boots.
5361 5441 * This function does not yet properly handle updating a running system so
5362 5442 * any projects running in the zone would be trashed if this function
5363 5443 * were to run after the zone had booted. It also does not reset any
5364 5444 * rctl settings that were removed from zonecfg. There is still work to be
5365 5445 * done before we can properly support dynamically updating the resource
5366 5446 * management settings for a running zone (global or non-global). Thus, this
5367 5447 * functionality is undocumented for now.
|
↓ open down ↓ |
1486 lines elided |
↑ open up ↑ |
5368 5448 */
5369 5449 /* ARGSUSED */
5370 5450 static int
5371 5451 apply_func(int argc, char *argv[])
5372 5452 {
5373 5453 int err;
5374 5454 int res = Z_OK;
5375 5455 priv_set_t *privset;
5376 5456 zoneid_t zoneid;
5377 5457 zone_dochandle_t handle;
5378 - struct zone_mcaptab mcap;
5458 + uint64_t mcap;
5379 5459 char pool_err[128];
5380 5460
5381 5461 zoneid = getzoneid();
5382 5462
5383 5463 if (zonecfg_in_alt_root() || zoneid != GLOBAL_ZONEID ||
5384 5464 target_zone == NULL || strcmp(target_zone, GLOBAL_ZONENAME) != 0)
5385 5465 return (usage(B_FALSE));
5386 5466
5387 5467 if ((privset = priv_allocset()) == NULL) {
5388 5468 zerror(gettext("%s failed"), "priv_allocset");
5389 5469 return (Z_ERR);
5390 5470 }
5391 5471
5392 5472 if (getppriv(PRIV_EFFECTIVE, privset) != 0) {
5393 5473 zerror(gettext("%s failed"), "getppriv");
5394 5474 priv_freeset(privset);
5395 5475 return (Z_ERR);
5396 5476 }
5397 5477
5398 5478 if (priv_isfullset(privset) == B_FALSE) {
5399 5479 (void) usage(B_FALSE);
5400 5480 priv_freeset(privset);
5401 5481 return (Z_ERR);
5402 5482 }
5403 5483 priv_freeset(privset);
5404 5484
5405 5485 if ((handle = zonecfg_init_handle()) == NULL) {
5406 5486 zperror(cmd_to_str(CMD_APPLY), B_TRUE);
5407 5487 return (Z_ERR);
5408 5488 }
5409 5489
5410 5490 if ((err = zonecfg_get_handle(target_zone, handle)) != Z_OK) {
5411 5491 errno = err;
5412 5492 zperror(cmd_to_str(CMD_APPLY), B_TRUE);
5413 5493 zonecfg_fini_handle(handle);
5414 5494 return (Z_ERR);
5415 5495 }
5416 5496
5417 5497 /* specific error msgs are printed within apply_rctls */
5418 5498 if ((err = zonecfg_apply_rctls(target_zone, handle)) != Z_OK) {
5419 5499 errno = err;
5420 5500 zperror(cmd_to_str(CMD_APPLY), B_TRUE);
5421 5501 res = Z_ERR;
5422 5502 }
5423 5503
5424 5504 if ((err = check_cpu_shares_sched(handle)) != Z_OK)
5425 5505 res = Z_ERR;
5426 5506
5427 5507 if (pool_configured(handle)) {
5428 5508 if (mixed_pools(zoneid)) {
5429 5509 zerror(gettext("Zone is using multiple resource "
5430 5510 "pools. The pool\nconfiguration cannot be "
5431 5511 "applied without rebooting."));
5432 5512 res = Z_ERR;
5433 5513 } else {
5434 5514
5435 5515 /*
5436 5516 * The next two blocks of code attempt to set up
5437 5517 * temporary pools as well as persistent pools. In
5438 5518 * both cases we call the functions unconditionally.
5439 5519 * Within each funtion the code will check if the zone
5440 5520 * is actually configured for a temporary pool or
5441 5521 * persistent pool and just return if there is nothing
5442 5522 * to do.
5443 5523 */
5444 5524 if ((err = zonecfg_bind_tmp_pool(handle, zoneid,
5445 5525 pool_err, sizeof (pool_err))) != Z_OK) {
5446 5526 if (err == Z_POOL || err == Z_POOL_CREATE ||
5447 5527 err == Z_POOL_BIND)
5448 5528 zerror("%s: %s", zonecfg_strerror(err),
5449 5529 pool_err);
5450 5530 else
5451 5531 zerror(gettext("could not bind zone to "
5452 5532 "temporary pool: %s"),
5453 5533 zonecfg_strerror(err));
5454 5534 res = Z_ERR;
5455 5535 }
5456 5536
5457 5537 if ((err = zonecfg_bind_pool(handle, zoneid, pool_err,
5458 5538 sizeof (pool_err))) != Z_OK) {
|
↓ open down ↓ |
70 lines elided |
↑ open up ↑ |
5459 5539 if (err == Z_POOL || err == Z_POOL_BIND)
5460 5540 zerror("%s: %s", zonecfg_strerror(err),
5461 5541 pool_err);
5462 5542 else
5463 5543 zerror("%s", zonecfg_strerror(err));
5464 5544 }
5465 5545 }
5466 5546 }
5467 5547
5468 5548 /*
5469 - * If a memory cap is configured, set the cap in the kernel using
5470 - * zone_setattr() and make sure the rcapd SMF service is enabled.
5549 + * If a memory cap is configured, make sure the rcapd SMF service is
5550 + * enabled.
5471 5551 */
5472 - if (zonecfg_getmcapent(handle, &mcap) == Z_OK) {
5473 - uint64_t num;
5552 + if (zonecfg_get_aliased_rctl(handle, ALIAS_MAXPHYSMEM, &mcap) == Z_OK) {
5474 5553 char smf_err[128];
5475 5554
5476 - num = (uint64_t)strtoll(mcap.zone_physmem_cap, NULL, 10);
5477 - if (zone_setattr(zoneid, ZONE_ATTR_PHYS_MCAP, &num, 0) == -1) {
5478 - zerror(gettext("could not set zone memory cap"));
5479 - res = Z_ERR;
5480 - }
5481 -
5482 5555 if (zonecfg_enable_rcapd(smf_err, sizeof (smf_err)) != Z_OK) {
5483 5556 zerror(gettext("enabling system/rcap service failed: "
5484 5557 "%s"), smf_err);
5485 5558 res = Z_ERR;
5486 5559 }
5487 5560 }
5488 5561
5489 5562 zonecfg_fini_handle(handle);
5490 5563
5491 5564 return (res);
5492 5565 }
5493 5566
5494 5567 /*
5495 5568 * This is an undocumented interface that is invoked by the zones SMF service
5496 5569 * for installed zones that won't automatically boot.
5497 5570 */
5498 5571 /* ARGSUSED */
5499 5572 static int
5500 5573 sysboot_func(int argc, char *argv[])
5501 5574 {
5502 5575 int err;
5503 5576 zone_dochandle_t zone_handle;
5504 5577 brand_handle_t brand_handle;
5505 5578 char cmdbuf[MAXPATHLEN];
5506 5579 char zonepath[MAXPATHLEN];
5507 5580
5508 5581 /*
5509 5582 * This subcommand can only be executed in the global zone on non-global
5510 5583 * zones.
5511 5584 */
5512 5585 if (zonecfg_in_alt_root())
5513 5586 return (usage(B_FALSE));
5514 5587 if (sanity_check(target_zone, CMD_SYSBOOT, B_FALSE, B_TRUE, B_FALSE) !=
5515 5588 Z_OK)
5516 5589 return (Z_ERR);
5517 5590
5518 5591 /*
5519 5592 * Fetch the sysboot hook from the target zone's brand.
5520 5593 */
5521 5594 if ((zone_handle = zonecfg_init_handle()) == NULL) {
5522 5595 zperror(cmd_to_str(CMD_SYSBOOT), B_TRUE);
5523 5596 return (Z_ERR);
5524 5597 }
5525 5598 if ((err = zonecfg_get_handle(target_zone, zone_handle)) != Z_OK) {
5526 5599 errno = err;
5527 5600 zperror(cmd_to_str(CMD_SYSBOOT), B_TRUE);
5528 5601 zonecfg_fini_handle(zone_handle);
5529 5602 return (Z_ERR);
5530 5603 }
5531 5604 if ((err = zonecfg_get_zonepath(zone_handle, zonepath,
5532 5605 sizeof (zonepath))) != Z_OK) {
5533 5606 errno = err;
5534 5607 zperror(cmd_to_str(CMD_SYSBOOT), B_TRUE);
5535 5608 zonecfg_fini_handle(zone_handle);
5536 5609 return (Z_ERR);
5537 5610 }
5538 5611 if ((brand_handle = brand_open(target_brand)) == NULL) {
5539 5612 zerror(gettext("missing or invalid brand during %s operation: "
5540 5613 "%s"), cmd_to_str(CMD_SYSBOOT), target_brand);
5541 5614 zonecfg_fini_handle(zone_handle);
5542 5615 return (Z_ERR);
5543 5616 }
5544 5617 err = get_hook(brand_handle, cmdbuf, sizeof (cmdbuf), brand_get_sysboot,
5545 5618 target_zone, zonepath);
5546 5619 brand_close(brand_handle);
5547 5620 zonecfg_fini_handle(zone_handle);
5548 5621 if (err != Z_OK) {
5549 5622 zerror(gettext("unable to get brand hook from brand %s for %s "
5550 5623 "operation"), target_brand, cmd_to_str(CMD_SYSBOOT));
5551 5624 return (Z_ERR);
5552 5625 }
5553 5626
5554 5627 /*
5555 5628 * If the hook wasn't defined (which is OK), then indicate success and
5556 5629 * return. Otherwise, execute the hook.
5557 5630 */
5558 5631 if (cmdbuf[0] != '\0')
5559 5632 return ((subproc_status(gettext("brand sysboot operation"),
5560 5633 do_subproc(cmdbuf), B_FALSE) == ZONE_SUBPROC_OK) ? Z_OK :
5561 5634 Z_BRAND_ERROR);
5562 5635 return (Z_OK);
5563 5636 }
5564 5637
5565 5638 static int
5566 5639 help_func(int argc, char *argv[])
5567 5640 {
5568 5641 int arg, cmd_num;
5569 5642
5570 5643 if (argc == 0) {
5571 5644 (void) usage(B_TRUE);
5572 5645 return (Z_OK);
5573 5646 }
5574 5647 optind = 0;
5575 5648 if ((arg = getopt(argc, argv, "?")) != EOF) {
5576 5649 switch (arg) {
5577 5650 case '?':
5578 5651 sub_usage(SHELP_HELP, CMD_HELP);
5579 5652 return (optopt == '?' ? Z_OK : Z_USAGE);
5580 5653 default:
5581 5654 sub_usage(SHELP_HELP, CMD_HELP);
5582 5655 return (Z_USAGE);
5583 5656 }
5584 5657 }
5585 5658 while (optind < argc) {
5586 5659 /* Private commands have NULL short_usage; omit them */
5587 5660 if ((cmd_num = cmd_match(argv[optind])) < 0 ||
5588 5661 cmdtab[cmd_num].short_usage == NULL) {
5589 5662 sub_usage(SHELP_HELP, CMD_HELP);
5590 5663 return (Z_USAGE);
5591 5664 }
5592 5665 sub_usage(cmdtab[cmd_num].short_usage, cmd_num);
5593 5666 optind++;
5594 5667 }
5595 5668 return (Z_OK);
5596 5669 }
5597 5670
5598 5671 /*
5599 5672 * Returns: CMD_MIN thru CMD_MAX on success, -1 on error
5600 5673 */
5601 5674
5602 5675 static int
5603 5676 cmd_match(char *cmd)
5604 5677 {
5605 5678 int i;
5606 5679
5607 5680 for (i = CMD_MIN; i <= CMD_MAX; i++) {
5608 5681 /* return only if there is an exact match */
5609 5682 if (strcmp(cmd, cmdtab[i].cmd_name) == 0)
5610 5683 return (cmdtab[i].cmd_num);
5611 5684 }
5612 5685 return (-1);
5613 5686 }
5614 5687
5615 5688 static int
5616 5689 parse_and_run(int argc, char *argv[])
5617 5690 {
5618 5691 int i = cmd_match(argv[0]);
5619 5692
5620 5693 if (i < 0)
5621 5694 return (usage(B_FALSE));
5622 5695 return (cmdtab[i].handler(argc - 1, &(argv[1])));
5623 5696 }
5624 5697
5625 5698 static char *
5626 5699 get_execbasename(char *execfullname)
5627 5700 {
5628 5701 char *last_slash, *execbasename;
5629 5702
5630 5703 /* guard against '/' at end of command invocation */
5631 5704 for (;;) {
5632 5705 last_slash = strrchr(execfullname, '/');
5633 5706 if (last_slash == NULL) {
5634 5707 execbasename = execfullname;
5635 5708 break;
5636 5709 } else {
5637 5710 execbasename = last_slash + 1;
5638 5711 if (*execbasename == '\0') {
5639 5712 *last_slash = '\0';
5640 5713 continue;
5641 5714 }
5642 5715 break;
5643 5716 }
5644 5717 }
5645 5718 return (execbasename);
5646 5719 }
5647 5720
5648 5721 static char *
5649 5722 get_username()
5650 5723 {
5651 5724 uid_t uid;
5652 5725 struct passwd *nptr;
5653 5726
5654 5727
5655 5728 /*
5656 5729 * Authorizations are checked to restrict access based on the
5657 5730 * requested operation and zone name, It is assumed that the
5658 5731 * program is running with all privileges, but that the real
5659 5732 * user ID is that of the user or role on whose behalf we are
5660 5733 * operating. So we start by getting the username that will be
5661 5734 * used for subsequent authorization checks.
5662 5735 */
5663 5736
5664 5737 uid = getuid();
5665 5738 if ((nptr = getpwuid(uid)) == NULL) {
5666 5739 zerror(gettext("could not get user name."));
5667 5740 exit(Z_ERR);
5668 5741 }
5669 5742 return (nptr->pw_name);
5670 5743 }
5671 5744
5672 5745 int
5673 5746 main(int argc, char **argv)
5674 5747 {
5675 5748 int arg;
5676 5749 zoneid_t zid;
5677 5750 struct stat st;
5678 5751 char *zone_lock_env;
5679 5752 int err;
5680 5753
5681 5754 if ((locale = setlocale(LC_ALL, "")) == NULL)
5682 5755 locale = "C";
5683 5756 (void) textdomain(TEXT_DOMAIN);
5684 5757 setbuf(stdout, NULL);
5685 5758 (void) sigset(SIGHUP, SIG_IGN);
5686 5759 execname = get_execbasename(argv[0]);
5687 5760 username = get_username();
5688 5761 target_zone = NULL;
5689 5762 if (chdir("/") != 0) {
5690 5763 zerror(gettext("could not change directory to /."));
5691 5764 exit(Z_ERR);
5692 5765 }
5693 5766
5694 5767 /*
5695 5768 * Use the default system mask rather than anything that may have been
5696 5769 * set by the caller.
5697 5770 */
5698 5771 (void) umask(CMASK);
5699 5772
5700 5773 if (init_zfs() != Z_OK)
5701 5774 exit(Z_ERR);
5702 5775
5703 5776 while ((arg = getopt(argc, argv, "?u:z:R:")) != EOF) {
5704 5777 switch (arg) {
5705 5778 case '?':
5706 5779 return (usage(B_TRUE));
5707 5780 case 'u':
5708 5781 target_uuid = optarg;
5709 5782 break;
5710 5783 case 'z':
5711 5784 target_zone = optarg;
5712 5785 break;
5713 5786 case 'R': /* private option for admin/install use */
5714 5787 if (*optarg != '/') {
5715 5788 zerror(gettext("root path must be absolute."));
5716 5789 exit(Z_ERR);
5717 5790 }
5718 5791 if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
5719 5792 zerror(
5720 5793 gettext("root path must be a directory."));
5721 5794 exit(Z_ERR);
5722 5795 }
5723 5796 zonecfg_set_root(optarg);
5724 5797 break;
5725 5798 default:
5726 5799 return (usage(B_FALSE));
5727 5800 }
5728 5801 }
5729 5802
5730 5803 if (optind >= argc)
5731 5804 return (usage(B_FALSE));
5732 5805
5733 5806 if (target_uuid != NULL && *target_uuid != '\0') {
5734 5807 uuid_t uuid;
5735 5808 static char newtarget[ZONENAME_MAX];
5736 5809
5737 5810 if (uuid_parse(target_uuid, uuid) == -1) {
5738 5811 zerror(gettext("illegal UUID value specified"));
5739 5812 exit(Z_ERR);
5740 5813 }
5741 5814 if (zonecfg_get_name_by_uuid(uuid, newtarget,
5742 5815 sizeof (newtarget)) == Z_OK)
5743 5816 target_zone = newtarget;
5744 5817 }
5745 5818
5746 5819 if (target_zone != NULL && zone_get_id(target_zone, &zid) != 0) {
5747 5820 errno = Z_NO_ZONE;
5748 5821 zperror(target_zone, B_TRUE);
5749 5822 exit(Z_ERR);
5750 5823 }
5751 5824
5752 5825 /*
5753 5826 * See if we have inherited the right to manipulate this zone from
5754 5827 * a zoneadm instance in our ancestry. If so, set zone_lock_cnt to
5755 5828 * indicate it. If not, make that explicit in our environment.
5756 5829 */
5757 5830 zonecfg_init_lock_file(target_zone, &zone_lock_env);
5758 5831
5759 5832 /* Figure out what the system's default brand is */
5760 5833 if (zonecfg_default_brand(default_brand,
5761 5834 sizeof (default_brand)) != Z_OK) {
5762 5835 zerror(gettext("unable to determine default brand"));
5763 5836 return (Z_ERR);
5764 5837 }
5765 5838
5766 5839 /*
5767 5840 * If we are going to be operating on a single zone, retrieve its
5768 5841 * brand type and determine whether it is native or not.
5769 5842 */
5770 5843 if ((target_zone != NULL) &&
5771 5844 (strcmp(target_zone, GLOBAL_ZONENAME) != 0)) {
5772 5845 if (zone_get_brand(target_zone, target_brand,
5773 5846 sizeof (target_brand)) != Z_OK) {
5774 5847 zerror(gettext("missing or invalid brand"));
5775 5848 exit(Z_ERR);
5776 5849 }
5777 5850 /*
5778 5851 * In the alternate root environment, the only supported
5779 5852 * operations are mount and unmount. In this case, just treat
5780 5853 * the zone as native if it is cluster. Cluster zones can be
5781 5854 * native for the purpose of LU or upgrade, and the cluster
5782 5855 * brand may not exist in the miniroot (such as in net install
5783 5856 * upgrade).
5784 5857 */
5785 5858 if (strcmp(target_brand, CLUSTER_BRAND_NAME) == 0) {
5786 5859 if (zonecfg_in_alt_root()) {
5787 5860 (void) strlcpy(target_brand, default_brand,
5788 5861 sizeof (target_brand));
5789 5862 }
5790 5863 }
5791 5864 }
5792 5865
5793 5866 err = parse_and_run(argc - optind, &argv[optind]);
5794 5867
5795 5868 return (err);
5796 5869 }
|
↓ open down ↓ |
305 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX