search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / lib / brand / solaris10 / zone / s10_boot.ksh
blob9f3cc08740af0197299efba587db1f90bd3e6338
1 #!/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22 #
23 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24 #
25 # s10 boot script.
26 #
27 # The arguments to this script are the zone name and the zonepath.
28 #
29
30 . /usr/lib/brand/solaris10/common.ksh
31
32 ZONENAME=$1
33 ZONEPATH=$2
34 ZONEROOT=$ZONEPATH/root
35
36 w_missing=$(gettext "Warning: \"%s\" is not installed in the global zone")
37
38 arch=`uname -p`
39 if [ "$arch" = "i386" ]; then
40 ARCH32=i86
41 ARCH64=amd64
42 elif [ "$arch" = "sparc" ]; then
43 # 32-bit SPARC not supported!
44 ARCH32=
45 ARCH64=sparcv9
46 else
47 echo "Unsupported architecture: $arch"
48 exit 2
49 fi
50
51 #
52 # Run the s10_support boot hook.
53 #
54 /usr/lib/brand/solaris10/s10_support boot $ZONENAME
55 if (( $? != 0 )) ; then
56 exit 1
57 fi
58
59 BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10;
60 FILEDIR=$BRANDDIR/files;
61 EXIT_CODE=1
62
63 #
64 # Replace the specified file in the booting zone with a wrapper script that
65 # invokes s10_isaexec_wrapper. This is a convenience function that reduces
66 # clutter and code duplication.
67 #
68 # Parameters:
69 # $1 The full path of the file to replace (e.g., /sbin/ifconfig)
70 # $2 The access mode of the replacement file in hex (e.g., 0555)
71 # $3 The name of the replacement file's owner (e.g., root:bin)
72 #
73 # NOTE: The checks performed in the 'if' statement below are not generic: they
74 # depend on the success of the zone filesystem structure validation performed
75 # above to ensure that intermediate directories exist and aren't symlinks.
76 #
77 replace_with_native() {
78 path_dname=$ZONEROOT/`dirname $1`
79
80 [ ! -f $1 ] && printf "$w_missing" "$1"
81 if [ ! -h $path_dname -a -d $path_dname ]; then
82 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \
83 remove
84 fi
85 }
86
87 replace_with_native_py() {
88 path_dname=$ZONEROOT/`dirname $1`
89
90 [ ! -f $1 ] && printf "$w_missing" "$1"
91
92 if [ ! -h $path_dname -a -d $path_dname ]; then
93 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \
94 remove
95 fi
96 }
97
98 #
99 # Create a new wrapper script that invokes s10_isaexec_wrapper in the
100 # brand (for a non-existing s10c file) pointing to the native brand file.
101 #
102 # Parameters:
103 # $1 The full path of the wrapper file to create
104 # $2 The access mode of the replacement file in hex (e.g., 0555)
105 # $3 The name of the replacement file's owner (e.g., root:bin)
106 #
107 wrap_with_native() {
108
109 [ ! -f $1 ] && printf "$w_missing" "$1"
110
111 path_dname=$ZONEROOT/`dirname $1`
112 if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then
113 safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3
114 fi
115 }
116
117 #
118 # Before we boot we validate and fix, if necessary, the required files within
119 # the zone. These modifications can be lost if a patch is applied within the
120 # zone, so we validate and fix the zone every time it boots.
121 #
122
123 #
124 # BINARY REPLACEMENT
125 #
126 # This section of the boot script is responsible for replacing Solaris 10
127 # binaries within the booting zone with Nevada binaries. This is a two-step
128 # process: First, the directory structure of the zone is validated to ensure
129 # that binary replacement will proceed safely. Second, Solaris 10 binaries
130 # are replaced with Nevada binaries.
131 #
132 # Here's an example. Suppose that you want to replace /usr/bin/zcat with the
133 # Nevada /usr/bin/zcat binary. Then you should do the following:
134 #
135 # 1. Go to the section below labeled "STEP ONE" and add the following
136 # two lines:
137 #
138 # safe_dir /usr
139 # safe_dir /usr/bin
140 #
141 # These lines ensure that both /usr and /usr/bin are directories
142 # within the booting zone that can be safely accessed by the global
143 # zone.
144 # 2. Go to the section below labeled "STEP TWO" and add the following
145 # line:
146 #
147 # replace_with_native /usr/bin/zcat 0555 root:bin
148 #
149 # Details about the binary replacement procedure can be found in the Solaris 10
150 # Containers Developer Guide.
151 #
152
153 #
154 # STEP ONE
155 #
156 # Validate that the zone filesystem looks like we expect it to.
157 #
158 safe_dir /lib
159 safe_dir /lib/svc
160 safe_dir /lib/svc/method
161 safe_dir /lib/svc/share
162 safe_dir /usr
163 safe_dir /usr/bin
164 safe_dir /usr/lib
165 safe_dir /usr/lib/autofs
166 safe_dir /usr/lib/fs
167 safe_dir /usr/lib/fs/autofs
168 safe_dir /usr/lib/fs/ufs
169 safe_dir /usr/lib/fs/zfs
170 safe_dir /usr/lib/inet
171 safe_dir /usr/lib/zfs
172 safe_dir /usr/sbin
173 if [ -n "$ARCH32" ]; then
174 safe_dir /usr/lib/ipf/$ARCH32
175 safe_dir /usr/sbin/$ARCH32
176 fi
177 if [ -n "$ARCH64" ]; then
178 safe_dir /usr/lib/ipf/$ARCH64
179 safe_dir /usr/sbin/$ARCH64
180 fi
181 safe_dir /sbin
182 safe_dir /var
183 safe_dir /var/svc
184 safe_dir /var/svc/manifest
185 safe_dir /var/svc/manifest/network
186
187 #
188 # Some of the native networking daemons such as in.mpathd are
189 # expected under /lib/inet
190 #
191 mkdir -m 0755 -p $ZONEROOT/lib/inet
192 chown root:bin $ZONEROOT/lib/inet
193 safe_dir /lib/inet
194
195 #
196 # STEP TWO
197 #
198 # Replace Solaris 10 binaries with Nevada binaries.
199 #
200
201 #
202 # Replace various network-related programs with native wrappers.
203 #
204 replace_with_native /sbin/dhcpagent 0555 root:bin
205 replace_with_native /sbin/dhcpinfo 0555 root:bin
206 replace_with_native /sbin/ifconfig 0555 root:bin
207 replace_with_native /usr/bin/netstat 0555 root:bin
208 replace_with_native /usr/lib/inet/in.ndpd 0555 root:bin
209 replace_with_native /usr/sbin/in.routed 0555 root:bin
210 replace_with_native /usr/sbin/ndd 0555 root:bin
211 replace_with_native /usr/sbin/snoop 0555 root:bin
212 replace_with_native /usr/sbin/if_mpadm 0555 root:bin
213
214 #
215 # Replace IPFilter commands with native wrappers
216 #
217 if [ -n "$ARCH32" ]; then
218 replace_with_native /usr/lib/ipf/$ARCH32/ipftest 0555 root:bin
219 replace_with_native /usr/sbin/$ARCH32/ipf 0555 root:bin
220 replace_with_native /usr/sbin/$ARCH32/ipfs 0555 root:bin
221 replace_with_native /usr/sbin/$ARCH32/ipfstat 0555 root:bin
222 replace_with_native /usr/sbin/$ARCH32/ipmon 0555 root:bin
223 replace_with_native /usr/sbin/$ARCH32/ipnat 0555 root:bin
224 replace_with_native /usr/sbin/$ARCH32/ippool 0555 root:bin
225 fi
226 if [ -n "$ARCH64" ]; then
227 replace_with_native /usr/lib/ipf/$ARCH64/ipftest 0555 root:bin
228 replace_with_native /usr/sbin/$ARCH64/ipf 0555 root:bin
229 replace_with_native /usr/sbin/$ARCH64/ipfs 0555 root:bin
230 replace_with_native /usr/sbin/$ARCH64/ipfstat 0555 root:bin
231 replace_with_native /usr/sbin/$ARCH64/ipmon 0555 root:bin
232 replace_with_native /usr/sbin/$ARCH64/ipnat 0555 root:bin
233 replace_with_native /usr/sbin/$ARCH64/ippool 0555 root:bin
234 fi
235
236 #
237 # Replace in.mpathd daemon at /usr/lib/inet by native wrapper
238 #
239 if [ ! -h $ZONEROOT/usr/lib/inet -a -d $ZONEROOT/usr/lib/inet ]; then
240 safe_replace $ZONEROOT/usr/lib/inet/in.mpathd \
241 /lib/inet/in.mpathd 0555 root:bin remove
242 fi
243
244 #
245 # Create wrapper at /lib/inet/in.mpathd as well because native ifconfig
246 # looks up in.mpathd under /lib/inet.
247 #
248 wrap_with_native /lib/inet/in.mpathd 0555 root:bin
249
250 # Create native wrapper for /sbin/ipmpstat
251 wrap_with_native /sbin/ipmpstat 0555 root:bin
252
253 #
254 # Create ipmgmtd wrapper to native binary in s10 container
255 # and copy ipmgmt service manifest and method.
256 #
257 wrap_with_native /lib/inet/ipmgmtd 0555 root:bin
258 safe_copy /lib/svc/manifest/network/network-ipmgmt.xml \
259 $ZONEROOT/var/svc/manifest/network/network-ipmgmt.xml
260 safe_copy /lib/svc/method/net-ipmgmt \
261 $ZONEROOT/lib/svc/method/net-ipmgmt
262
263 #
264 # To handle certain IPMP configurations, we need updated
265 # net-physical method script and native net_include.sh
266 #
267 filename=$ZONEROOT/lib/svc/method/net-physical
268 safe_backup $filename $filename.pre_p2v
269 safe_copy /usr/lib/brand/solaris10/s10_net_physical $filename
270 filename=$ZONEROOT/lib/svc/share/net_include.sh
271 safe_backup $filename $filename.pre_p2v
272 safe_copy /lib/svc/share/net_include.sh $filename
273
274 #
275 # PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying
276 # IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an
277 # S10 container, the kernel will return EINVAL. So we need this.
278 #
279 replace_with_native /usr/sbin/ndd 0555 root:bin
280
281 #
282 # Replace various ZFS-related programs with native wrappers. These commands
283 # either link with libzfs, dlopen libzfs or link with libraries that link
284 # or dlopen libzfs. Commands which fall into these categories but which can
285 # only be used in the global zone are not wrapped. The libdiskmgt dm_in_use
286 # code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path.
287 # That code does not issue ioctls on /dev/zfs and does not need wrapping.
288 #
289 replace_with_native /sbin/zfs 0555 root:bin
290 replace_with_native /sbin/zpool 0555 root:bin
291 replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin
292 replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin
293 replace_with_native /usr/lib/zfs/availdevs 0555 root:bin
294 replace_with_native /usr/sbin/df 0555 root:bin
295 replace_with_native /usr/sbin/zstreamdump 0555 root:bin
296 replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin
297
298 #
299 # Replace automount and automountd with native wrappers.
300 #
301 replace_with_native /usr/lib/fs/autofs/automount 0555 root:bin
302 replace_with_native /usr/lib/autofs/automountd 0555 root:bin
303
304 #
305 # The class-specific dispadmin(1M) and priocntl(1) binaries must be native
306 # wrappers, and we must have all of the ones the native zone does. This
307 # allows new scheduling classes to appear without causing dispadmin and
308 # priocntl to be unhappy.
309 #
310 rm -rf $ZONEROOT/usr/lib/class
311 mkdir $ZONEROOT/usr/lib/class || exit 1
312
313 find /usr/lib/class -type d -o -type f | while read x; do
314 [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x
315 [ -f $x ] && wrap_with_native $x 0555 root:bin
316 done
317
318 #
319 # END OF STEP TWO
320 #
321
322 #
323 # Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which
324 # install or remove drivers will work. NOTE: add_drv and rem_drv are hard
325 # linked to isaexec so we want to remove the current executable and
326 # then copy true so that we don't clobber isaexec.
327 #
328 filename=$ZONEROOT/usr/sbin/add_drv
329 [ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
330 rm -f $filename
331 safe_copy $ZONEROOT/usr/bin/true $filename
332
333 filename=$ZONEROOT/usr/sbin/rem_drv
334 [ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
335 rm -f $filename
336 safe_copy $ZONEROOT/usr/bin/true $filename
337
338 exit 0
unleashed repo fork