1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 24# 25# s10 boot script. 26# 27# The arguments to this script are the zone name and the zonepath. 28# 29 30. /usr/lib/brand/solaris10/common.ksh 31 32ZONENAME=$1 33ZONEPATH=$2 34ZONEROOT=$ZONEPATH/root 35 36arch=`uname -p` 37if [ "$arch" = "i386" ]; then 38 ARCH32=i86 39 ARCH64=amd64 40elif [ "$arch" = "sparc" ]; then 41 # 32-bit SPARC not supported! 42 ARCH32= 43 ARCH64=sparcv9 44else 45 echo "Unsupported architecture: $arch" 46 exit 2 47fi 48 49# 50# Run the s10_support boot hook. 51# 52/usr/lib/brand/solaris10/s10_support boot $ZONENAME 53if (( $? != 0 )) ; then 54 exit 1 55fi 56 57BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10; 58FILEDIR=$BRANDDIR/files; 59EXIT_CODE=1 60 61# 62# Replace the specified file in the booting zone with a wrapper script that 63# invokes s10_isaexec_wrapper. This is a convenience function that reduces 64# clutter and code duplication. 65# 66# Parameters: 67# $1 The full path of the file to replace (e.g., /sbin/ifconfig) 68# $2 The access mode of the replacement file in hex (e.g., 0555) 69# $3 The name of the replacement file's owner (e.g., root:bin) 70# 71# NOTE: The checks performed in the 'if' statement below are not generic: they 72# depend on the success of the zone filesystem structure validation performed 73# above to ensure that intermediate directories exist and aren't symlinks. 74# 75replace_with_native() { 76 path_dname=$ZONEROOT/`dirname $1` 77 if [ ! -h $path_dname -a -d $path_dname ]; then 78 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \ 79 remove 80 fi 81} 82 83replace_with_native_py() { 84 path_dname=$ZONEROOT/`dirname $1` 85 if [ ! -h $path_dname -a -d $path_dname ]; then 86 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \ 87 remove 88 fi 89} 90 91wrap_with_native() { 92 safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 93} 94 95# 96# Before we boot we validate and fix, if necessary, the required files within 97# the zone. These modifications can be lost if a patch is applied within the 98# zone, so we validate and fix the zone every time it boots. 99# 100 101# 102# BINARY REPLACEMENT 103# 104# This section of the boot script is responsible for replacing Solaris 10 105# binaries within the booting zone with Nevada binaries. This is a two-step 106# process: First, the directory structure of the zone is validated to ensure 107# that binary replacement will proceed safely. Second, Solaris 10 binaries 108# are replaced with Nevada binaries. 109# 110# Here's an example. Suppose that you want to replace /usr/bin/zcat with the 111# Nevada /usr/bin/zcat binary. Then you should do the following: 112# 113# 1. Go to the section below labeled "STEP ONE" and add the following 114# two lines: 115# 116# safe_dir /usr 117# safe_dir /usr/bin 118# 119# These lines ensure that both /usr and /usr/bin are directories 120# within the booting zone that can be safely accessed by the global 121# zone. 122# 2. Go to the section below labeled "STEP TWO" and add the following 123# line: 124# 125# replace_with_native /usr/bin/zcat 0555 root:bin 126# 127# Details about the binary replacement procedure can be found in the Solaris 10 128# Containers Developer Guide. 129# 130 131# 132# STEP ONE 133# 134# Validate that the zone filesystem looks like we expect it to. 135# 136safe_dir /usr 137safe_dir /usr/lib 138safe_dir /usr/lib/fs 139safe_dir /usr/lib/fs/ufs 140safe_dir /usr/lib/fs/zfs 141safe_dir /usr/lib/zfs 142safe_dir /usr/bin 143safe_dir /usr/sbin 144safe_dir /sbin 145 146# 147# STEP TWO 148# 149# Replace Solaris 10 binaries with Nevada binaries. 150# 151 152# 153# Replace various network-related programs with native wrappers. 154# 155replace_with_native /sbin/ifconfig 0555 root:bin 156 157# 158# PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying 159# IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an 160# S10 container, the kernel will return EINVAL. So we need this. 161# 162replace_with_native /usr/sbin/ndd 0555 root:bin 163 164# 165# Replace various ZFS-related programs with native wrappers. These commands 166# either link with libzfs, dlopen libzfs or link with libraries that link 167# or dlopen libzfs. Commands which fall into these categories but which can 168# only be used in the global zone are not wrapped. The libdiskmgt dm_in_use 169# code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path. 170# That code does not issue ioctls on /dev/zfs and does not need wrapping. 171# 172replace_with_native /sbin/zfs 0555 root:bin 173replace_with_native /sbin/zpool 0555 root:bin 174replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin 175replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin 176replace_with_native /usr/lib/fs/zfs/zfsdle 0555 root:bin 177replace_with_native /usr/lib/zfs/availdevs 0555 root:bin 178replace_with_native /usr/sbin/df 0555 root:bin 179replace_with_native /usr/sbin/zstreamdump 0555 root:bin 180replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin 181 182# 183# Replace automount and automountd with native wrappers. 184# 185if [ ! -h $ZONEROOT/usr/lib/fs/autofs -a -d $ZONEROOT/usr/lib/fs/autofs ]; then 186 safe_replace $ZONEROOT/usr/lib/fs/autofs/automount \ 187 $BRANDDIR/s10_automount 0555 root:bin remove 188fi 189if [ ! -h $ZONEROOT/usr/lib/autofs -a -d $ZONEROOT/usr/lib/autofs ]; then 190 safe_replace $ZONEROOT/usr/lib/autofs/automountd \ 191 $BRANDDIR/s10_automountd 0555 root:bin remove 192fi 193 194# 195# The class-specific dispadmin(1M) and priocntl(1) binaries must be native 196# wrappers, and we must have all of the ones the native zone does. This 197# allows new scheduling classes to appear without causing dispadmin and 198# priocntl to be unhappy. 199# 200rm -rf $ZONEROOT/usr/lib/class 201mkdir $ZONEROOT/usr/lib/class || exit 1 202 203find /usr/lib/class -type d -o -type f | while read x; do 204 [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x 205 [ -f $x ] && wrap_with_native $x 0555 root:bin 206done 207 208# 209# END OF STEP TWO 210# 211 212# 213# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which 214# install or remove drivers will work. NOTE: add_drv and rem_drv are hard 215# linked to isaexec so we want to remove the current executable and 216# then copy true so that we don't clobber isaexec. 217# 218filename=$ZONEROOT/usr/sbin/add_drv 219[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 220rm -f $filename 221safe_copy $ZONEROOT/usr/bin/true $filename 222 223filename=$ZONEROOT/usr/sbin/rem_drv 224[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 225rm -f $filename 226safe_copy $ZONEROOT/usr/bin/true $filename 227 228exit 0 229