1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24#
25# s10 boot script.
26#
27# The arguments to this script are the zone name and the zonepath.
28#
29
30. /usr/lib/brand/solaris10/common.ksh
31
32ZONENAME=$1
33ZONEPATH=$2
34ZONEROOT=$ZONEPATH/root
35
36arch=`uname -p`
37if [ "$arch" = "i386" ]; then
38	ARCH32=i86
39        ARCH64=amd64
40elif [ "$arch" = "sparc" ]; then
41	# 32-bit SPARC not supported!
42	ARCH32=
43        ARCH64=sparcv9
44else
45        echo "Unsupported architecture: $arch"
46        exit 2
47fi
48
49#
50# Run the s10_support boot hook.
51#
52/usr/lib/brand/solaris10/s10_support boot $ZONENAME
53if (( $? != 0 )) ; then
54        exit 1
55fi
56
57BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10;
58FILEDIR=$BRANDDIR/files;
59EXIT_CODE=1
60
61#
62# Replace the specified file in the booting zone with a wrapper script that
63# invokes s10_isaexec_wrapper.  This is a convenience function that reduces
64# clutter and code duplication.
65#
66# Parameters:
67#	$1	The full path of the file to replace (e.g., /sbin/ifconfig)
68#	$2	The access mode of the replacement file in hex (e.g., 0555)
69#	$3	The name of the replacement file's owner (e.g., root:bin)
70#
71# NOTE: The checks performed in the 'if' statement below are not generic: they
72# depend on the success of the zone filesystem structure validation performed
73# above to ensure that intermediate directories exist and aren't symlinks.
74#
75replace_with_native() {
76	path_dname=$ZONEROOT/`dirname $1`
77	if [ ! -h $path_dname -a -d $path_dname ]; then
78		safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \
79		    remove
80	fi
81}
82
83replace_with_native_py() {
84	path_dname=$ZONEROOT/`dirname $1`
85	if [ ! -h $path_dname -a -d $path_dname ]; then
86		safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \
87		    remove
88	fi
89}
90
91wrap_with_native() {
92	safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3
93}
94
95#
96# Before we boot we validate and fix, if necessary, the required files within
97# the zone.  These modifications can be lost if a patch is applied within the
98# zone, so we validate and fix the zone every time it boots.
99#
100
101#
102# BINARY REPLACEMENT
103#
104# This section of the boot script is responsible for replacing Solaris 10
105# binaries within the booting zone with Nevada binaries.  This is a two-step
106# process: First, the directory structure of the zone is validated to ensure
107# that binary replacement will proceed safely.  Second, Solaris 10 binaries
108# are replaced with Nevada binaries.
109#
110# Here's an example.  Suppose that you want to replace /usr/bin/zcat with the
111# Nevada /usr/bin/zcat binary.  Then you should do the following:
112#
113#	1.  Go to the section below labeled "STEP ONE" and add the following
114#	    two lines:
115#
116#		safe_dir /usr
117#		safe_dir /usr/bin
118#
119#	    These lines ensure that both /usr and /usr/bin are directories
120#	    within the booting zone that can be safely accessed by the global
121#	    zone.
122#	2.  Go to the section below labeled "STEP TWO" and add the following
123#	    line:
124#
125#		replace_with_native /usr/bin/zcat 0555 root:bin
126#
127# Details about the binary replacement procedure can be found in the Solaris 10
128# Containers Developer Guide.
129#
130
131#
132# STEP ONE
133#
134# Validate that the zone filesystem looks like we expect it to.
135#
136safe_dir /usr
137safe_dir /usr/lib
138safe_dir /usr/lib/fs
139safe_dir /usr/lib/fs/ufs
140safe_dir /usr/lib/fs/zfs
141safe_dir /usr/lib/zfs
142safe_dir /usr/bin
143safe_dir /usr/sbin
144safe_dir /sbin
145
146#
147# STEP TWO
148#
149# Replace Solaris 10 binaries with Nevada binaries.
150#
151
152#
153# Replace various network-related programs with native wrappers.
154#
155replace_with_native /sbin/ifconfig 0555 root:bin
156
157#
158# PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying
159# IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an
160# S10 container, the kernel will return EINVAL. So we need this.
161#
162replace_with_native /usr/sbin/ndd 0555 root:bin
163
164#
165# Replace various ZFS-related programs with native wrappers.  These commands
166# either link with libzfs, dlopen libzfs or link with libraries that link
167# or dlopen libzfs.  Commands which fall into these categories but which can
168# only be used in the global zone are not wrapped.  The libdiskmgt dm_in_use
169# code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path.
170# That code does not issue ioctls on /dev/zfs and does not need wrapping.
171#
172replace_with_native /sbin/zfs 0555 root:bin
173replace_with_native /sbin/zpool 0555 root:bin
174replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin
175replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin
176replace_with_native /usr/lib/fs/zfs/zfsdle 0555 root:bin
177replace_with_native /usr/lib/zfs/availdevs 0555 root:bin
178replace_with_native /usr/sbin/df 0555 root:bin
179replace_with_native /usr/sbin/zstreamdump 0555 root:bin
180replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin
181
182#
183# Replace automount and automountd with native wrappers.
184#
185if [ ! -h $ZONEROOT/usr/lib/fs/autofs -a -d $ZONEROOT/usr/lib/fs/autofs ]; then
186	safe_replace $ZONEROOT/usr/lib/fs/autofs/automount \
187	    $BRANDDIR/s10_automount 0555 root:bin remove
188fi
189if [ ! -h $ZONEROOT/usr/lib/autofs -a -d $ZONEROOT/usr/lib/autofs ]; then
190	safe_replace $ZONEROOT/usr/lib/autofs/automountd \
191	    $BRANDDIR/s10_automountd 0555 root:bin remove
192fi
193
194#
195# The class-specific dispadmin(1M) and priocntl(1) binaries must be native
196# wrappers, and we must have all of the ones the native zone does.  This
197# allows new scheduling classes to appear without causing dispadmin and
198# priocntl to be unhappy.
199#
200rm -rf $ZONEROOT/usr/lib/class
201mkdir $ZONEROOT/usr/lib/class || exit 1
202
203find /usr/lib/class -type d -o -type f | while read x; do
204	[ -d $x ] && mkdir -p -m 755 $ZONEROOT$x
205	[ -f $x ] && wrap_with_native $x 0555 root:bin
206done
207
208#
209# END OF STEP TWO
210#
211
212#
213# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which
214# install or remove drivers will work.  NOTE: add_drv and rem_drv are hard
215# linked to isaexec so we want to remove the current executable and
216# then copy true so that we don't clobber isaexec.
217#
218filename=$ZONEROOT/usr/sbin/add_drv
219[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
220rm -f $filename
221safe_copy $ZONEROOT/usr/bin/true $filename
222
223filename=$ZONEROOT/usr/sbin/rem_drv
224[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
225rm -f $filename
226safe_copy $ZONEROOT/usr/bin/true $filename
227
228exit 0
229