1 #!/bin/ksh -p 2 # 3 # CDDL HEADER START 4 # 5 # The contents of this file are subject to the terms of the 6 # Common Development and Distribution License (the "License"). 7 # You may not use this file except in compliance with the License. 8 # 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 # or http://www.opensolaris.org/os/licensing. 11 # See the License for the specific language governing permissions 12 # and limitations under the License. 13 # 14 # When distributing Covered Code, include this CDDL HEADER in each 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 # If applicable, add the following below this CDDL HEADER, with the 17 # fields enclosed by brackets "[]" replaced with your own identifying 18 # information: Portions Copyright [yyyy] [name of copyright owner] 19 # 20 # CDDL HEADER END 21 # 22 # 23 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 24 # 25 # s10 boot script. 26 # 27 # The arguments to this script are the zone name and the zonepath. 28 # 29 30 . /usr/lib/brand/solaris10/common.ksh 31 32 ZONENAME=$1 33 ZONEPATH=$2 34 ZONEROOT=$ZONEPATH/root 35 36 w_missing=$(gettext "Warning: \"%s\" is not installed in the global zone") 37 38 arch=`uname -p` 39 if [ "$arch" = "i386" ]; then 40 ARCH32=i86 41 ARCH64=amd64 42 elif [ "$arch" = "sparc" ]; then 43 # 32-bit SPARC not supported! 44 ARCH32= 45 ARCH64=sparcv9 46 else 47 echo "Unsupported architecture: $arch" 48 exit 2 49 fi 50 51 # 52 # Run the s10_support boot hook. 53 # 54 /usr/lib/brand/solaris10/s10_support boot $ZONENAME 55 if (( $? != 0 )) ; then 56 exit 1 57 fi 58 59 BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10; 60 FILEDIR=$BRANDDIR/files; 61 EXIT_CODE=1 62 63 # 64 # Replace the specified file in the booting zone with a wrapper script that 65 # invokes s10_isaexec_wrapper. This is a convenience function that reduces 66 # clutter and code duplication. 67 # 68 # Parameters: 69 # $1 The full path of the file to replace (e.g., /sbin/ifconfig) 70 # $2 The access mode of the replacement file in hex (e.g., 0555) 71 # $3 The name of the replacement file's owner (e.g., root:bin) 72 # 73 # NOTE: The checks performed in the 'if' statement below are not generic: they 74 # depend on the success of the zone filesystem structure validation performed 75 # above to ensure that intermediate directories exist and aren't symlinks. 76 # 77 replace_with_native() { 78 path_dname=$ZONEROOT/`dirname $1` 79 80 [ ! -f $1 ] && printf "$w_missing" "$1" 81 if [ ! -h $path_dname -a -d $path_dname ]; then 82 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \ 83 remove 84 fi 85 } 86 87 replace_with_native_py() { 88 path_dname=$ZONEROOT/`dirname $1` 89 90 [ ! -f $1 ] && printf "$w_missing" "$1" 91 92 if [ ! -h $path_dname -a -d $path_dname ]; then 93 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \ 94 remove 95 fi 96 } 97 98 # 99 # Create a new wrapper script that invokes s10_isaexec_wrapper in the 100 # brand (for a non-existing s10c file) pointing to the native brand file. 101 # 102 # Parameters: 103 # $1 The full path of the wrapper file to create 104 # $2 The access mode of the replacement file in hex (e.g., 0555) 105 # $3 The name of the replacement file's owner (e.g., root:bin) 106 # 107 wrap_with_native() { 108 109 [ ! -f $1 ] && printf "$w_missing" "$1" 110 111 path_dname=$ZONEROOT/`dirname $1` 112 if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then 113 safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 114 fi 115 } 116 117 # 118 # Before we boot we validate and fix, if necessary, the required files within 119 # the zone. These modifications can be lost if a patch is applied within the 120 # zone, so we validate and fix the zone every time it boots. 121 # 122 123 # 124 # BINARY REPLACEMENT 125 # 126 # This section of the boot script is responsible for replacing Solaris 10 127 # binaries within the booting zone with Nevada binaries. This is a two-step 128 # process: First, the directory structure of the zone is validated to ensure 129 # that binary replacement will proceed safely. Second, Solaris 10 binaries 130 # are replaced with Nevada binaries. 131 # 132 # Here's an example. Suppose that you want to replace /usr/bin/zcat with the 133 # Nevada /usr/bin/zcat binary. Then you should do the following: 134 # 135 # 1. Go to the section below labeled "STEP ONE" and add the following 136 # two lines: 137 # 138 # safe_dir /usr 139 # safe_dir /usr/bin 140 # 141 # These lines ensure that both /usr and /usr/bin are directories 142 # within the booting zone that can be safely accessed by the global 143 # zone. 144 # 2. Go to the section below labeled "STEP TWO" and add the following 145 # line: 146 # 147 # replace_with_native /usr/bin/zcat 0555 root:bin 148 # 149 # Details about the binary replacement procedure can be found in the Solaris 10 150 # Containers Developer Guide. 151 # 152 153 # 154 # STEP ONE 155 # 156 # Validate that the zone filesystem looks like we expect it to. 157 # 158 safe_dir /lib 159 safe_dir /lib/svc 160 safe_dir /lib/svc/method 161 safe_dir /lib/svc/share 162 safe_dir /usr 163 safe_dir /usr/bin 164 safe_dir /usr/lib 165 safe_dir /usr/lib/autofs 166 safe_dir /usr/lib/fs 167 safe_dir /usr/lib/fs/autofs 168 safe_dir /usr/lib/fs/ufs 169 safe_dir /usr/lib/fs/zfs 170 safe_dir /usr/lib/inet 171 safe_dir /usr/lib/zfs 172 safe_dir /usr/sbin 173 if [ -n "$ARCH32" ]; then 174 safe_dir /usr/lib/ipf/$ARCH32 175 safe_dir /usr/sbin/$ARCH32 176 fi 177 if [ -n "$ARCH64" ]; then 178 safe_dir /usr/lib/ipf/$ARCH64 179 safe_dir /usr/sbin/$ARCH64 180 fi 181 safe_dir /sbin 182 safe_dir /var 183 safe_dir /var/svc 184 safe_dir /var/svc/manifest 185 safe_dir /var/svc/manifest/network 186 187 # 188 # Some of the native networking daemons such as in.mpathd are 189 # expected under /lib/inet 190 # 191 mkdir -m 0755 -p $ZONEROOT/lib/inet 192 chown root:bin $ZONEROOT/lib/inet 193 safe_dir /lib/inet 194 195 # 196 # STEP TWO 197 # 198 # Replace Solaris 10 binaries with Nevada binaries. 199 # 200 201 # 202 # Replace various network-related programs with native wrappers. 203 # 204 replace_with_native /sbin/dhcpagent 0555 root:bin 205 replace_with_native /sbin/dhcpinfo 0555 root:bin 206 replace_with_native /sbin/ifconfig 0555 root:bin 207 replace_with_native /usr/bin/netstat 0555 root:bin 208 replace_with_native /usr/lib/inet/in.ndpd 0555 root:bin 209 replace_with_native /usr/sbin/in.routed 0555 root:bin 210 replace_with_native /usr/sbin/ndd 0555 root:bin 211 replace_with_native /usr/sbin/snoop 0555 root:bin 212 replace_with_native /usr/sbin/if_mpadm 0555 root:bin 213 214 # 215 # Replace IPFilter commands with native wrappers 216 # 217 if [ -n "$ARCH32" ]; then 218 replace_with_native /usr/lib/ipf/$ARCH32/ipftest 0555 root:bin 219 replace_with_native /usr/sbin/$ARCH32/ipf 0555 root:bin 220 replace_with_native /usr/sbin/$ARCH32/ipfs 0555 root:bin 221 replace_with_native /usr/sbin/$ARCH32/ipfstat 0555 root:bin 222 replace_with_native /usr/sbin/$ARCH32/ipmon 0555 root:bin 223 replace_with_native /usr/sbin/$ARCH32/ipnat 0555 root:bin 224 replace_with_native /usr/sbin/$ARCH32/ippool 0555 root:bin 225 fi 226 if [ -n "$ARCH64" ]; then 227 replace_with_native /usr/lib/ipf/$ARCH64/ipftest 0555 root:bin 228 replace_with_native /usr/sbin/$ARCH64/ipf 0555 root:bin 229 replace_with_native /usr/sbin/$ARCH64/ipfs 0555 root:bin 230 replace_with_native /usr/sbin/$ARCH64/ipfstat 0555 root:bin 231 replace_with_native /usr/sbin/$ARCH64/ipmon 0555 root:bin 232 replace_with_native /usr/sbin/$ARCH64/ipnat 0555 root:bin 233 replace_with_native /usr/sbin/$ARCH64/ippool 0555 root:bin 234 fi 235 236 # 237 # Replace in.mpathd daemon at /usr/lib/inet by native wrapper 238 # 239 if [ ! -h $ZONEROOT/usr/lib/inet -a -d $ZONEROOT/usr/lib/inet ]; then 240 safe_replace $ZONEROOT/usr/lib/inet/in.mpathd \ 241 /lib/inet/in.mpathd 0555 root:bin remove 242 fi 243 244 # 245 # Create wrapper at /lib/inet/in.mpathd as well because native ifconfig 246 # looks up in.mpathd under /lib/inet. 247 # 248 wrap_with_native /lib/inet/in.mpathd 0555 root:bin 249 250 # Create native wrapper for /sbin/ipmpstat 251 wrap_with_native /sbin/ipmpstat 0555 root:bin 252 253 # 254 # Create ipmgmtd wrapper to native binary in s10 container 255 # and copy ipmgmt service manifest and method. 256 # 257 wrap_with_native /lib/inet/ipmgmtd 0555 root:bin 258 safe_copy /lib/svc/manifest/network/network-ipmgmt.xml \ 259 $ZONEROOT/var/svc/manifest/network/network-ipmgmt.xml 260 safe_copy /lib/svc/method/net-ipmgmt \ 261 $ZONEROOT/lib/svc/method/net-ipmgmt 262 263 # 264 # To handle certain IPMP configurations, we need updated 265 # net-physical method script and native net_include.sh 266 # 267 filename=$ZONEROOT/lib/svc/method/net-physical 268 safe_backup $filename $filename.pre_p2v 269 safe_copy /usr/lib/brand/solaris10/s10_net_physical $filename 270 filename=$ZONEROOT/lib/svc/share/net_include.sh 271 safe_backup $filename $filename.pre_p2v 272 safe_copy /lib/svc/share/net_include.sh $filename 273 274 # 275 # PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying 276 # IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an 277 # S10 container, the kernel will return EINVAL. So we need this. 278 # 279 replace_with_native /usr/sbin/ndd 0555 root:bin 280 281 # 282 # Replace various ZFS-related programs with native wrappers. These commands 283 # either link with libzfs, dlopen libzfs or link with libraries that link 284 # or dlopen libzfs. Commands which fall into these categories but which can 285 # only be used in the global zone are not wrapped. The libdiskmgt dm_in_use 286 # code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path. 287 # That code does not issue ioctls on /dev/zfs and does not need wrapping. 288 # 289 replace_with_native /sbin/zfs 0555 root:bin 290 replace_with_native /sbin/zpool 0555 root:bin 291 replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin 292 replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin 293 replace_with_native /usr/lib/zfs/availdevs 0555 root:bin 294 replace_with_native /usr/sbin/df 0555 root:bin 295 replace_with_native /usr/sbin/zstreamdump 0555 root:bin 296 replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin 297 298 # 299 # Replace automount and automountd with native wrappers. 300 # 301 replace_with_native /usr/lib/fs/autofs/automount 0555 root:bin 302 replace_with_native /usr/lib/autofs/automountd 0555 root:bin 303 304 # 305 # The class-specific dispadmin(1M) and priocntl(1) binaries must be native 306 # wrappers, and we must have all of the ones the native zone does. This 307 # allows new scheduling classes to appear without causing dispadmin and 308 # priocntl to be unhappy. 309 # 310 rm -rf $ZONEROOT/usr/lib/class 311 mkdir $ZONEROOT/usr/lib/class || exit 1 312 313 find /usr/lib/class -type d -o -type f | while read x; do 314 [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x 315 [ -f $x ] && wrap_with_native $x 0555 root:bin 316 done 317 318 # 319 # END OF STEP TWO 320 # 321 322 # 323 # Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which 324 # install or remove drivers will work. NOTE: add_drv and rem_drv are hard 325 # linked to isaexec so we want to remove the current executable and 326 # then copy true so that we don't clobber isaexec. 327 # 328 filename=$ZONEROOT/usr/sbin/add_drv 329 [ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 330 rm -f $filename 331 safe_copy $ZONEROOT/usr/bin/true $filename 332 333 filename=$ZONEROOT/usr/sbin/rem_drv 334 [ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 335 rm -f $filename 336 safe_copy $ZONEROOT/usr/bin/true $filename 337 338 exit 0 339
Indexes created Thu May 17 00:40:56 UTC 2012
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.