4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * zoneadmd manages zones; one zoneadmd process is launched for each
28 * non-global zone on the system. This daemon juggles four jobs:
29 *
30 * - Implement setup and teardown of the zone "virtual platform": mount and
31 * unmount filesystems; create and destroy network interfaces; communicate
32 * with devfsadmd to lay out devices for the zone; instantiate the zone
33 * console device; configure process runtime attributes such as resource
34 * controls, pool bindings, fine-grained privileges.
35 *
36 * - Launch the zone's init(1M) process.
37 *
38 * - Implement a door server; clients (like zoneadm) connect to the door
39 * server and request zone state changes. The kernel is also a client of
40 * this door server. A request to halt or reboot the zone which originates
41 * *inside* the zone results in a door upcall from the kernel into zoneadmd.
42 *
43 * One minor problem is that messages emitted by zoneadmd need to be passed
82 #include <stdio.h>
83 #include <stdlib.h>
84 #include <string.h>
85 #include <strings.h>
86 #include <synch.h>
87 #include <syslog.h>
88 #include <thread.h>
89 #include <unistd.h>
90 #include <wait.h>
91 #include <limits.h>
92 #include <zone.h>
93 #include <libbrand.h>
94 #include <sys/brand.h>
95 #include <libcontract.h>
96 #include <libcontract_priv.h>
97 #include <sys/brand.h>
98 #include <sys/contract/process.h>
99 #include <sys/ctfs.h>
100 #include <libdladm.h>
101 #include <sys/dls_mgmt.h>
102
103 #include <libzonecfg.h>
104 #include <zonestat_impl.h>
105 #include "zoneadmd.h"
106
107 static char *progname;
108 char *zone_name; /* zone which we are managing */
109 char pool_name[MAXNAMELEN];
110 char default_brand[MAXNAMELEN];
111 char brand_name[MAXNAMELEN];
112 boolean_t zone_isnative;
113 boolean_t zone_iscluster;
114 boolean_t zone_islabeled;
115 static zoneid_t zone_id;
116 dladm_handle_t dld_handle = NULL;
117
118 static char pre_statechg_hook[2 * MAXPATHLEN];
119 static char post_statechg_hook[2 * MAXPATHLEN];
120 char query_hook[2 * MAXPATHLEN];
121
122 zlog_t logsys;
123
124 mutex_t lock = DEFAULTMUTEX; /* to serialize stuff */
125 mutex_t msglock = DEFAULTMUTEX; /* for calling setlocale() */
126
127 static sema_t scratch_sem; /* for scratch zones */
128
129 static char zone_door_path[MAXPATHLEN];
130 static int zone_door = -1;
131
132 boolean_t in_death_throes = B_FALSE; /* daemon is dying */
133 boolean_t bringup_failure_recovery = B_FALSE; /* ignore certain failures */
134
135 #if !defined(TEXT_DOMAIN) /* should be defined by cc -D */
136 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */
137 #endif
138
139 #define DEFAULT_LOCALE "C"
140
141 static const char *
142 z_cmd_name(zone_cmd_t zcmd)
143 {
144 /* This list needs to match the enum in sys/zone.h */
145 static const char *zcmdstr[] = {
146 "ready", "boot", "forceboot", "reboot", "halt",
147 "note_uninstalling", "mount", "forcemount", "unmount"
148 };
149
150 if (zcmd >= sizeof (zcmdstr) / sizeof (*zcmdstr))
151 return ("unknown");
152 else
153 return (zcmdstr[(int)zcmd]);
154 }
155
156 static char *
157 get_execbasename(char *execfullname)
158 {
159 char *last_slash, *execbasename;
160
161 /* guard against '/' at end of command invocation */
162 for (;;) {
163 last_slash = strrchr(execfullname, '/');
164 if (last_slash == NULL) {
165 execbasename = execfullname;
166 break;
167 } else {
969
970 if (brand_prestatechg(zlogp, zstate, Z_HALT) != 0)
971 return (-1);
972
973 if (vplat_teardown(zlogp, unmount_cmd, rebooting) != 0) {
974 if (!bringup_failure_recovery)
975 zerror(zlogp, B_FALSE, "unable to destroy zone");
976 return (-1);
977 }
978
979 if ((err = zonecfg_destroy_snapshot(zone_name)) != Z_OK)
980 zerror(zlogp, B_FALSE, "destroying snapshot: %s",
981 zonecfg_strerror(err));
982
983 if (brand_poststatechg(zlogp, zstate, Z_HALT) != 0)
984 return (-1);
985
986 return (0);
987 }
988
989 /*
990 * Generate AUE_zone_state for a command that boots a zone.
991 */
992 static void
993 audit_put_record(zlog_t *zlogp, ucred_t *uc, int return_val,
994 char *new_state)
995 {
996 adt_session_data_t *ah;
997 adt_event_data_t *event;
998 int pass_fail, fail_reason;
999
1000 if (!adt_audit_enabled())
1001 return;
1002
1003 if (return_val == 0) {
1004 pass_fail = ADT_SUCCESS;
1005 fail_reason = ADT_SUCCESS;
1006 } else {
1007 pass_fail = ADT_FAILURE;
1008 fail_reason = ADT_FAIL_VALUE_PROGRAM;
1044 uint_t n_desc)
1045 {
1046 ucred_t *uc = NULL;
1047 const priv_set_t *eset;
1048
1049 zone_state_t zstate;
1050 zone_cmd_t cmd;
1051 zone_cmd_arg_t *zargp;
1052
1053 boolean_t kernelcall;
1054
1055 int rval = -1;
1056 uint64_t uniqid;
1057 zoneid_t zoneid = -1;
1058 zlog_t zlog;
1059 zlog_t *zlogp;
1060 zone_cmd_rval_t *rvalp;
1061 size_t rlen = getpagesize(); /* conservative */
1062 fs_callback_t cb;
1063 brand_handle_t bh;
1064
1065 /* LINTED E_BAD_PTR_CAST_ALIGN */
1066 zargp = (zone_cmd_arg_t *)args;
1067
1068 /*
1069 * When we get the door unref message, we've fdetach'd the door, and
1070 * it is time for us to shut down zoneadmd.
1071 */
1072 if (zargp == DOOR_UNREF_DATA) {
1073 /*
1074 * See comment at end of main() for info on the last rites.
1075 */
1076 exit(0);
1077 }
1078
1079 if (zargp == NULL) {
1080 (void) door_return(NULL, 0, 0, 0);
1081 }
1082
1083 rvalp = alloca(rlen);
1120 * might become invalid, the door call would be over.
1121 */
1122 zlog.locale = kernelcall ? DEFAULT_LOCALE : zargp->locale;
1123
1124 (void) mutex_lock(&lock);
1125
1126 /*
1127 * Once we start to really die off, we don't want more connections.
1128 */
1129 if (in_death_throes) {
1130 (void) mutex_unlock(&lock);
1131 ucred_free(uc);
1132 (void) door_return(NULL, 0, 0, 0);
1133 thr_exit(NULL);
1134 }
1135
1136 /*
1137 * Check for validity of command.
1138 */
1139 if (cmd != Z_READY && cmd != Z_BOOT && cmd != Z_FORCEBOOT &&
1140 cmd != Z_REBOOT && cmd != Z_HALT && cmd != Z_NOTE_UNINSTALLING &&
1141 cmd != Z_MOUNT && cmd != Z_FORCEMOUNT && cmd != Z_UNMOUNT) {
1142 zerror(&logsys, B_FALSE, "invalid command %d", (int)cmd);
1143 goto out;
1144 }
1145
1146 if (kernelcall && (cmd != Z_HALT && cmd != Z_REBOOT)) {
1147 /*
1148 * Can't happen
1149 */
1150 zerror(&logsys, B_FALSE, "received unexpected kernel upcall %d",
1151 cmd);
1152 goto out;
1153 }
1154 /*
1155 * We ignore the possibility of someone calling zone_create(2)
1156 * explicitly; all requests must come through zoneadmd.
1157 */
1158 if (zone_get_state(zone_name, &zstate) != Z_OK) {
1159 /*
1160 * Something terribly wrong happened
1161 */
1207 rval = zone_ready(zlogp, Z_MNT_BOOT, zstate);
1208 if (rval == 0)
1209 eventstream_write(Z_EVT_ZONE_READIED);
1210 break;
1211 case Z_BOOT:
1212 case Z_FORCEBOOT:
1213 eventstream_write(Z_EVT_ZONE_BOOTING);
1214 if ((rval = zone_ready(zlogp, Z_MNT_BOOT, zstate))
1215 == 0) {
1216 rval = zone_bootup(zlogp, zargp->bootbuf,
1217 zstate);
1218 }
1219 audit_put_record(zlogp, uc, rval, "boot");
1220 if (rval != 0) {
1221 bringup_failure_recovery = B_TRUE;
1222 (void) zone_halt(zlogp, B_FALSE, B_FALSE,
1223 zstate);
1224 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1225 }
1226 break;
1227 case Z_HALT:
1228 if (kernelcall) /* Invalid; can't happen */
1229 abort();
1230 /*
1231 * We could have two clients racing to halt this
1232 * zone; the second client loses, but his request
1233 * doesn't fail, since the zone is now in the desired
1234 * state.
1235 */
1236 zerror(zlogp, B_FALSE, "zone is already halted");
1237 rval = 0;
1238 break;
1239 case Z_REBOOT:
1240 if (kernelcall) /* Invalid; can't happen */
1241 abort();
1242 zerror(zlogp, B_FALSE, "%s operation is invalid "
1243 "for zones in state '%s'", z_cmd_name(cmd),
1244 zone_state_str(zstate));
1245 rval = -1;
1246 break;
1337 sizeof (boot_args));
1338 eventstream_write(Z_EVT_ZONE_BOOTING);
1339 rval = zone_bootup(zlogp, zargp->bootbuf, zstate);
1340 audit_put_record(zlogp, uc, rval, "boot");
1341 if (rval != 0) {
1342 bringup_failure_recovery = B_TRUE;
1343 (void) zone_halt(zlogp, B_FALSE, B_TRUE,
1344 zstate);
1345 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1346 }
1347 boot_args[0] = '\0';
1348 break;
1349 case Z_HALT:
1350 if (kernelcall) /* Invalid; can't happen */
1351 abort();
1352 if ((rval = zone_halt(zlogp, B_FALSE, B_FALSE, zstate))
1353 != 0)
1354 break;
1355 eventstream_write(Z_EVT_ZONE_HALTED);
1356 break;
1357 case Z_REBOOT:
1358 case Z_NOTE_UNINSTALLING:
1359 case Z_MOUNT:
1360 case Z_UNMOUNT:
1361 if (kernelcall) /* Invalid; can't happen */
1362 abort();
1363 zerror(zlogp, B_FALSE, "%s operation is invalid "
1364 "for zones in state '%s'", z_cmd_name(cmd),
1365 zone_state_str(zstate));
1366 rval = -1;
1367 break;
1368 }
1369 break;
1370
1371 case ZONE_STATE_MOUNTED:
1372 switch (cmd) {
1373 case Z_UNMOUNT:
1374 if (kernelcall) /* Invalid; can't happen */
1375 abort();
1376 rval = zone_halt(zlogp, B_TRUE, B_FALSE, zstate);
1427 != 0) {
1428 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1429 boot_args[0] = '\0';
1430 break;
1431 }
1432 if ((rval = zone_ready(zlogp, Z_MNT_BOOT, zstate))
1433 != 0) {
1434 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1435 boot_args[0] = '\0';
1436 break;
1437 }
1438 rval = zone_bootup(zlogp, zargp->bootbuf, zstate);
1439 audit_put_record(zlogp, uc, rval, "reboot");
1440 if (rval != 0) {
1441 (void) zone_halt(zlogp, B_FALSE, B_TRUE,
1442 zstate);
1443 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1444 }
1445 boot_args[0] = '\0';
1446 break;
1447 case Z_NOTE_UNINSTALLING:
1448 case Z_MOUNT:
1449 case Z_UNMOUNT:
1450 zerror(zlogp, B_FALSE, "%s operation is invalid "
1451 "for zones in state '%s'", z_cmd_name(cmd),
1452 zone_state_str(zstate));
1453 rval = -1;
1454 break;
1455 }
1456 break;
1457 default:
1458 abort();
1459 }
1460
1461 /*
1462 * Because the state of the zone may have changed, we make sure
1463 * to wake the console poller, which is in charge of initiating
1464 * the shutdown procedure as necessary.
1465 */
1466 eventstream_write(Z_EVT_NULL);
1467
1468 out:
1469 (void) mutex_unlock(&lock);
1470 if (kernelcall) {
1471 rvalp = NULL;
1472 rlen = 0;
1473 } else {
1474 rvalp->rval = rval;
1475 }
1476 if (uc != NULL)
1477 ucred_free(uc);
1478 (void) door_return((char *)rvalp, rlen, NULL, 0);
1479 thr_exit(NULL);
1480 }
1481
1482 static int
1483 setup_door(zlog_t *zlogp)
1484 {
1485 if ((zone_door = door_create(server, NULL,
1486 DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) {
1487 zerror(zlogp, B_TRUE, "%s failed", "door_create");
1488 return (-1);
1489 }
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 */
26
27 /*
28 * zoneadmd manages zones; one zoneadmd process is launched for each
29 * non-global zone on the system. This daemon juggles four jobs:
30 *
31 * - Implement setup and teardown of the zone "virtual platform": mount and
32 * unmount filesystems; create and destroy network interfaces; communicate
33 * with devfsadmd to lay out devices for the zone; instantiate the zone
34 * console device; configure process runtime attributes such as resource
35 * controls, pool bindings, fine-grained privileges.
36 *
37 * - Launch the zone's init(1M) process.
38 *
39 * - Implement a door server; clients (like zoneadm) connect to the door
40 * server and request zone state changes. The kernel is also a client of
41 * this door server. A request to halt or reboot the zone which originates
42 * *inside* the zone results in a door upcall from the kernel into zoneadmd.
43 *
44 * One minor problem is that messages emitted by zoneadmd need to be passed
83 #include <stdio.h>
84 #include <stdlib.h>
85 #include <string.h>
86 #include <strings.h>
87 #include <synch.h>
88 #include <syslog.h>
89 #include <thread.h>
90 #include <unistd.h>
91 #include <wait.h>
92 #include <limits.h>
93 #include <zone.h>
94 #include <libbrand.h>
95 #include <sys/brand.h>
96 #include <libcontract.h>
97 #include <libcontract_priv.h>
98 #include <sys/brand.h>
99 #include <sys/contract/process.h>
100 #include <sys/ctfs.h>
101 #include <libdladm.h>
102 #include <sys/dls_mgmt.h>
103 #include <libscf.h>
104
105 #include <libzonecfg.h>
106 #include <zonestat_impl.h>
107 #include "zoneadmd.h"
108
109 static char *progname;
110 char *zone_name; /* zone which we are managing */
111 char pool_name[MAXNAMELEN];
112 char default_brand[MAXNAMELEN];
113 char brand_name[MAXNAMELEN];
114 boolean_t zone_isnative;
115 boolean_t zone_iscluster;
116 boolean_t zone_islabeled;
117 boolean_t shutdown_in_progress;
118 static zoneid_t zone_id;
119 dladm_handle_t dld_handle = NULL;
120
121 static char pre_statechg_hook[2 * MAXPATHLEN];
122 static char post_statechg_hook[2 * MAXPATHLEN];
123 char query_hook[2 * MAXPATHLEN];
124
125 zlog_t logsys;
126
127 mutex_t lock = DEFAULTMUTEX; /* to serialize stuff */
128 mutex_t msglock = DEFAULTMUTEX; /* for calling setlocale() */
129
130 static sema_t scratch_sem; /* for scratch zones */
131
132 static char zone_door_path[MAXPATHLEN];
133 static int zone_door = -1;
134
135 boolean_t in_death_throes = B_FALSE; /* daemon is dying */
136 boolean_t bringup_failure_recovery = B_FALSE; /* ignore certain failures */
137
138 #if !defined(TEXT_DOMAIN) /* should be defined by cc -D */
139 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */
140 #endif
141
142 #define DEFAULT_LOCALE "C"
143
144 static const char *
145 z_cmd_name(zone_cmd_t zcmd)
146 {
147 /* This list needs to match the enum in sys/zone.h */
148 static const char *zcmdstr[] = {
149 "ready", "boot", "forceboot", "reboot", "halt",
150 "note_uninstalling", "mount", "forcemount", "unmount",
151 "shutdown"
152 };
153
154 if (zcmd >= sizeof (zcmdstr) / sizeof (*zcmdstr))
155 return ("unknown");
156 else
157 return (zcmdstr[(int)zcmd]);
158 }
159
160 static char *
161 get_execbasename(char *execfullname)
162 {
163 char *last_slash, *execbasename;
164
165 /* guard against '/' at end of command invocation */
166 for (;;) {
167 last_slash = strrchr(execfullname, '/');
168 if (last_slash == NULL) {
169 execbasename = execfullname;
170 break;
171 } else {
973
974 if (brand_prestatechg(zlogp, zstate, Z_HALT) != 0)
975 return (-1);
976
977 if (vplat_teardown(zlogp, unmount_cmd, rebooting) != 0) {
978 if (!bringup_failure_recovery)
979 zerror(zlogp, B_FALSE, "unable to destroy zone");
980 return (-1);
981 }
982
983 if ((err = zonecfg_destroy_snapshot(zone_name)) != Z_OK)
984 zerror(zlogp, B_FALSE, "destroying snapshot: %s",
985 zonecfg_strerror(err));
986
987 if (brand_poststatechg(zlogp, zstate, Z_HALT) != 0)
988 return (-1);
989
990 return (0);
991 }
992
993 static int
994 zone_graceful_shutdown(zlog_t *zlogp)
995 {
996 zoneid_t zoneid;
997 pid_t child;
998 char cmdbuf[MAXPATHLEN];
999 brand_handle_t bh = NULL;
1000 char zpath[MAXPATHLEN];
1001 ctid_t ct;
1002 int tmpl_fd;
1003 int child_status;
1004
1005 if (shutdown_in_progress) {
1006 zerror(zlogp, B_FALSE, "shutdown already in progress");
1007 return (-1);
1008 }
1009
1010 if ((zoneid = getzoneidbyname(zone_name)) == -1) {
1011 zerror(zlogp, B_TRUE, "unable to get zoneid");
1012 return (-1);
1013 }
1014
1015 /* Get a handle to the brand info for this zone */
1016 if ((bh = brand_open(brand_name)) == NULL) {
1017 zerror(zlogp, B_FALSE, "unable to determine zone brand");
1018 return (-1);
1019 }
1020
1021 if (zone_get_zonepath(zone_name, zpath, sizeof (zpath)) != Z_OK) {
1022 zerror(zlogp, B_FALSE, "unable to determine zone path");
1023 brand_close(bh);
1024 return (-1);
1025 }
1026
1027 /*
1028 * If there is a brand 'shutdown' callback, execute it now to give the
1029 * brand a chance to cleanup any custom configuration.
1030 */
1031 (void) strcpy(cmdbuf, EXEC_PREFIX);
1032 if (brand_get_shutdown(bh, zone_name, zpath, cmdbuf + EXEC_LEN,
1033 sizeof (cmdbuf) - EXEC_LEN) != 0 || strlen(cmdbuf) <= EXEC_LEN) {
1034 (void) strcat(cmdbuf, SHUTDOWN_DEFAULT);
1035 }
1036 brand_close(bh);
1037
1038 if ((tmpl_fd = init_template()) == -1) {
1039 zerror(zlogp, B_TRUE, "failed to create contract");
1040 return (-1);
1041 }
1042
1043 if ((child = fork()) == -1) {
1044 (void) ct_tmpl_clear(tmpl_fd);
1045 (void) close(tmpl_fd);
1046 zerror(zlogp, B_TRUE, "failed to fork");
1047 return (-1);
1048 } else if (child == 0) {
1049 (void) ct_tmpl_clear(tmpl_fd);
1050 if (zone_enter(zoneid) == -1) {
1051 _exit(errno);
1052 }
1053 _exit(execl("/bin/sh", "sh", "-c", cmdbuf, (char *)NULL));
1054 }
1055
1056 if (contract_latest(&ct) == -1)
1057 ct = -1;
1058 (void) ct_tmpl_clear(tmpl_fd);
1059 (void) close(tmpl_fd);
1060
1061 if (waitpid(child, &child_status, 0) != child) {
1062 /* unexpected: we must have been signalled */
1063 (void) contract_abandon_id(ct);
1064 return (-1);
1065 }
1066
1067 (void) contract_abandon_id(ct);
1068 if (WEXITSTATUS(child_status) != 0) {
1069 errno = WEXITSTATUS(child_status);
1070 zerror(zlogp, B_FALSE, "unable to shutdown zone");
1071 return (-1);
1072 }
1073
1074 shutdown_in_progress = B_TRUE;
1075
1076 return (0);
1077 }
1078
1079 static int
1080 zone_wait_shutdown(zlog_t *zlogp)
1081 {
1082 zone_state_t zstate;
1083 uint64_t *tm = NULL;
1084 scf_simple_prop_t *prop = NULL;
1085 int timeout;
1086 int tries;
1087 int rc = -1;
1088
1089 /* Get default stop timeout from SMF framework */
1090 timeout = SHUTDOWN_WAIT;
1091 if ((prop = scf_simple_prop_get(NULL, SHUTDOWN_FMRI, "stop",
1092 SCF_PROPERTY_TIMEOUT)) != NULL) {
1093 if ((tm = scf_simple_prop_next_count(prop)) != NULL) {
1094 if (tm != 0)
1095 timeout = *tm;
1096 }
1097 scf_simple_prop_free(prop);
1098 }
1099
1100 /* allow time for zone to shutdown cleanly */
1101 for (tries = 0; tries < timeout; tries ++) {
1102 (void) sleep(1);
1103 if (zone_get_state(zone_name, &zstate) == Z_OK &&
1104 zstate == ZONE_STATE_INSTALLED) {
1105 rc = 0;
1106 break;
1107 }
1108 }
1109
1110 if (rc != 0)
1111 zerror(zlogp, B_FALSE, "unable to shutdown zone");
1112
1113 shutdown_in_progress = B_FALSE;
1114
1115 return (rc);
1116 }
1117
1118
1119
1120 /*
1121 * Generate AUE_zone_state for a command that boots a zone.
1122 */
1123 static void
1124 audit_put_record(zlog_t *zlogp, ucred_t *uc, int return_val,
1125 char *new_state)
1126 {
1127 adt_session_data_t *ah;
1128 adt_event_data_t *event;
1129 int pass_fail, fail_reason;
1130
1131 if (!adt_audit_enabled())
1132 return;
1133
1134 if (return_val == 0) {
1135 pass_fail = ADT_SUCCESS;
1136 fail_reason = ADT_SUCCESS;
1137 } else {
1138 pass_fail = ADT_FAILURE;
1139 fail_reason = ADT_FAIL_VALUE_PROGRAM;
1175 uint_t n_desc)
1176 {
1177 ucred_t *uc = NULL;
1178 const priv_set_t *eset;
1179
1180 zone_state_t zstate;
1181 zone_cmd_t cmd;
1182 zone_cmd_arg_t *zargp;
1183
1184 boolean_t kernelcall;
1185
1186 int rval = -1;
1187 uint64_t uniqid;
1188 zoneid_t zoneid = -1;
1189 zlog_t zlog;
1190 zlog_t *zlogp;
1191 zone_cmd_rval_t *rvalp;
1192 size_t rlen = getpagesize(); /* conservative */
1193 fs_callback_t cb;
1194 brand_handle_t bh;
1195 boolean_t wait_shut = B_FALSE;
1196
1197 /* LINTED E_BAD_PTR_CAST_ALIGN */
1198 zargp = (zone_cmd_arg_t *)args;
1199
1200 /*
1201 * When we get the door unref message, we've fdetach'd the door, and
1202 * it is time for us to shut down zoneadmd.
1203 */
1204 if (zargp == DOOR_UNREF_DATA) {
1205 /*
1206 * See comment at end of main() for info on the last rites.
1207 */
1208 exit(0);
1209 }
1210
1211 if (zargp == NULL) {
1212 (void) door_return(NULL, 0, 0, 0);
1213 }
1214
1215 rvalp = alloca(rlen);
1252 * might become invalid, the door call would be over.
1253 */
1254 zlog.locale = kernelcall ? DEFAULT_LOCALE : zargp->locale;
1255
1256 (void) mutex_lock(&lock);
1257
1258 /*
1259 * Once we start to really die off, we don't want more connections.
1260 */
1261 if (in_death_throes) {
1262 (void) mutex_unlock(&lock);
1263 ucred_free(uc);
1264 (void) door_return(NULL, 0, 0, 0);
1265 thr_exit(NULL);
1266 }
1267
1268 /*
1269 * Check for validity of command.
1270 */
1271 if (cmd != Z_READY && cmd != Z_BOOT && cmd != Z_FORCEBOOT &&
1272 cmd != Z_REBOOT && cmd != Z_SHUTDOWN && cmd != Z_HALT &&
1273 cmd != Z_NOTE_UNINSTALLING && cmd != Z_MOUNT &&
1274 cmd != Z_FORCEMOUNT && cmd != Z_UNMOUNT) {
1275 zerror(&logsys, B_FALSE, "invalid command %d", (int)cmd);
1276 goto out;
1277 }
1278
1279 if (kernelcall && (cmd != Z_HALT && cmd != Z_REBOOT)) {
1280 /*
1281 * Can't happen
1282 */
1283 zerror(&logsys, B_FALSE, "received unexpected kernel upcall %d",
1284 cmd);
1285 goto out;
1286 }
1287 /*
1288 * We ignore the possibility of someone calling zone_create(2)
1289 * explicitly; all requests must come through zoneadmd.
1290 */
1291 if (zone_get_state(zone_name, &zstate) != Z_OK) {
1292 /*
1293 * Something terribly wrong happened
1294 */
1340 rval = zone_ready(zlogp, Z_MNT_BOOT, zstate);
1341 if (rval == 0)
1342 eventstream_write(Z_EVT_ZONE_READIED);
1343 break;
1344 case Z_BOOT:
1345 case Z_FORCEBOOT:
1346 eventstream_write(Z_EVT_ZONE_BOOTING);
1347 if ((rval = zone_ready(zlogp, Z_MNT_BOOT, zstate))
1348 == 0) {
1349 rval = zone_bootup(zlogp, zargp->bootbuf,
1350 zstate);
1351 }
1352 audit_put_record(zlogp, uc, rval, "boot");
1353 if (rval != 0) {
1354 bringup_failure_recovery = B_TRUE;
1355 (void) zone_halt(zlogp, B_FALSE, B_FALSE,
1356 zstate);
1357 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1358 }
1359 break;
1360 case Z_SHUTDOWN:
1361 case Z_HALT:
1362 if (kernelcall) /* Invalid; can't happen */
1363 abort();
1364 /*
1365 * We could have two clients racing to halt this
1366 * zone; the second client loses, but his request
1367 * doesn't fail, since the zone is now in the desired
1368 * state.
1369 */
1370 zerror(zlogp, B_FALSE, "zone is already halted");
1371 rval = 0;
1372 break;
1373 case Z_REBOOT:
1374 if (kernelcall) /* Invalid; can't happen */
1375 abort();
1376 zerror(zlogp, B_FALSE, "%s operation is invalid "
1377 "for zones in state '%s'", z_cmd_name(cmd),
1378 zone_state_str(zstate));
1379 rval = -1;
1380 break;
1471 sizeof (boot_args));
1472 eventstream_write(Z_EVT_ZONE_BOOTING);
1473 rval = zone_bootup(zlogp, zargp->bootbuf, zstate);
1474 audit_put_record(zlogp, uc, rval, "boot");
1475 if (rval != 0) {
1476 bringup_failure_recovery = B_TRUE;
1477 (void) zone_halt(zlogp, B_FALSE, B_TRUE,
1478 zstate);
1479 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1480 }
1481 boot_args[0] = '\0';
1482 break;
1483 case Z_HALT:
1484 if (kernelcall) /* Invalid; can't happen */
1485 abort();
1486 if ((rval = zone_halt(zlogp, B_FALSE, B_FALSE, zstate))
1487 != 0)
1488 break;
1489 eventstream_write(Z_EVT_ZONE_HALTED);
1490 break;
1491 case Z_SHUTDOWN:
1492 case Z_REBOOT:
1493 case Z_NOTE_UNINSTALLING:
1494 case Z_MOUNT:
1495 case Z_UNMOUNT:
1496 if (kernelcall) /* Invalid; can't happen */
1497 abort();
1498 zerror(zlogp, B_FALSE, "%s operation is invalid "
1499 "for zones in state '%s'", z_cmd_name(cmd),
1500 zone_state_str(zstate));
1501 rval = -1;
1502 break;
1503 }
1504 break;
1505
1506 case ZONE_STATE_MOUNTED:
1507 switch (cmd) {
1508 case Z_UNMOUNT:
1509 if (kernelcall) /* Invalid; can't happen */
1510 abort();
1511 rval = zone_halt(zlogp, B_TRUE, B_FALSE, zstate);
1562 != 0) {
1563 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1564 boot_args[0] = '\0';
1565 break;
1566 }
1567 if ((rval = zone_ready(zlogp, Z_MNT_BOOT, zstate))
1568 != 0) {
1569 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1570 boot_args[0] = '\0';
1571 break;
1572 }
1573 rval = zone_bootup(zlogp, zargp->bootbuf, zstate);
1574 audit_put_record(zlogp, uc, rval, "reboot");
1575 if (rval != 0) {
1576 (void) zone_halt(zlogp, B_FALSE, B_TRUE,
1577 zstate);
1578 eventstream_write(Z_EVT_ZONE_BOOTFAILED);
1579 }
1580 boot_args[0] = '\0';
1581 break;
1582 case Z_SHUTDOWN:
1583 if ((rval = zone_graceful_shutdown(zlogp)) == 0) {
1584 wait_shut = B_TRUE;
1585 }
1586 break;
1587 case Z_NOTE_UNINSTALLING:
1588 case Z_MOUNT:
1589 case Z_UNMOUNT:
1590 zerror(zlogp, B_FALSE, "%s operation is invalid "
1591 "for zones in state '%s'", z_cmd_name(cmd),
1592 zone_state_str(zstate));
1593 rval = -1;
1594 break;
1595 }
1596 break;
1597 default:
1598 abort();
1599 }
1600
1601 /*
1602 * Because the state of the zone may have changed, we make sure
1603 * to wake the console poller, which is in charge of initiating
1604 * the shutdown procedure as necessary.
1605 */
1606 eventstream_write(Z_EVT_NULL);
1607
1608 out:
1609 (void) mutex_unlock(&lock);
1610
1611 /* Wait for the Z_SHUTDOWN commands to complete */
1612 if (wait_shut)
1613 rval = zone_wait_shutdown(zlogp);
1614
1615 if (kernelcall) {
1616 rvalp = NULL;
1617 rlen = 0;
1618 } else {
1619 rvalp->rval = rval;
1620 }
1621 if (uc != NULL)
1622 ucred_free(uc);
1623 (void) door_return((char *)rvalp, rlen, NULL, 0);
1624 thr_exit(NULL);
1625 }
1626
1627 static int
1628 setup_door(zlog_t *zlogp)
1629 {
1630 if ((zone_door = door_create(server, NULL,
1631 DOOR_UNREF | DOOR_REFUSE_DESC | DOOR_NO_CANCEL)) < 0) {
1632 zerror(zlogp, B_TRUE, "%s failed", "door_create");
1633 return (-1);
1634 }
|