1104 return (-1);
1105 }
1106 return (0);
1107 }
1108
1109 /*
1110 * Apply the standard lists of devices/symlinks/mappings and the user-specified
1111 * list of devices (via zonecfg) to the /dev filesystem. The filesystem will
1112 * use these as a profile/filter to determine what exists in /dev.
1113 */
1114 static int
1115 mount_one_dev(zlog_t *zlogp, char *devpath, zone_mnt_t mount_cmd)
1116 {
1117 char brand[MAXNAMELEN];
1118 brand_handle_t bh = NULL;
1119 struct zone_devtab ztab;
1120 di_prof_t prof = NULL;
1121 int err;
1122 int retval = -1;
1123 zone_iptype_t iptype;
1124 const char *curr_iptype;
1125
1126 if (di_prof_init(devpath, &prof)) {
1127 zerror(zlogp, B_TRUE, "failed to initialize profile");
1128 goto cleanup;
1129 }
1130
1131 /*
1132 * Get a handle to the brand info for this zone.
1133 * If we are mounting the zone, then we must always use the default
1134 * brand device mounts.
1135 */
1136 if (ALT_MOUNT(mount_cmd)) {
1137 (void) strlcpy(brand, default_brand, sizeof (brand));
1138 } else {
1139 (void) strlcpy(brand, brand_name, sizeof (brand));
1140 }
1141
1142 if ((bh = brand_open(brand)) == NULL) {
1143 zerror(zlogp, B_FALSE, "unable to determine zone brand");
1144 goto cleanup;
1145 }
1146
1147 if (vplat_get_iptype(zlogp, &iptype) < 0) {
1148 zerror(zlogp, B_TRUE, "unable to determine ip-type");
1149 goto cleanup;
1150 }
1151 switch (iptype) {
1152 case ZS_SHARED:
1153 curr_iptype = "shared";
1154 break;
1155 case ZS_EXCLUSIVE:
1156 curr_iptype = "exclusive";
1157 break;
1158 }
1159
1160 if (brand_platform_iter_devices(bh, zone_name,
1161 mount_one_dev_device_cb, prof, curr_iptype) != 0) {
1162 zerror(zlogp, B_TRUE, "failed to add standard device");
1163 goto cleanup;
1164 }
1165
1166 if (brand_platform_iter_link(bh,
1167 mount_one_dev_symlink_cb, prof) != 0) {
1168 zerror(zlogp, B_TRUE, "failed to add standard symlink");
1169 goto cleanup;
1170 }
1171
1172 /* Add user-specified devices and directories */
1173 if ((err = zonecfg_setdevent(snap_hndl)) != 0) {
1174 zerror(zlogp, B_FALSE, "%s: %s", zone_name,
1175 zonecfg_strerror(err));
1176 goto cleanup;
1177 }
1178 while (zonecfg_getdevent(snap_hndl, &ztab) == Z_OK) {
3177
3178 bzero(&r, sizeof (*remote6));
3179 remote6 = (struct sockaddr_in6 *)&r;
3180 remote6->sin6_family = AF_INET6;
3181 remote6->sin6_port = 0;
3182 remote6->sin6_addr = in6addr_any;
3183
3184 if ((error = tcp_abort_conn(zlogp, zoneid, &l, &r)) != 0)
3185 return (error);
3186 return (0);
3187 }
3188
3189 static int
3190 get_privset(zlog_t *zlogp, priv_set_t *privs, zone_mnt_t mount_cmd)
3191 {
3192 int error = -1;
3193 char *privname = NULL;
3194
3195 if (ALT_MOUNT(mount_cmd)) {
3196 zone_iptype_t iptype;
3197 const char *curr_iptype;
3198
3199 if (zonecfg_get_iptype(snap_hndl, &iptype) != Z_OK) {
3200 zerror(zlogp, B_TRUE, "unable to determine ip-type");
3201 return (-1);
3202 }
3203
3204 switch (iptype) {
3205 case ZS_SHARED:
3206 curr_iptype = "shared";
3207 break;
3208 case ZS_EXCLUSIVE:
3209 curr_iptype = "exclusive";
3210 break;
3211 }
3212
3213 if (zonecfg_default_privset(privs, curr_iptype) == Z_OK)
3214 return (0);
3215
3216 zerror(zlogp, B_FALSE,
3217 "failed to determine the zone's default privilege set");
4482 * zones across reboots. They can't use the zoneid since that changes on
4483 * each boot.
4484 */
4485 zoneid_t
4486 vplat_create(zlog_t *zlogp, zone_mnt_t mount_cmd, zoneid_t zone_did)
4487 {
4488 zoneid_t rval = -1;
4489 priv_set_t *privs;
4490 char rootpath[MAXPATHLEN];
4491 char *rctlbuf = NULL;
4492 size_t rctlbufsz = 0;
4493 char *zfsbuf = NULL;
4494 size_t zfsbufsz = 0;
4495 zoneid_t zoneid = -1;
4496 int xerr;
4497 char *kzone;
4498 FILE *fp = NULL;
4499 tsol_zcent_t *zcent = NULL;
4500 int match = 0;
4501 int doi = 0;
4502 int flags;
4503 zone_iptype_t iptype;
4504
4505 if (zone_get_rootpath(zone_name, rootpath, sizeof (rootpath)) != Z_OK) {
4506 zerror(zlogp, B_TRUE, "unable to determine zone root");
4507 return (-1);
4508 }
4509 if (zonecfg_in_alt_root())
4510 resolve_lofs(zlogp, rootpath, sizeof (rootpath));
4511
4512 if (vplat_get_iptype(zlogp, &iptype) < 0) {
4513 zerror(zlogp, B_TRUE, "unable to determine ip-type");
4514 return (-1);
4515 }
4516 switch (iptype) {
4517 case ZS_SHARED:
4518 flags = 0;
4519 break;
4520 case ZS_EXCLUSIVE:
4521 flags = ZCF_NET_EXCL;
4522 break;
4523 }
4524
4525 if ((privs = priv_allocset()) == NULL) {
4526 zerror(zlogp, B_TRUE, "%s failed", "priv_allocset");
4527 return (-1);
4528 }
4529 priv_emptyset(privs);
4530 if (get_privset(zlogp, privs, mount_cmd) != 0)
4531 goto error;
4532
4533 if (mount_cmd == Z_MNT_BOOT &&
4534 get_rctls(zlogp, &rctlbuf, &rctlbufsz) != 0) {
4535 zerror(zlogp, B_FALSE, "Unable to get list of rctls");
4536 goto error;
4537 }
4538
4539 if (get_datasets(zlogp, &zfsbuf, &zfsbufsz) != 0) {
4540 zerror(zlogp, B_FALSE, "Unable to get list of ZFS datasets");
4541 goto error;
4542 }
4543
4855 lofs_discard_mnttab();
4856 return (-1);
4857 }
4858
4859 switch (iptype) {
4860 case ZS_SHARED:
4861 /* Always do this to make lo0 get configured */
4862 if (configure_shared_network_interfaces(zlogp) != 0) {
4863 lofs_discard_mnttab();
4864 return (-1);
4865 }
4866 break;
4867 case ZS_EXCLUSIVE:
4868 if (configure_exclusive_network_interfaces(zlogp,
4869 zoneid) !=
4870 0) {
4871 lofs_discard_mnttab();
4872 return (-1);
4873 }
4874 break;
4875 }
4876 }
4877
4878 write_index_file(zoneid);
4879
4880 lofs_discard_mnttab();
4881 return (0);
4882 }
4883
4884 static int
4885 lu_root_teardown(zlog_t *zlogp)
4886 {
4887 char zroot[MAXPATHLEN];
4888
4889 if (zone_get_rootpath(zone_name, zroot, sizeof (zroot)) != Z_OK) {
4890 zerror(zlogp, B_FALSE, "unable to determine zone root");
4891 return (-1);
4892 }
4893 root_to_lu(zlogp, zroot, sizeof (zroot), B_FALSE);
4894
|
1104 return (-1);
1105 }
1106 return (0);
1107 }
1108
1109 /*
1110 * Apply the standard lists of devices/symlinks/mappings and the user-specified
1111 * list of devices (via zonecfg) to the /dev filesystem. The filesystem will
1112 * use these as a profile/filter to determine what exists in /dev.
1113 */
1114 static int
1115 mount_one_dev(zlog_t *zlogp, char *devpath, zone_mnt_t mount_cmd)
1116 {
1117 char brand[MAXNAMELEN];
1118 brand_handle_t bh = NULL;
1119 struct zone_devtab ztab;
1120 di_prof_t prof = NULL;
1121 int err;
1122 int retval = -1;
1123 zone_iptype_t iptype;
1124 const char *curr_iptype = NULL;
1125
1126 if (di_prof_init(devpath, &prof)) {
1127 zerror(zlogp, B_TRUE, "failed to initialize profile");
1128 goto cleanup;
1129 }
1130
1131 /*
1132 * Get a handle to the brand info for this zone.
1133 * If we are mounting the zone, then we must always use the default
1134 * brand device mounts.
1135 */
1136 if (ALT_MOUNT(mount_cmd)) {
1137 (void) strlcpy(brand, default_brand, sizeof (brand));
1138 } else {
1139 (void) strlcpy(brand, brand_name, sizeof (brand));
1140 }
1141
1142 if ((bh = brand_open(brand)) == NULL) {
1143 zerror(zlogp, B_FALSE, "unable to determine zone brand");
1144 goto cleanup;
1145 }
1146
1147 if (vplat_get_iptype(zlogp, &iptype) < 0) {
1148 zerror(zlogp, B_TRUE, "unable to determine ip-type");
1149 goto cleanup;
1150 }
1151 switch (iptype) {
1152 case ZS_SHARED:
1153 curr_iptype = "shared";
1154 break;
1155 case ZS_EXCLUSIVE:
1156 curr_iptype = "exclusive";
1157 break;
1158 }
1159 if (curr_iptype == NULL)
1160 abort();
1161
1162 if (brand_platform_iter_devices(bh, zone_name,
1163 mount_one_dev_device_cb, prof, curr_iptype) != 0) {
1164 zerror(zlogp, B_TRUE, "failed to add standard device");
1165 goto cleanup;
1166 }
1167
1168 if (brand_platform_iter_link(bh,
1169 mount_one_dev_symlink_cb, prof) != 0) {
1170 zerror(zlogp, B_TRUE, "failed to add standard symlink");
1171 goto cleanup;
1172 }
1173
1174 /* Add user-specified devices and directories */
1175 if ((err = zonecfg_setdevent(snap_hndl)) != 0) {
1176 zerror(zlogp, B_FALSE, "%s: %s", zone_name,
1177 zonecfg_strerror(err));
1178 goto cleanup;
1179 }
1180 while (zonecfg_getdevent(snap_hndl, &ztab) == Z_OK) {
3179
3180 bzero(&r, sizeof (*remote6));
3181 remote6 = (struct sockaddr_in6 *)&r;
3182 remote6->sin6_family = AF_INET6;
3183 remote6->sin6_port = 0;
3184 remote6->sin6_addr = in6addr_any;
3185
3186 if ((error = tcp_abort_conn(zlogp, zoneid, &l, &r)) != 0)
3187 return (error);
3188 return (0);
3189 }
3190
3191 static int
3192 get_privset(zlog_t *zlogp, priv_set_t *privs, zone_mnt_t mount_cmd)
3193 {
3194 int error = -1;
3195 char *privname = NULL;
3196
3197 if (ALT_MOUNT(mount_cmd)) {
3198 zone_iptype_t iptype;
3199 const char *curr_iptype = NULL;
3200
3201 if (zonecfg_get_iptype(snap_hndl, &iptype) != Z_OK) {
3202 zerror(zlogp, B_TRUE, "unable to determine ip-type");
3203 return (-1);
3204 }
3205
3206 switch (iptype) {
3207 case ZS_SHARED:
3208 curr_iptype = "shared";
3209 break;
3210 case ZS_EXCLUSIVE:
3211 curr_iptype = "exclusive";
3212 break;
3213 }
3214
3215 if (zonecfg_default_privset(privs, curr_iptype) == Z_OK)
3216 return (0);
3217
3218 zerror(zlogp, B_FALSE,
3219 "failed to determine the zone's default privilege set");
4484 * zones across reboots. They can't use the zoneid since that changes on
4485 * each boot.
4486 */
4487 zoneid_t
4488 vplat_create(zlog_t *zlogp, zone_mnt_t mount_cmd, zoneid_t zone_did)
4489 {
4490 zoneid_t rval = -1;
4491 priv_set_t *privs;
4492 char rootpath[MAXPATHLEN];
4493 char *rctlbuf = NULL;
4494 size_t rctlbufsz = 0;
4495 char *zfsbuf = NULL;
4496 size_t zfsbufsz = 0;
4497 zoneid_t zoneid = -1;
4498 int xerr;
4499 char *kzone;
4500 FILE *fp = NULL;
4501 tsol_zcent_t *zcent = NULL;
4502 int match = 0;
4503 int doi = 0;
4504 int flags = -1;
4505 zone_iptype_t iptype;
4506
4507 if (zone_get_rootpath(zone_name, rootpath, sizeof (rootpath)) != Z_OK) {
4508 zerror(zlogp, B_TRUE, "unable to determine zone root");
4509 return (-1);
4510 }
4511 if (zonecfg_in_alt_root())
4512 resolve_lofs(zlogp, rootpath, sizeof (rootpath));
4513
4514 if (vplat_get_iptype(zlogp, &iptype) < 0) {
4515 zerror(zlogp, B_TRUE, "unable to determine ip-type");
4516 return (-1);
4517 }
4518 switch (iptype) {
4519 case ZS_SHARED:
4520 flags = 0;
4521 break;
4522 case ZS_EXCLUSIVE:
4523 flags = ZCF_NET_EXCL;
4524 break;
4525 }
4526 if (flags == -1)
4527 abort();
4528
4529 if ((privs = priv_allocset()) == NULL) {
4530 zerror(zlogp, B_TRUE, "%s failed", "priv_allocset");
4531 return (-1);
4532 }
4533 priv_emptyset(privs);
4534 if (get_privset(zlogp, privs, mount_cmd) != 0)
4535 goto error;
4536
4537 if (mount_cmd == Z_MNT_BOOT &&
4538 get_rctls(zlogp, &rctlbuf, &rctlbufsz) != 0) {
4539 zerror(zlogp, B_FALSE, "Unable to get list of rctls");
4540 goto error;
4541 }
4542
4543 if (get_datasets(zlogp, &zfsbuf, &zfsbufsz) != 0) {
4544 zerror(zlogp, B_FALSE, "Unable to get list of ZFS datasets");
4545 goto error;
4546 }
4547
4859 lofs_discard_mnttab();
4860 return (-1);
4861 }
4862
4863 switch (iptype) {
4864 case ZS_SHARED:
4865 /* Always do this to make lo0 get configured */
4866 if (configure_shared_network_interfaces(zlogp) != 0) {
4867 lofs_discard_mnttab();
4868 return (-1);
4869 }
4870 break;
4871 case ZS_EXCLUSIVE:
4872 if (configure_exclusive_network_interfaces(zlogp,
4873 zoneid) !=
4874 0) {
4875 lofs_discard_mnttab();
4876 return (-1);
4877 }
4878 break;
4879 default:
4880 abort();
4881 }
4882 }
4883
4884 write_index_file(zoneid);
4885
4886 lofs_discard_mnttab();
4887 return (0);
4888 }
4889
4890 static int
4891 lu_root_teardown(zlog_t *zlogp)
4892 {
4893 char zroot[MAXPATHLEN];
4894
4895 if (zone_get_rootpath(zone_name, zroot, sizeof (zroot)) != Z_OK) {
4896 zerror(zlogp, B_FALSE, "unable to determine zone root");
4897 return (-1);
4898 }
4899 root_to_lu(zlogp, zroot, sizeof (zroot), B_FALSE);
4900
|