Print this page
OS-192 zone_create() warning on headnode
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/zonecfg/zonecfg.c
+++ new/usr/src/cmd/zonecfg/zonecfg.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 25 * Copyright 2014 Gary Mills
26 26 * Copyright 2019 Joyent, Inc.
27 27 */
28 28
29 29 /*
30 30 * zonecfg is a lex/yacc based command interpreter used to manage zone
31 31 * configurations. The lexer (see zonecfg_lex.l) builds up tokens, which
32 32 * the grammar (see zonecfg_grammar.y) builds up into commands, some of
33 33 * which takes resources and/or properties as arguments. See the block
34 34 * comments near the end of zonecfg_grammar.y for how the data structures
35 35 * which keep track of these resources and properties are built up.
36 36 *
37 37 * The resource/property data structures are inserted into a command
38 38 * structure (see zonecfg.h), which also keeps track of command names,
39 39 * miscellaneous arguments, and function handlers. The grammar selects
40 40 * the appropriate function handler, each of which takes a pointer to a
41 41 * command structure as its sole argument, and invokes it. The grammar
42 42 * itself is "entered" (a la the Matrix) by yyparse(), which is called
43 43 * from read_input(), our main driving function. That in turn is called
44 44 * by one of do_interactive(), cmd_file() or one_command_at_a_time(), each
45 45 * of which is called from main() depending on how the program was invoked.
46 46 *
47 47 * The rest of this module consists of the various function handlers and
48 48 * their helper functions. Some of these functions, particularly the
49 49 * X_to_str() functions, which maps command, resource and property numbers
50 50 * to strings, are used quite liberally, as doing so results in a better
51 51 * program w/rt I18N, reducing the need for translation notes.
52 52 */
53 53
54 54 #include <sys/mntent.h>
55 55 #include <sys/varargs.h>
56 56 #include <sys/sysmacros.h>
57 57 #include <sys/secflags.h>
58 58
59 59 #include <errno.h>
60 60 #include <fcntl.h>
61 61 #include <strings.h>
62 62 #include <unistd.h>
63 63 #include <ctype.h>
64 64 #include <stdlib.h>
65 65 #include <assert.h>
66 66 #include <sys/stat.h>
67 67 #include <zone.h>
68 68 #include <arpa/inet.h>
69 69 #include <netdb.h>
70 70 #include <locale.h>
71 71 #include <libintl.h>
72 72 #include <alloca.h>
73 73 #include <signal.h>
74 74 #include <wait.h>
75 75 #include <libtecla.h>
76 76 #include <libzfs.h>
77 77 #include <sys/brand.h>
78 78 #include <libbrand.h>
79 79 #include <sys/systeminfo.h>
80 80 #include <libdladm.h>
81 81 #include <libinetutil.h>
82 82 #include <pwd.h>
83 83 #include <inet/ip.h>
84 84
85 85 #include <libzonecfg.h>
86 86 #include "zonecfg.h"
87 87
88 88 #if !defined(TEXT_DOMAIN) /* should be defined by cc -D */
89 89 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */
90 90 #endif
91 91
92 92 #define PAGER "/usr/bin/more"
93 93 #define EXEC_PREFIX "exec "
94 94 #define EXEC_LEN (strlen(EXEC_PREFIX))
95 95
96 96 struct help {
97 97 uint_t cmd_num;
98 98 char *cmd_name;
99 99 uint_t flags;
100 100 char *short_usage;
101 101 };
102 102
103 103 extern int yyparse(void);
104 104 extern int lex_lineno;
105 105
106 106 #define MAX_LINE_LEN 1024
107 107 #define MAX_CMD_HIST 1024
108 108 #define MAX_CMD_LEN 1024
109 109
110 110 #define ONE_MB 1048576
111 111
112 112 /*
113 113 * Each SHELP_ should be a simple string.
114 114 */
115 115
116 116 #define SHELP_ADD "add <resource-type>\n\t(global scope)\n" \
117 117 "add <property-name> <property-value>\n\t(resource scope)"
118 118 #define SHELP_CANCEL "cancel"
119 119 #define SHELP_CLEAR "clear <property-name>"
120 120 #define SHELP_COMMIT "commit"
121 121 #define SHELP_CREATE "create [-F] [ -a <path> | -b | -t <template> ]"
122 122 #define SHELP_DELETE "delete [-F]"
123 123 #define SHELP_END "end"
124 124 #define SHELP_EXIT "exit [-F]"
125 125 #define SHELP_EXPORT "export [-f output-file]"
126 126 #define SHELP_HELP "help [commands] [syntax] [usage] [<command-name>]"
127 127 #define SHELP_INFO "info [<resource-type> [property-name=property-value]*]"
128 128 #define SHELP_REMOVE "remove [-F] <resource-type> " \
129 129 "[ <property-name>=<property-value> ]*\n" \
130 130 "\t(global scope)\n" \
131 131 "remove <property-name> <property-value>\n" \
132 132 "\t(resource scope)"
133 133 #define SHELP_REVERT "revert [-F]"
134 134 #define SHELP_SELECT "select <resource-type> { <property-name>=" \
135 135 "<property-value> }"
136 136 #define SHELP_SET "set <property-name>=<property-value>"
137 137 #define SHELP_VERIFY "verify"
138 138
139 139 static struct help helptab[] = {
140 140 { CMD_ADD, "add", HELP_RES_PROPS, SHELP_ADD, },
141 141 { CMD_CANCEL, "cancel", 0, SHELP_CANCEL, },
142 142 { CMD_CLEAR, "clear", HELP_PROPS, SHELP_CLEAR, },
143 143 { CMD_COMMIT, "commit", 0, SHELP_COMMIT, },
144 144 { CMD_CREATE, "create", 0, SHELP_CREATE, },
145 145 { CMD_DELETE, "delete", 0, SHELP_DELETE, },
146 146 { CMD_END, "end", 0, SHELP_END, },
147 147 { CMD_EXIT, "exit", 0, SHELP_EXIT, },
148 148 { CMD_EXPORT, "export", 0, SHELP_EXPORT, },
149 149 { CMD_HELP, "help", 0, SHELP_HELP },
150 150 { CMD_INFO, "info", HELP_RES_PROPS, SHELP_INFO, },
151 151 { CMD_REMOVE, "remove", HELP_RES_PROPS, SHELP_REMOVE, },
152 152 { CMD_REVERT, "revert", 0, SHELP_REVERT, },
153 153 { CMD_SELECT, "select", HELP_RES_PROPS, SHELP_SELECT, },
154 154 { CMD_SET, "set", HELP_PROPS, SHELP_SET, },
155 155 { CMD_VERIFY, "verify", 0, SHELP_VERIFY, },
156 156 { 0 },
157 157 };
158 158
159 159 #define MAX_RT_STRLEN 16
160 160
161 161 /* These *must* match the order of the RT_ define's from zonecfg.h */
162 162 char *res_types[] = {
163 163 "unknown",
164 164 "zonename",
165 165 "zonepath",
166 166 "autoboot",
167 167 "pool",
168 168 "fs",
169 169 "net",
170 170 "device",
171 171 "rctl",
172 172 "attr",
173 173 "dataset",
174 174 "limitpriv",
175 175 "bootargs",
176 176 "brand",
177 177 "dedicated-cpu",
178 178 "capped-memory",
179 179 ALIAS_MAXLWPS,
180 180 ALIAS_MAXSHMMEM,
181 181 ALIAS_MAXSHMIDS,
182 182 ALIAS_MAXMSGIDS,
183 183 ALIAS_MAXSEMIDS,
184 184 ALIAS_SHARES,
185 185 "scheduling-class",
186 186 "ip-type",
187 187 "capped-cpu",
188 188 "hostid",
189 189 "admin",
190 190 "fs-allowed",
191 191 ALIAS_MAXPROCS,
192 192 "security-flags",
193 193 NULL
194 194 };
195 195
196 196 /* These *must* match the order of the PT_ define's from zonecfg.h */
197 197 char *prop_types[] = {
198 198 "unknown",
199 199 "zonename",
200 200 "zonepath",
201 201 "autoboot",
202 202 "pool",
203 203 "dir",
204 204 "special",
205 205 "type",
206 206 "options",
207 207 "address",
208 208 "physical",
209 209 "name",
210 210 "value",
211 211 "match",
212 212 "priv",
213 213 "limit",
214 214 "action",
215 215 "raw",
216 216 "limitpriv",
217 217 "bootargs",
218 218 "brand",
219 219 "ncpus",
220 220 "importance",
221 221 "swap",
222 222 "locked",
223 223 ALIAS_SHARES,
224 224 ALIAS_MAXLWPS,
225 225 ALIAS_MAXSHMMEM,
226 226 ALIAS_MAXSHMIDS,
227 227 ALIAS_MAXMSGIDS,
228 228 ALIAS_MAXSEMIDS,
229 229 ALIAS_MAXLOCKEDMEM,
230 230 ALIAS_MAXSWAP,
231 231 "scheduling-class",
232 232 "ip-type",
233 233 "defrouter",
234 234 "hostid",
235 235 "user",
236 236 "auths",
237 237 "fs-allowed",
238 238 ALIAS_MAXPROCS,
239 239 "allowed-address",
240 240 "default",
241 241 "lower",
242 242 "upper",
243 243 NULL
244 244 };
245 245
246 246 /* These *must* match the order of the PROP_VAL_ define's from zonecfg.h */
247 247 static char *prop_val_types[] = {
248 248 "simple",
249 249 "complex",
250 250 "list",
251 251 };
252 252
253 253 /*
254 254 * The various _cmds[] lists below are for command tab-completion.
255 255 */
256 256
257 257 /*
258 258 * remove has a space afterwards because it has qualifiers; the other commands
259 259 * that have qualifiers (add, select, etc.) don't need a space here because
260 260 * they have their own _cmds[] lists below.
261 261 */
262 262 static const char *global_scope_cmds[] = {
263 263 "add",
264 264 "clear",
265 265 "commit",
266 266 "create",
267 267 "delete",
268 268 "exit",
269 269 "export",
270 270 "help",
271 271 "info",
272 272 "remove ",
273 273 "revert",
274 274 "select",
275 275 "set",
276 276 "verify",
277 277 NULL
278 278 };
279 279
280 280 static const char *add_cmds[] = {
281 281 "add fs",
282 282 "add net",
283 283 "add device",
284 284 "add rctl",
285 285 "add attr",
286 286 "add dataset",
287 287 "add dedicated-cpu",
288 288 "add capped-cpu",
289 289 "add capped-memory",
290 290 "add admin",
291 291 "add security-flags",
292 292 NULL
293 293 };
294 294
295 295 static const char *clear_cmds[] = {
296 296 "clear autoboot",
297 297 "clear pool",
298 298 "clear limitpriv",
299 299 "clear bootargs",
300 300 "clear scheduling-class",
301 301 "clear ip-type",
302 302 "clear " ALIAS_MAXLWPS,
303 303 "clear " ALIAS_MAXSHMMEM,
304 304 "clear " ALIAS_MAXSHMIDS,
305 305 "clear " ALIAS_MAXMSGIDS,
306 306 "clear " ALIAS_MAXSEMIDS,
307 307 "clear " ALIAS_SHARES,
308 308 "clear " ALIAS_MAXPROCS,
309 309 NULL
310 310 };
311 311
312 312 static const char *remove_cmds[] = {
313 313 "remove fs ",
314 314 "remove net ",
315 315 "remove device ",
316 316 "remove rctl ",
317 317 "remove attr ",
318 318 "remove dataset ",
319 319 "remove dedicated-cpu ",
320 320 "remove capped-cpu ",
321 321 "remove capped-memory ",
322 322 "remove admin ",
323 323 "remove security-flags",
324 324 NULL
325 325 };
326 326
327 327 static const char *select_cmds[] = {
328 328 "select fs ",
329 329 "select net ",
330 330 "select device ",
331 331 "select rctl ",
332 332 "select attr ",
333 333 "select dataset ",
334 334 "select dedicated-cpu",
335 335 "select capped-cpu",
336 336 "select capped-memory",
337 337 "select admin",
338 338 "select security-flags",
339 339 NULL
340 340 };
341 341
342 342 static const char *set_cmds[] = {
343 343 "set zonename=",
344 344 "set zonepath=",
345 345 "set brand=",
346 346 "set autoboot=",
347 347 "set pool=",
348 348 "set limitpriv=",
349 349 "set bootargs=",
350 350 "set scheduling-class=",
351 351 "set ip-type=",
352 352 "set " ALIAS_MAXLWPS "=",
353 353 "set " ALIAS_MAXSHMMEM "=",
354 354 "set " ALIAS_MAXSHMIDS "=",
355 355 "set " ALIAS_MAXMSGIDS "=",
356 356 "set " ALIAS_MAXSEMIDS "=",
357 357 "set " ALIAS_SHARES "=",
358 358 "set hostid=",
359 359 "set fs-allowed=",
360 360 "set " ALIAS_MAXPROCS "=",
361 361 NULL
362 362 };
363 363
364 364 static const char *info_cmds[] = {
365 365 "info fs ",
366 366 "info net ",
367 367 "info device ",
368 368 "info rctl ",
369 369 "info attr ",
370 370 "info dataset ",
371 371 "info capped-memory",
372 372 "info dedicated-cpu",
373 373 "info capped-cpu",
374 374 "info security-flags",
375 375 "info zonename",
376 376 "info zonepath",
377 377 "info autoboot",
378 378 "info pool",
379 379 "info limitpriv",
380 380 "info bootargs",
381 381 "info brand",
382 382 "info scheduling-class",
383 383 "info ip-type",
384 384 "info max-lwps",
385 385 "info max-shm-memory",
386 386 "info max-shm-ids",
387 387 "info max-msg-ids",
388 388 "info max-sem-ids",
389 389 "info cpu-shares",
390 390 "info hostid",
391 391 "info admin",
392 392 "info fs-allowed",
393 393 "info max-processes",
394 394 NULL
395 395 };
396 396
397 397 static const char *fs_res_scope_cmds[] = {
398 398 "add options ",
399 399 "cancel",
400 400 "end",
401 401 "exit",
402 402 "help",
403 403 "info",
404 404 "remove options ",
405 405 "set dir=",
406 406 "set raw=",
407 407 "set special=",
408 408 "set type=",
409 409 "clear raw",
410 410 NULL
411 411 };
412 412
413 413 static const char *net_res_scope_cmds[] = {
414 414 "cancel",
415 415 "end",
416 416 "exit",
417 417 "help",
418 418 "info",
419 419 "set address=",
420 420 "set allowed-address=",
421 421 "set physical=",
422 422 "set defrouter=",
423 423 NULL
424 424 };
425 425
426 426 static const char *device_res_scope_cmds[] = {
427 427 "cancel",
428 428 "end",
429 429 "exit",
430 430 "help",
431 431 "info",
432 432 "set match=",
433 433 NULL
434 434 };
435 435
436 436 static const char *attr_res_scope_cmds[] = {
437 437 "cancel",
438 438 "end",
439 439 "exit",
440 440 "help",
441 441 "info",
442 442 "set name=",
443 443 "set type=",
444 444 "set value=",
445 445 NULL
446 446 };
447 447
448 448 static const char *rctl_res_scope_cmds[] = {
449 449 "add value ",
450 450 "cancel",
451 451 "end",
452 452 "exit",
453 453 "help",
454 454 "info",
455 455 "remove value ",
456 456 "set name=",
457 457 NULL
458 458 };
459 459
460 460 static const char *dataset_res_scope_cmds[] = {
461 461 "cancel",
462 462 "end",
463 463 "exit",
464 464 "help",
465 465 "info",
466 466 "set name=",
467 467 NULL
468 468 };
469 469
470 470 static const char *pset_res_scope_cmds[] = {
471 471 "cancel",
472 472 "end",
473 473 "exit",
474 474 "help",
475 475 "info",
476 476 "set ncpus=",
477 477 "set importance=",
478 478 "clear importance",
479 479 NULL
480 480 };
481 481
482 482 static const char *pcap_res_scope_cmds[] = {
483 483 "cancel",
484 484 "end",
485 485 "exit",
486 486 "help",
487 487 "info",
488 488 "set ncpus=",
489 489 NULL
490 490 };
491 491
492 492 static const char *mcap_res_scope_cmds[] = {
493 493 "cancel",
494 494 "end",
495 495 "exit",
496 496 "help",
497 497 "info",
498 498 "set physical=",
499 499 "set swap=",
500 500 "set locked=",
501 501 "clear physical",
502 502 "clear swap",
503 503 "clear locked",
504 504 NULL
505 505 };
506 506
507 507 static const char *admin_res_scope_cmds[] = {
508 508 "cancel",
509 509 "end",
510 510 "exit",
511 511 "help",
512 512 "info",
513 513 "set user=",
514 514 "set auths=",
515 515 NULL
516 516 };
517 517
518 518 static const char *secflags_res_scope_cmds[] = {
519 519 "cancel",
520 520 "end",
521 521 "exit",
522 522 "set default=",
523 523 "set lower=",
524 524 "set upper=",
525 525 NULL
526 526 };
527 527
528 528 struct xif {
529 529 struct xif *xif_next;
530 530 char xif_name[LIFNAMSIZ];
531 531 boolean_t xif_has_address;
532 532 boolean_t xif_has_defrouter;
533 533 };
534 534
535 535 /* Global variables */
536 536
537 537 /* list of network interfaces specified for exclusive IP zone */
538 538 struct xif *xif;
539 539
540 540 /* set early in main(), never modified thereafter, used all over the place */
541 541 static char *execname;
542 542
543 543 /* set in main(), used all over the place */
544 544 static zone_dochandle_t handle;
545 545
546 546 /* used all over the place */
547 547 static char zone[ZONENAME_MAX];
548 548 static char revert_zone[ZONENAME_MAX];
549 549
550 550 /* global brand operations */
551 551 static brand_handle_t brand;
552 552
553 553 /* set in modifying functions, checked in read_input() */
554 554 static boolean_t need_to_commit = B_FALSE;
555 555 boolean_t saw_error;
556 556
557 557 /* set in yacc parser, checked in read_input() */
558 558 boolean_t newline_terminated;
559 559
560 560 /* set in main(), checked in lex error handler */
561 561 boolean_t cmd_file_mode;
562 562
563 563 /* set in exit_func(), checked in read_input() */
564 564 static boolean_t time_to_exit = B_FALSE, force_exit = B_FALSE;
565 565
566 566 /* used in short_usage() and zerr() */
567 567 static char *cmd_file_name = NULL;
568 568
569 569 /* checked in read_input() and other places */
570 570 static boolean_t ok_to_prompt = B_FALSE;
571 571
572 572 /* set and checked in initialize() */
573 573 static boolean_t got_handle = B_FALSE;
574 574
575 575 /* initialized in do_interactive(), checked in initialize() */
576 576 static boolean_t interactive_mode;
577 577
578 578 /* set if configuring the global zone */
579 579 static boolean_t global_zone = B_FALSE;
580 580
581 581 /* set in main(), checked in multiple places */
582 582 static boolean_t read_only_mode;
583 583
584 584 /* scope is outer/global or inner/resource */
585 585 static boolean_t global_scope = B_TRUE;
586 586 static int resource_scope; /* should be in the RT_ list from zonecfg.h */
587 587 static int end_op = -1; /* operation on end is either add or modify */
588 588
589 589 int num_prop_vals; /* for grammar */
590 590
591 591 /*
592 592 * These are for keeping track of resources as they are specified as part of
593 593 * the multi-step process. They should be initialized by add_resource() or
594 594 * select_func() and filled in by add_property() or set_func().
595 595 */
596 596 static struct zone_fstab old_fstab, in_progress_fstab;
597 597 static struct zone_nwiftab old_nwiftab, in_progress_nwiftab;
598 598 static struct zone_devtab old_devtab, in_progress_devtab;
599 599 static struct zone_rctltab old_rctltab, in_progress_rctltab;
600 600 static struct zone_attrtab old_attrtab, in_progress_attrtab;
601 601 static struct zone_dstab old_dstab, in_progress_dstab;
602 602 static struct zone_psettab old_psettab, in_progress_psettab;
603 603 static struct zone_mcaptab old_mcaptab, in_progress_mcaptab;
604 604 static struct zone_admintab old_admintab, in_progress_admintab;
605 605 static struct zone_secflagstab old_secflagstab, in_progress_secflagstab;
606 606
607 607 static GetLine *gl; /* The gl_get_line() resource object */
608 608
609 609 static void bytes_to_units(char *str, char *buf, int bufsize);
610 610
611 611 /* Functions begin here */
612 612
613 613 static boolean_t
614 614 initial_match(const char *line1, const char *line2, int word_end)
615 615 {
616 616 if (word_end <= 0)
617 617 return (B_TRUE);
618 618 return (strncmp(line1, line2, word_end) == 0);
619 619 }
620 620
621 621 static int
622 622 add_stuff(WordCompletion *cpl, const char *line1, const char **list,
623 623 int word_end)
624 624 {
625 625 int i, err;
626 626
627 627 for (i = 0; list[i] != NULL; i++) {
628 628 if (initial_match(line1, list[i], word_end)) {
629 629 err = cpl_add_completion(cpl, line1, 0, word_end,
630 630 list[i] + word_end, "", "");
631 631 if (err != 0)
632 632 return (err);
633 633 }
634 634 }
635 635 return (0);
636 636 }
637 637
638 638 static
639 639 /* ARGSUSED */
640 640 CPL_MATCH_FN(cmd_cpl_fn)
641 641 {
642 642 if (global_scope) {
643 643 /*
644 644 * The MAX/MIN tests below are to make sure we have at least
645 645 * enough characters to distinguish from other prefixes (MAX)
646 646 * but only check MIN(what we have, what we're checking).
647 647 */
648 648 if (strncmp(line, "add ", MAX(MIN(word_end, 4), 1)) == 0)
649 649 return (add_stuff(cpl, line, add_cmds, word_end));
650 650 if (strncmp(line, "clear ", MAX(MIN(word_end, 6), 2)) == 0)
651 651 return (add_stuff(cpl, line, clear_cmds, word_end));
652 652 if (strncmp(line, "select ", MAX(MIN(word_end, 7), 3)) == 0)
653 653 return (add_stuff(cpl, line, select_cmds, word_end));
654 654 if (strncmp(line, "set ", MAX(MIN(word_end, 4), 3)) == 0)
655 655 return (add_stuff(cpl, line, set_cmds, word_end));
656 656 if (strncmp(line, "remove ", MAX(MIN(word_end, 7), 1)) == 0)
657 657 return (add_stuff(cpl, line, remove_cmds, word_end));
658 658 if (strncmp(line, "info ", MAX(MIN(word_end, 5), 1)) == 0)
659 659 return (add_stuff(cpl, line, info_cmds, word_end));
660 660 return (add_stuff(cpl, line, global_scope_cmds, word_end));
661 661 }
662 662 switch (resource_scope) {
663 663 case RT_FS:
664 664 return (add_stuff(cpl, line, fs_res_scope_cmds, word_end));
665 665 case RT_NET:
666 666 return (add_stuff(cpl, line, net_res_scope_cmds, word_end));
667 667 case RT_DEVICE:
668 668 return (add_stuff(cpl, line, device_res_scope_cmds, word_end));
669 669 case RT_RCTL:
670 670 return (add_stuff(cpl, line, rctl_res_scope_cmds, word_end));
671 671 case RT_ATTR:
672 672 return (add_stuff(cpl, line, attr_res_scope_cmds, word_end));
673 673 case RT_DATASET:
674 674 return (add_stuff(cpl, line, dataset_res_scope_cmds, word_end));
675 675 case RT_DCPU:
676 676 return (add_stuff(cpl, line, pset_res_scope_cmds, word_end));
677 677 case RT_PCAP:
678 678 return (add_stuff(cpl, line, pcap_res_scope_cmds, word_end));
679 679 case RT_MCAP:
680 680 return (add_stuff(cpl, line, mcap_res_scope_cmds, word_end));
681 681 case RT_ADMIN:
682 682 return (add_stuff(cpl, line, admin_res_scope_cmds, word_end));
683 683 case RT_SECFLAGS:
684 684 return (add_stuff(cpl, line, secflags_res_scope_cmds,
685 685 word_end));
686 686
687 687 }
688 688 return (0);
689 689 }
690 690
691 691 /*
692 692 * For the main CMD_func() functions below, several of them call getopt()
693 693 * then check optind against argc to make sure an extra parameter was not
694 694 * passed in. The reason this is not caught in the grammar is that the
695 695 * grammar just checks for a miscellaneous TOKEN, which is *expected* to
696 696 * be "-F" (for example), but could be anything. So (for example) this
697 697 * check will prevent "create bogus".
698 698 */
699 699
700 700 cmd_t *
701 701 alloc_cmd(void)
702 702 {
703 703 return (calloc(1, sizeof (cmd_t)));
704 704 }
705 705
706 706 void
707 707 free_cmd(cmd_t *cmd)
708 708 {
709 709 int i;
710 710
711 711 for (i = 0; i < MAX_EQ_PROP_PAIRS; i++)
712 712 if (cmd->cmd_property_ptr[i] != NULL) {
713 713 property_value_ptr_t pp = cmd->cmd_property_ptr[i];
714 714
715 715 switch (pp->pv_type) {
716 716 case PROP_VAL_SIMPLE:
717 717 free(pp->pv_simple);
718 718 break;
719 719 case PROP_VAL_COMPLEX:
720 720 free_complex(pp->pv_complex);
721 721 break;
722 722 case PROP_VAL_LIST:
723 723 free_list(pp->pv_list);
724 724 break;
725 725 }
726 726 }
727 727 for (i = 0; i < cmd->cmd_argc; i++)
728 728 free(cmd->cmd_argv[i]);
729 729 free(cmd);
730 730 }
731 731
732 732 complex_property_ptr_t
733 733 alloc_complex(void)
734 734 {
735 735 return (calloc(1, sizeof (complex_property_t)));
736 736 }
737 737
738 738 void
739 739 free_complex(complex_property_ptr_t complex)
740 740 {
741 741 if (complex == NULL)
742 742 return;
743 743 free_complex(complex->cp_next);
744 744 if (complex->cp_value != NULL)
745 745 free(complex->cp_value);
746 746 free(complex);
747 747 }
748 748
749 749 list_property_ptr_t
750 750 alloc_list(void)
751 751 {
752 752 return (calloc(1, sizeof (list_property_t)));
753 753 }
754 754
755 755 void
756 756 free_list(list_property_ptr_t list)
757 757 {
758 758 if (list == NULL)
759 759 return;
760 760 if (list->lp_simple != NULL)
761 761 free(list->lp_simple);
762 762 free_complex(list->lp_complex);
763 763 free_list(list->lp_next);
764 764 free(list);
765 765 }
766 766
767 767 void
768 768 free_outer_list(list_property_ptr_t list)
769 769 {
770 770 if (list == NULL)
771 771 return;
772 772 free_outer_list(list->lp_next);
773 773 free(list);
774 774 }
775 775
776 776 static struct zone_rctlvaltab *
777 777 alloc_rctlvaltab(void)
778 778 {
779 779 return (calloc(1, sizeof (struct zone_rctlvaltab)));
780 780 }
781 781
782 782 static char *
783 783 rt_to_str(int res_type)
784 784 {
785 785 assert(res_type >= RT_MIN && res_type <= RT_MAX);
786 786 return (res_types[res_type]);
787 787 }
788 788
789 789 static char *
790 790 pt_to_str(int prop_type)
791 791 {
792 792 assert(prop_type >= PT_MIN && prop_type <= PT_MAX);
793 793 return (prop_types[prop_type]);
794 794 }
795 795
796 796 static char *
797 797 pvt_to_str(int pv_type)
798 798 {
799 799 assert(pv_type >= PROP_VAL_MIN && pv_type <= PROP_VAL_MAX);
800 800 return (prop_val_types[pv_type]);
801 801 }
802 802
803 803 static char *
804 804 cmd_to_str(int cmd_num)
805 805 {
806 806 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
807 807 return (helptab[cmd_num].cmd_name);
808 808 }
809 809
810 810 /* PRINTFLIKE1 */
811 811 static void
812 812 zerr(const char *fmt, ...)
813 813 {
814 814 va_list alist;
815 815 static int last_lineno;
816 816
817 817 /* lex_lineno has already been incremented in the lexer; compensate */
818 818 if (cmd_file_mode && lex_lineno > last_lineno) {
819 819 if (strcmp(cmd_file_name, "-") == 0)
820 820 (void) fprintf(stderr, gettext("On line %d:\n"),
821 821 lex_lineno - 1);
822 822 else
823 823 (void) fprintf(stderr, gettext("On line %d of %s:\n"),
824 824 lex_lineno - 1, cmd_file_name);
825 825 last_lineno = lex_lineno;
826 826 }
827 827 va_start(alist, fmt);
828 828 (void) vfprintf(stderr, fmt, alist);
829 829 (void) fprintf(stderr, "\n");
830 830 va_end(alist);
831 831 }
832 832
833 833 /*
834 834 * This is a separate function rather than a set of define's because of the
835 835 * gettext() wrapping.
836 836 */
837 837
838 838 /*
839 839 * TRANSLATION_NOTE
840 840 * Each string below should have \t follow \n whenever needed; the
841 841 * initial \t and the terminal \n will be provided by the calling function.
842 842 */
843 843
844 844 static char *
845 845 long_help(int cmd_num)
846 846 {
847 847 static char line[1024]; /* arbitrary large amount */
848 848
849 849 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
850 850 switch (cmd_num) {
851 851 case CMD_HELP:
852 852 return (gettext("Prints help message."));
853 853 case CMD_CREATE:
854 854 (void) snprintf(line, sizeof (line),
855 855 gettext("Creates a configuration for the "
856 856 "specified zone. %s should be\n\tused to "
857 857 "begin configuring a new zone. If overwriting an "
858 858 "existing\n\tconfiguration, the -F flag can be "
859 859 "used to force the action. If\n\t-t template is "
860 860 "given, creates a configuration identical to the\n"
861 861 "\tspecified template, except that the zone name "
862 862 "is changed from\n\ttemplate to zonename. '%s -a' "
863 863 "creates a configuration from a\n\tdetached "
864 864 "zonepath. '%s -b' results in a blank "
865 865 "configuration.\n\t'%s' with no arguments applies "
866 866 "the Sun default settings."),
867 867 cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE),
868 868 cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE));
869 869 return (line);
870 870 case CMD_EXIT:
871 871 return (gettext("Exits the program. The -F flag can "
872 872 "be used to force the action."));
873 873 case CMD_EXPORT:
874 874 return (gettext("Prints configuration to standard "
875 875 "output, or to output-file if\n\tspecified, in "
876 876 "a form suitable for use in a command-file."));
877 877 case CMD_ADD:
878 878 return (gettext("Add specified resource to "
879 879 "configuration."));
880 880 case CMD_DELETE:
881 881 return (gettext("Deletes the specified zone. The -F "
882 882 "flag can be used to force the\n\taction."));
883 883 case CMD_REMOVE:
884 884 return (gettext("Remove specified resource from "
885 885 "configuration. The -F flag can be used\n\tto "
886 886 "force the action."));
887 887 case CMD_SELECT:
888 888 (void) snprintf(line, sizeof (line),
889 889 gettext("Selects a resource to modify. "
890 890 "Resource modification is completed\n\twith the "
891 891 "command \"%s\". The property name/value pairs "
892 892 "must uniquely\n\tidentify a resource. Note that "
893 893 "the curly braces ('{', '}') mean one\n\tor more "
894 894 "of whatever is between them."),
895 895 cmd_to_str(CMD_END));
896 896 return (line);
897 897 case CMD_SET:
898 898 return (gettext("Sets property values."));
899 899 case CMD_CLEAR:
900 900 return (gettext("Clears property values."));
901 901 case CMD_INFO:
902 902 return (gettext("Displays information about the "
903 903 "current configuration. If resource\n\ttype is "
904 904 "specified, displays only information about "
905 905 "resources of\n\tthe relevant type. If resource "
906 906 "id is specified, displays only\n\tinformation "
907 907 "about that resource."));
908 908 case CMD_VERIFY:
909 909 return (gettext("Verifies current configuration "
910 910 "for correctness (some resource types\n\thave "
911 911 "required properties)."));
912 912 case CMD_COMMIT:
913 913 (void) snprintf(line, sizeof (line),
914 914 gettext("Commits current configuration. "
915 915 "Configuration must be committed to\n\tbe used by "
916 916 "%s. Until the configuration is committed, "
917 917 "changes \n\tcan be removed with the %s "
918 918 "command. This operation is\n\tattempted "
919 919 "automatically upon completion of a %s "
920 920 "session."), "zoneadm", cmd_to_str(CMD_REVERT),
921 921 "zonecfg");
922 922 return (line);
923 923 case CMD_REVERT:
924 924 return (gettext("Reverts configuration back to the "
925 925 "last committed state. The -F flag\n\tcan be "
926 926 "used to force the action."));
927 927 case CMD_CANCEL:
928 928 return (gettext("Cancels resource/property "
929 929 "specification."));
930 930 case CMD_END:
931 931 return (gettext("Ends resource/property "
932 932 "specification."));
933 933 }
934 934 /* NOTREACHED */
935 935 return (NULL);
936 936 }
937 937
938 938 /*
939 939 * Return the input filename appended to each component of the path
940 940 * or the filename itself if it is absolute.
941 941 * Parameters: path string, file name, output string.
942 942 */
943 943 /* Copied almost verbatim from libtnfctl/prb_findexec.c */
944 944 static const char *
945 945 exec_cat(const char *s1, const char *s2, char *si)
946 946 {
947 947 char *s;
948 948 /* Number of remaining characters in s */
949 949 int cnt = PATH_MAX + 1;
950 950
951 951 s = si;
952 952 while (*s1 && *s1 != ':') { /* Copy first component of path to si */
953 953 if (cnt > 0) {
954 954 *s++ = *s1++;
955 955 cnt--;
956 956 } else {
957 957 s1++;
958 958 }
959 959 }
960 960 if (si != s && cnt > 0) { /* Add slash if s2 is not absolute */
961 961 *s++ = '/';
962 962 cnt--;
963 963 }
964 964 while (*s2 && cnt > 0) { /* Copy s2 to si */
965 965 *s++ = *s2++;
966 966 cnt--;
967 967 }
968 968 *s = '\0'; /* Terminate the output string */
969 969 return (*s1 ? ++s1 : NULL); /* Return next path component or NULL */
970 970 }
971 971
972 972 /* Determine that a name exists in PATH */
973 973 /* Copied with changes from libtnfctl/prb_findexec.c */
974 974 static int
975 975 path_find(const char *name)
976 976 {
977 977 const char *pathstr;
978 978 char fname[PATH_MAX + 2];
979 979 const char *cp;
980 980 struct stat stat_buf;
981 981
982 982 if ((pathstr = getenv("PATH")) == NULL) {
983 983 if (geteuid() == 0 || getuid() == 0)
984 984 pathstr = "/usr/sbin:/usr/bin";
985 985 else
986 986 pathstr = "/usr/bin:";
987 987 }
988 988 cp = strchr(name, '/') ? (const char *) "" : pathstr;
989 989
990 990 do {
991 991 cp = exec_cat(cp, name, fname);
992 992 if (stat(fname, &stat_buf) != -1) {
993 993 /* successful find of the file */
994 994 return (0);
995 995 }
996 996 } while (cp != NULL);
997 997
998 998 return (-1);
999 999 }
1000 1000
1001 1001 static FILE *
1002 1002 pager_open(void)
1003 1003 {
1004 1004 FILE *newfp;
1005 1005 char *pager, *space;
1006 1006
1007 1007 pager = getenv("PAGER");
1008 1008 if (pager == NULL || *pager == '\0')
1009 1009 pager = PAGER;
1010 1010
1011 1011 space = strchr(pager, ' ');
1012 1012 if (space)
1013 1013 *space = '\0';
1014 1014 if (path_find(pager) == 0) {
1015 1015 if (space)
1016 1016 *space = ' ';
1017 1017 if ((newfp = popen(pager, "w")) == NULL)
1018 1018 zerr(gettext("PAGER open failed (%s)."),
1019 1019 strerror(errno));
1020 1020 return (newfp);
1021 1021 } else {
1022 1022 zerr(gettext("PAGER %s does not exist (%s)."),
1023 1023 pager, strerror(errno));
1024 1024 }
1025 1025 return (NULL);
1026 1026 }
1027 1027
1028 1028 static void
1029 1029 pager_close(FILE *fp)
1030 1030 {
1031 1031 int status;
1032 1032
1033 1033 status = pclose(fp);
1034 1034 if (status == -1)
1035 1035 zerr(gettext("PAGER close failed (%s)."),
1036 1036 strerror(errno));
1037 1037 }
1038 1038
1039 1039 /*
1040 1040 * Called with verbose TRUE when help is explicitly requested, FALSE for
1041 1041 * unexpected errors.
1042 1042 */
1043 1043
1044 1044 void
1045 1045 usage(boolean_t verbose, uint_t flags)
1046 1046 {
1047 1047 FILE *fp = verbose ? stdout : stderr;
1048 1048 FILE *newfp;
1049 1049 boolean_t need_to_close = B_FALSE;
1050 1050 int i;
1051 1051
1052 1052 /* don't page error output */
1053 1053 if (verbose && interactive_mode) {
1054 1054 if ((newfp = pager_open()) != NULL) {
1055 1055 need_to_close = B_TRUE;
1056 1056 fp = newfp;
1057 1057 }
1058 1058 }
1059 1059
1060 1060 if (flags & HELP_META) {
1061 1061 (void) fprintf(fp, gettext("More help is available for the "
1062 1062 "following:\n"));
1063 1063 (void) fprintf(fp, "\n\tcommands ('%s commands')\n",
1064 1064 cmd_to_str(CMD_HELP));
1065 1065 (void) fprintf(fp, "\tsyntax ('%s syntax')\n",
1066 1066 cmd_to_str(CMD_HELP));
1067 1067 (void) fprintf(fp, "\tusage ('%s usage')\n\n",
1068 1068 cmd_to_str(CMD_HELP));
1069 1069 (void) fprintf(fp, gettext("You may also obtain help on any "
1070 1070 "command by typing '%s <command-name>.'\n"),
1071 1071 cmd_to_str(CMD_HELP));
1072 1072 }
1073 1073 if (flags & HELP_RES_SCOPE) {
1074 1074 switch (resource_scope) {
1075 1075 case RT_FS:
1076 1076 (void) fprintf(fp, gettext("The '%s' resource scope is "
1077 1077 "used to configure a file-system.\n"),
1078 1078 rt_to_str(resource_scope));
1079 1079 (void) fprintf(fp, gettext("Valid commands:\n"));
1080 1080 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1081 1081 pt_to_str(PT_DIR), gettext("<path>"));
1082 1082 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1083 1083 pt_to_str(PT_SPECIAL), gettext("<path>"));
1084 1084 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1085 1085 pt_to_str(PT_RAW), gettext("<raw-device>"));
1086 1086 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1087 1087 pt_to_str(PT_TYPE), gettext("<file-system type>"));
1088 1088 (void) fprintf(fp, "\t%s %s %s\n", cmd_to_str(CMD_ADD),
1089 1089 pt_to_str(PT_OPTIONS),
1090 1090 gettext("<file-system options>"));
1091 1091 (void) fprintf(fp, "\t%s %s %s\n",
1092 1092 cmd_to_str(CMD_REMOVE), pt_to_str(PT_OPTIONS),
1093 1093 gettext("<file-system options>"));
1094 1094 (void) fprintf(fp, gettext("Consult the file-system "
1095 1095 "specific manual page, such as mount_ufs(1M), "
1096 1096 "for\ndetails about file-system options. Note "
1097 1097 "that any file-system options with an\nembedded "
1098 1098 "'=' character must be enclosed in double quotes, "
1099 1099 /*CSTYLED*/
1100 1100 "such as \"%s=5\".\n"), MNTOPT_RETRY);
1101 1101 break;
1102 1102 case RT_NET:
1103 1103 (void) fprintf(fp, gettext("The '%s' resource scope is "
1104 1104 "used to configure a network interface.\n"),
1105 1105 rt_to_str(resource_scope));
1106 1106 (void) fprintf(fp, gettext("Valid commands:\n"));
1107 1107 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1108 1108 pt_to_str(PT_ADDRESS), gettext("<IP-address>"));
1109 1109 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1110 1110 pt_to_str(PT_ALLOWED_ADDRESS),
1111 1111 gettext("<IP-address>"));
1112 1112 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1113 1113 pt_to_str(PT_PHYSICAL), gettext("<interface>"));
1114 1114 (void) fprintf(fp, gettext("See ifconfig(1M) for "
1115 1115 "details of the <interface> string.\n"));
1116 1116 (void) fprintf(fp, gettext("%s %s is valid "
1117 1117 "if the %s property is set to %s, otherwise it "
1118 1118 "must not be set.\n"),
1119 1119 cmd_to_str(CMD_SET), pt_to_str(PT_ADDRESS),
1120 1120 pt_to_str(PT_IPTYPE), gettext("shared"));
1121 1121 (void) fprintf(fp, gettext("%s %s is valid "
1122 1122 "if the %s property is set to %s, otherwise it "
1123 1123 "must not be set.\n"),
1124 1124 cmd_to_str(CMD_SET), pt_to_str(PT_ALLOWED_ADDRESS),
1125 1125 pt_to_str(PT_IPTYPE), gettext("exclusive"));
1126 1126 (void) fprintf(fp, gettext("\t%s %s=%s\n%s %s "
1127 1127 "is valid if the %s or %s property is set, "
1128 1128 "otherwise it must not be set\n"),
1129 1129 cmd_to_str(CMD_SET),
1130 1130 pt_to_str(PT_DEFROUTER), gettext("<IP-address>"),
1131 1131 cmd_to_str(CMD_SET), pt_to_str(PT_DEFROUTER),
1132 1132 gettext(pt_to_str(PT_ADDRESS)),
1133 1133 gettext(pt_to_str(PT_ALLOWED_ADDRESS)));
1134 1134 break;
1135 1135 case RT_DEVICE:
1136 1136 (void) fprintf(fp, gettext("The '%s' resource scope is "
1137 1137 "used to configure a device node.\n"),
1138 1138 rt_to_str(resource_scope));
1139 1139 (void) fprintf(fp, gettext("Valid commands:\n"));
1140 1140 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1141 1141 pt_to_str(PT_MATCH), gettext("<device-path>"));
1142 1142 break;
1143 1143 case RT_RCTL:
1144 1144 (void) fprintf(fp, gettext("The '%s' resource scope is "
1145 1145 "used to configure a resource control.\n"),
1146 1146 rt_to_str(resource_scope));
1147 1147 (void) fprintf(fp, gettext("Valid commands:\n"));
1148 1148 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1149 1149 pt_to_str(PT_NAME), gettext("<string>"));
1150 1150 (void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1151 1151 cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1152 1152 pt_to_str(PT_PRIV), gettext("<priv-value>"),
1153 1153 pt_to_str(PT_LIMIT), gettext("<number>"),
1154 1154 pt_to_str(PT_ACTION), gettext("<action-value>"));
1155 1155 (void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1156 1156 cmd_to_str(CMD_REMOVE), pt_to_str(PT_VALUE),
1157 1157 pt_to_str(PT_PRIV), gettext("<priv-value>"),
1158 1158 pt_to_str(PT_LIMIT), gettext("<number>"),
1159 1159 pt_to_str(PT_ACTION), gettext("<action-value>"));
1160 1160 (void) fprintf(fp, "%s\n\t%s := privileged\n"
1161 1161 "\t%s := none | deny\n", gettext("Where"),
1162 1162 gettext("<priv-value>"), gettext("<action-value>"));
1163 1163 break;
1164 1164 case RT_ATTR:
1165 1165 (void) fprintf(fp, gettext("The '%s' resource scope is "
1166 1166 "used to configure a generic attribute.\n"),
1167 1167 rt_to_str(resource_scope));
1168 1168 (void) fprintf(fp, gettext("Valid commands:\n"));
1169 1169 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1170 1170 pt_to_str(PT_NAME), gettext("<name>"));
1171 1171 (void) fprintf(fp, "\t%s %s=boolean\n",
1172 1172 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1173 1173 (void) fprintf(fp, "\t%s %s=true | false\n",
1174 1174 cmd_to_str(CMD_SET), pt_to_str(PT_VALUE));
1175 1175 (void) fprintf(fp, gettext("or\n"));
1176 1176 (void) fprintf(fp, "\t%s %s=int\n", cmd_to_str(CMD_SET),
1177 1177 pt_to_str(PT_TYPE));
1178 1178 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1179 1179 pt_to_str(PT_VALUE), gettext("<integer>"));
1180 1180 (void) fprintf(fp, gettext("or\n"));
1181 1181 (void) fprintf(fp, "\t%s %s=string\n",
1182 1182 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1183 1183 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1184 1184 pt_to_str(PT_VALUE), gettext("<string>"));
1185 1185 (void) fprintf(fp, gettext("or\n"));
1186 1186 (void) fprintf(fp, "\t%s %s=uint\n",
1187 1187 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1188 1188 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1189 1189 pt_to_str(PT_VALUE), gettext("<unsigned integer>"));
1190 1190 break;
1191 1191 case RT_DATASET:
1192 1192 (void) fprintf(fp, gettext("The '%s' resource scope is "
1193 1193 "used to export ZFS datasets.\n"),
1194 1194 rt_to_str(resource_scope));
1195 1195 (void) fprintf(fp, gettext("Valid commands:\n"));
1196 1196 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1197 1197 pt_to_str(PT_NAME), gettext("<name>"));
1198 1198 break;
1199 1199 case RT_DCPU:
1200 1200 (void) fprintf(fp, gettext("The '%s' resource scope "
1201 1201 "configures the 'pools' facility to dedicate\na "
1202 1202 "subset of the system's processors to this zone "
1203 1203 "while it is running.\n"),
1204 1204 rt_to_str(resource_scope));
1205 1205 (void) fprintf(fp, gettext("Valid commands:\n"));
1206 1206 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1207 1207 pt_to_str(PT_NCPUS),
1208 1208 gettext("<unsigned integer | range>"));
1209 1209 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1210 1210 pt_to_str(PT_IMPORTANCE),
1211 1211 gettext("<unsigned integer>"));
1212 1212 break;
1213 1213 case RT_PCAP:
1214 1214 (void) fprintf(fp, gettext("The '%s' resource scope is "
1215 1215 "used to set an upper limit (a cap) on the\n"
1216 1216 "percentage of CPU that can be used by this zone. "
1217 1217 "A '%s' value of 1\ncorresponds to one cpu. The "
1218 1218 "value can be set higher than 1, up to the total\n"
1219 1219 "number of CPUs on the system. The value can "
1220 1220 "also be less than 1,\nrepresenting a fraction of "
1221 1221 "a cpu.\n"),
1222 1222 rt_to_str(resource_scope), pt_to_str(PT_NCPUS));
1223 1223 (void) fprintf(fp, gettext("Valid commands:\n"));
1224 1224 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1225 1225 pt_to_str(PT_NCPUS), gettext("<unsigned decimal>"));
1226 1226 break;
1227 1227 case RT_MCAP:
1228 1228 (void) fprintf(fp, gettext("The '%s' resource scope is "
1229 1229 "used to set an upper limit (a cap) on the\n"
1230 1230 "amount of physical memory, swap space and locked "
1231 1231 "memory that can be used by\nthis zone.\n"),
1232 1232 rt_to_str(resource_scope));
1233 1233 (void) fprintf(fp, gettext("Valid commands:\n"));
1234 1234 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1235 1235 pt_to_str(PT_PHYSICAL),
1236 1236 gettext("<qualified unsigned decimal>"));
1237 1237 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1238 1238 pt_to_str(PT_SWAP),
1239 1239 gettext("<qualified unsigned decimal>"));
1240 1240 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1241 1241 pt_to_str(PT_LOCKED),
1242 1242 gettext("<qualified unsigned decimal>"));
1243 1243 break;
1244 1244 case RT_ADMIN:
1245 1245 (void) fprintf(fp, gettext("The '%s' resource scope is "
1246 1246 "used to delegate specific zone management\n"
1247 1247 "rights to users and roles. These rights are "
1248 1248 "only applicable to this zone.\n"),
1249 1249 rt_to_str(resource_scope));
1250 1250 (void) fprintf(fp, gettext("Valid commands:\n"));
1251 1251 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1252 1252 pt_to_str(PT_USER),
1253 1253 gettext("<single user or role name>"));
1254 1254 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1255 1255 pt_to_str(PT_AUTHS),
1256 1256 gettext("<comma separated list>"));
1257 1257 break;
1258 1258 case RT_SECFLAGS:
1259 1259 (void) fprintf(fp, gettext("The '%s' resource scope is "
1260 1260 "used to specify the default security-flags\n"
1261 1261 "of this zone, and their upper and lower bound.\n"),
1262 1262 rt_to_str(resource_scope));
1263 1263 (void) fprintf(fp, "\t%s %s=%s\n",
1264 1264 cmd_to_str(CMD_SET), pt_to_str(PT_DEFAULT),
1265 1265 gettext("<security flags>"));
1266 1266 (void) fprintf(fp, "\t%s %s=%s\n",
1267 1267 cmd_to_str(CMD_SET), pt_to_str(PT_LOWER),
1268 1268 gettext("<security flags>"));
1269 1269 (void) fprintf(fp, "\t%s %s=%s\n",
1270 1270 cmd_to_str(CMD_SET), pt_to_str(PT_UPPER),
1271 1271 gettext("<security flags>"));
1272 1272 break;
1273 1273 }
1274 1274 (void) fprintf(fp, gettext("And from any resource scope, you "
1275 1275 "can:\n"));
1276 1276 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_END),
1277 1277 gettext("(to conclude this operation)"));
1278 1278 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_CANCEL),
1279 1279 gettext("(to cancel this operation)"));
1280 1280 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_EXIT),
1281 1281 gettext("(to exit the zonecfg utility)"));
1282 1282 }
1283 1283 if (flags & HELP_USAGE) {
1284 1284 (void) fprintf(fp, "%s:\t%s %s\n", gettext("usage"),
1285 1285 execname, cmd_to_str(CMD_HELP));
1286 1286 (void) fprintf(fp, "\t%s -z <zone>\t\t\t(%s)\n",
1287 1287 execname, gettext("interactive"));
1288 1288 (void) fprintf(fp, "\t%s -z <zone> <command>\n", execname);
1289 1289 (void) fprintf(fp, "\t%s -z <zone> -f <command-file>\n",
1290 1290 execname);
1291 1291 }
1292 1292 if (flags & HELP_SUBCMDS) {
1293 1293 (void) fprintf(fp, "%s:\n\n", gettext("Commands"));
1294 1294 for (i = 0; i <= CMD_MAX; i++) {
1295 1295 (void) fprintf(fp, "%s\n", helptab[i].short_usage);
1296 1296 if (verbose)
1297 1297 (void) fprintf(fp, "\t%s\n\n", long_help(i));
1298 1298 }
1299 1299 }
1300 1300 if (flags & HELP_SYNTAX) {
1301 1301 if (!verbose)
1302 1302 (void) fprintf(fp, "\n");
1303 1303 (void) fprintf(fp, "<zone> := [A-Za-z0-9][A-Za-z0-9_.-]*\n");
1304 1304 (void) fprintf(fp, gettext("\t(except the reserved words "
1305 1305 "'%s' and anything starting with '%s')\n"), "global",
1306 1306 "SUNW");
1307 1307 (void) fprintf(fp,
1308 1308 gettext("\tName must be less than %d characters.\n"),
1309 1309 ZONENAME_MAX);
1310 1310 if (verbose)
1311 1311 (void) fprintf(fp, "\n");
1312 1312 }
1313 1313 if (flags & HELP_NETADDR) {
1314 1314 (void) fprintf(fp, gettext("\n<net-addr> :="));
1315 1315 (void) fprintf(fp,
1316 1316 gettext("\t<IPv4-address>[/<IPv4-prefix-length>] |\n"));
1317 1317 (void) fprintf(fp,
1318 1318 gettext("\t\t<IPv6-address>/<IPv6-prefix-length> |\n"));
1319 1319 (void) fprintf(fp,
1320 1320 gettext("\t\t<hostname>[/<IPv4-prefix-length>]\n"));
1321 1321 (void) fprintf(fp, gettext("See inet(3SOCKET) for IPv4 and "
1322 1322 "IPv6 address syntax.\n"));
1323 1323 (void) fprintf(fp, gettext("<IPv4-prefix-length> := [0-32]\n"));
1324 1324 (void) fprintf(fp,
1325 1325 gettext("<IPv6-prefix-length> := [0-128]\n"));
1326 1326 (void) fprintf(fp,
1327 1327 gettext("<hostname> := [A-Za-z0-9][A-Za-z0-9-.]*\n"));
1328 1328 }
1329 1329 if (flags & HELP_RESOURCES) {
1330 1330 (void) fprintf(fp, "<%s> := %s | %s | %s | %s | %s |\n\t"
1331 1331 "%s | %s | %s | %s | %s\n\n",
1332 1332 gettext("resource type"), rt_to_str(RT_FS),
1333 1333 rt_to_str(RT_NET), rt_to_str(RT_DEVICE),
1334 1334 rt_to_str(RT_RCTL), rt_to_str(RT_ATTR),
1335 1335 rt_to_str(RT_DATASET), rt_to_str(RT_DCPU),
1336 1336 rt_to_str(RT_PCAP), rt_to_str(RT_MCAP),
1337 1337 rt_to_str(RT_ADMIN), rt_to_str(RT_SECFLAGS));
1338 1338 }
1339 1339 if (flags & HELP_PROPS) {
1340 1340 (void) fprintf(fp, gettext("For resource type ... there are "
1341 1341 "property types ...:\n"));
1342 1342 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1343 1343 pt_to_str(PT_ZONENAME));
1344 1344 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1345 1345 pt_to_str(PT_ZONEPATH));
1346 1346 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1347 1347 pt_to_str(PT_BRAND));
1348 1348 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1349 1349 pt_to_str(PT_AUTOBOOT));
1350 1350 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1351 1351 pt_to_str(PT_BOOTARGS));
1352 1352 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1353 1353 pt_to_str(PT_POOL));
1354 1354 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1355 1355 pt_to_str(PT_LIMITPRIV));
1356 1356 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1357 1357 pt_to_str(PT_SCHED));
1358 1358 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1359 1359 pt_to_str(PT_IPTYPE));
1360 1360 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1361 1361 pt_to_str(PT_HOSTID));
1362 1362 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1363 1363 pt_to_str(PT_FS_ALLOWED));
1364 1364 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1365 1365 pt_to_str(PT_MAXLWPS));
1366 1366 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1367 1367 pt_to_str(PT_MAXPROCS));
1368 1368 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1369 1369 pt_to_str(PT_MAXSHMMEM));
1370 1370 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1371 1371 pt_to_str(PT_MAXSHMIDS));
1372 1372 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1373 1373 pt_to_str(PT_MAXMSGIDS));
1374 1374 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1375 1375 pt_to_str(PT_MAXSEMIDS));
1376 1376 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1377 1377 pt_to_str(PT_SHARES));
1378 1378 (void) fprintf(fp, "\t%s\t\t%s, %s, %s, %s, %s\n",
1379 1379 rt_to_str(RT_FS), pt_to_str(PT_DIR),
1380 1380 pt_to_str(PT_SPECIAL), pt_to_str(PT_RAW),
1381 1381 pt_to_str(PT_TYPE), pt_to_str(PT_OPTIONS));
1382 1382 (void) fprintf(fp, "\t%s\t\t%s, %s, %s|%s\n", rt_to_str(RT_NET),
1383 1383 pt_to_str(PT_ADDRESS), pt_to_str(PT_ALLOWED_ADDRESS),
1384 1384 pt_to_str(PT_PHYSICAL), pt_to_str(PT_DEFROUTER));
1385 1385 (void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DEVICE),
1386 1386 pt_to_str(PT_MATCH));
1387 1387 (void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_RCTL),
1388 1388 pt_to_str(PT_NAME), pt_to_str(PT_VALUE));
1389 1389 (void) fprintf(fp, "\t%s\t\t%s, %s, %s\n", rt_to_str(RT_ATTR),
1390 1390 pt_to_str(PT_NAME), pt_to_str(PT_TYPE),
1391 1391 pt_to_str(PT_VALUE));
1392 1392 (void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DATASET),
1393 1393 pt_to_str(PT_NAME));
1394 1394 (void) fprintf(fp, "\t%s\t%s, %s\n", rt_to_str(RT_DCPU),
1395 1395 pt_to_str(PT_NCPUS), pt_to_str(PT_IMPORTANCE));
1396 1396 (void) fprintf(fp, "\t%s\t%s\n", rt_to_str(RT_PCAP),
1397 1397 pt_to_str(PT_NCPUS));
1398 1398 (void) fprintf(fp, "\t%s\t%s, %s, %s\n", rt_to_str(RT_MCAP),
1399 1399 pt_to_str(PT_PHYSICAL), pt_to_str(PT_SWAP),
1400 1400 pt_to_str(PT_LOCKED));
1401 1401 (void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_ADMIN),
1402 1402 pt_to_str(PT_USER), pt_to_str(PT_AUTHS));
1403 1403 (void) fprintf(fp, "\t%s\t\t%s, %s, %s\n",
1404 1404 rt_to_str(RT_SECFLAGS), pt_to_str(PT_DEFAULT),
1405 1405 pt_to_str(PT_LOWER), pt_to_str(PT_UPPER));
1406 1406 }
1407 1407 if (need_to_close)
1408 1408 (void) pager_close(fp);
1409 1409 }
1410 1410
1411 1411 static void
1412 1412 zone_perror(char *prefix, int err, boolean_t set_saw)
1413 1413 {
1414 1414 zerr("%s: %s", prefix, zonecfg_strerror(err));
1415 1415 if (set_saw)
1416 1416 saw_error = B_TRUE;
1417 1417 }
1418 1418
1419 1419 /*
1420 1420 * zone_perror() expects a single string, but for remove and select
1421 1421 * we have both the command and the resource type, so this wrapper
1422 1422 * function serves the same purpose in a slightly different way.
1423 1423 */
1424 1424
1425 1425 static void
1426 1426 z_cmd_rt_perror(int cmd_num, int res_num, int err, boolean_t set_saw)
1427 1427 {
1428 1428 zerr("%s %s: %s", cmd_to_str(cmd_num), rt_to_str(res_num),
1429 1429 zonecfg_strerror(err));
1430 1430 if (set_saw)
1431 1431 saw_error = B_TRUE;
1432 1432 }
1433 1433
1434 1434 /* returns Z_OK if successful, Z_foo from <libzonecfg.h> otherwise */
1435 1435 static int
1436 1436 initialize(boolean_t handle_expected)
1437 1437 {
1438 1438 int err;
1439 1439 char brandname[MAXNAMELEN];
1440 1440
1441 1441 if (zonecfg_check_handle(handle) != Z_OK) {
1442 1442 if ((err = zonecfg_get_handle(zone, handle)) == Z_OK) {
1443 1443 got_handle = B_TRUE;
1444 1444 if (zonecfg_get_brand(handle, brandname,
1445 1445 sizeof (brandname)) != Z_OK) {
1446 1446 zerr("Zone %s is inconsistent: missing "
1447 1447 "brand attribute", zone);
1448 1448 exit(Z_ERR);
1449 1449 }
1450 1450 if ((brand = brand_open(brandname)) == NULL) {
1451 1451 zerr("Zone %s uses non-existent brand \"%s\"."
1452 1452 " Unable to continue", zone, brandname);
1453 1453 exit(Z_ERR);
1454 1454 }
1455 1455 /*
1456 1456 * If the user_attr file is newer than
1457 1457 * the zone config file, the admins
1458 1458 * may need to be updated since the
1459 1459 * RBAC files are authoritative for
1460 1460 * authorization checks.
1461 1461 */
1462 1462 err = zonecfg_update_userauths(handle, zone);
1463 1463 if (err == Z_OK) {
1464 1464 zerr(gettext("The administrative rights "
1465 1465 "were updated to match "
1466 1466 "the current RBAC configuration.\n"
1467 1467 "Use \"info admin\" and \"revert\" to "
1468 1468 "compare with the previous settings."));
1469 1469 need_to_commit = B_TRUE;
1470 1470 } else if (err != Z_NO_ENTRY) {
1471 1471 zerr(gettext("failed to update "
1472 1472 "admin rights."));
1473 1473 exit(Z_ERR);
1474 1474 } else if (need_to_commit) {
1475 1475 zerr(gettext("admin rights were updated "
1476 1476 "to match RBAC configuration."));
1477 1477 }
1478 1478
1479 1479 } else if (global_zone && err == Z_NO_ZONE && !got_handle &&
1480 1480 !read_only_mode) {
1481 1481 /*
1482 1482 * We implicitly create the global zone config if it
1483 1483 * doesn't exist.
1484 1484 */
1485 1485 zone_dochandle_t tmphandle;
1486 1486
1487 1487 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1488 1488 zone_perror(execname, Z_NOMEM, B_TRUE);
1489 1489 exit(Z_ERR);
1490 1490 }
1491 1491
1492 1492 err = zonecfg_get_template_handle("SUNWblank", zone,
1493 1493 tmphandle);
1494 1494
1495 1495 if (err != Z_OK) {
1496 1496 zonecfg_fini_handle(tmphandle);
1497 1497 zone_perror("SUNWblank", err, B_TRUE);
1498 1498 return (err);
1499 1499 }
1500 1500
1501 1501 need_to_commit = B_TRUE;
1502 1502 zonecfg_fini_handle(handle);
1503 1503 handle = tmphandle;
1504 1504 got_handle = B_TRUE;
1505 1505
1506 1506 } else {
1507 1507 zone_perror(zone, err, handle_expected || got_handle);
1508 1508 if (err == Z_NO_ZONE && !got_handle &&
1509 1509 interactive_mode && !read_only_mode)
1510 1510 (void) printf(gettext("Use '%s' to begin "
1511 1511 "configuring a new zone.\n"),
1512 1512 cmd_to_str(CMD_CREATE));
1513 1513 return (err);
1514 1514 }
1515 1515 }
1516 1516 return (Z_OK);
1517 1517 }
1518 1518
1519 1519 static boolean_t
1520 1520 state_atleast(zone_state_t state)
1521 1521 {
1522 1522 zone_state_t state_num;
1523 1523 int err;
1524 1524
1525 1525 if ((err = zone_get_state(zone, &state_num)) != Z_OK) {
1526 1526 /* all states are greater than "non-existent" */
1527 1527 if (err == Z_NO_ZONE)
1528 1528 return (B_FALSE);
1529 1529 zerr(gettext("Unexpectedly failed to determine state "
1530 1530 "of zone %s: %s"), zone, zonecfg_strerror(err));
1531 1531 exit(Z_ERR);
1532 1532 }
1533 1533 return (state_num >= state);
1534 1534 }
1535 1535
1536 1536 /*
1537 1537 * short_usage() is for bad syntax: getopt() issues, too many arguments, etc.
1538 1538 */
1539 1539
1540 1540 void
1541 1541 short_usage(int command)
1542 1542 {
1543 1543 /* lex_lineno has already been incremented in the lexer; compensate */
1544 1544 if (cmd_file_mode) {
1545 1545 if (strcmp(cmd_file_name, "-") == 0)
1546 1546 (void) fprintf(stderr,
1547 1547 gettext("syntax error on line %d\n"),
1548 1548 lex_lineno - 1);
1549 1549 else
1550 1550 (void) fprintf(stderr,
1551 1551 gettext("syntax error on line %d of %s\n"),
1552 1552 lex_lineno - 1, cmd_file_name);
1553 1553 }
1554 1554 (void) fprintf(stderr, "%s:\n%s\n", gettext("usage"),
1555 1555 helptab[command].short_usage);
1556 1556 saw_error = B_TRUE;
1557 1557 }
1558 1558
1559 1559 /*
1560 1560 * long_usage() is for bad semantics: e.g., wrong property type for a given
1561 1561 * resource type. It is also used by longer_usage() below.
1562 1562 */
1563 1563
1564 1564 void
1565 1565 long_usage(uint_t cmd_num, boolean_t set_saw)
1566 1566 {
1567 1567 (void) fprintf(set_saw ? stderr : stdout, "%s:\n%s\n", gettext("usage"),
1568 1568 helptab[cmd_num].short_usage);
1569 1569 (void) fprintf(set_saw ? stderr : stdout, "\t%s\n", long_help(cmd_num));
1570 1570 if (set_saw)
1571 1571 saw_error = B_TRUE;
1572 1572 }
1573 1573
1574 1574 /*
1575 1575 * longer_usage() is for 'help foo' and 'foo -?': call long_usage() and also
1576 1576 * any extra usage() flags as appropriate for whatever command.
1577 1577 */
1578 1578
1579 1579 void
1580 1580 longer_usage(uint_t cmd_num)
1581 1581 {
1582 1582 long_usage(cmd_num, B_FALSE);
1583 1583 if (helptab[cmd_num].flags != 0) {
1584 1584 (void) printf("\n");
1585 1585 usage(B_TRUE, helptab[cmd_num].flags);
1586 1586 }
1587 1587 }
1588 1588
1589 1589 /*
1590 1590 * scope_usage() is simply used when a command is called from the wrong scope.
1591 1591 */
1592 1592
1593 1593 static void
1594 1594 scope_usage(uint_t cmd_num)
1595 1595 {
1596 1596 zerr(gettext("The %s command only makes sense in the %s scope."),
1597 1597 cmd_to_str(cmd_num),
1598 1598 global_scope ? gettext("resource") : gettext("global"));
1599 1599 saw_error = B_TRUE;
1600 1600 }
1601 1601
1602 1602 /*
1603 1603 * On input, B_TRUE => yes, B_FALSE => no.
1604 1604 * On return, B_TRUE => 1, B_FALSE => no, could not ask => -1.
1605 1605 */
1606 1606
1607 1607 static int
1608 1608 ask_yesno(boolean_t default_answer, const char *question)
1609 1609 {
1610 1610 char line[64]; /* should be enough to answer yes or no */
1611 1611
1612 1612 if (!ok_to_prompt) {
1613 1613 saw_error = B_TRUE;
1614 1614 return (-1);
1615 1615 }
1616 1616 for (;;) {
1617 1617 if (printf("%s (%s)? ", question,
1618 1618 default_answer ? "[y]/n" : "y/[n]") < 0)
1619 1619 return (-1);
1620 1620 if (fgets(line, sizeof (line), stdin) == NULL)
1621 1621 return (-1);
1622 1622
1623 1623 if (line[0] == '\n')
1624 1624 return (default_answer ? 1 : 0);
1625 1625 if (tolower(line[0]) == 'y')
1626 1626 return (1);
1627 1627 if (tolower(line[0]) == 'n')
1628 1628 return (0);
1629 1629 }
1630 1630 }
1631 1631
1632 1632 /*
1633 1633 * Prints warning if zone already exists.
1634 1634 * In interactive mode, prompts if we should continue anyway and returns Z_OK
1635 1635 * if so, Z_ERR if not. In non-interactive mode, exits with Z_ERR.
1636 1636 *
1637 1637 * Note that if a zone exists and its state is >= INSTALLED, an error message
1638 1638 * will be printed and this function will return Z_ERR regardless of mode.
1639 1639 */
1640 1640
1641 1641 static int
1642 1642 check_if_zone_already_exists(boolean_t force)
1643 1643 {
1644 1644 char line[ZONENAME_MAX + 128]; /* enough to ask a question */
1645 1645 zone_dochandle_t tmphandle;
1646 1646 int res, answer;
1647 1647
1648 1648 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1649 1649 zone_perror(execname, Z_NOMEM, B_TRUE);
1650 1650 exit(Z_ERR);
1651 1651 }
1652 1652 res = zonecfg_get_handle(zone, tmphandle);
1653 1653 zonecfg_fini_handle(tmphandle);
1654 1654 if (res != Z_OK)
1655 1655 return (Z_OK);
1656 1656
1657 1657 if (state_atleast(ZONE_STATE_INSTALLED)) {
1658 1658 zerr(gettext("Zone %s already installed; %s not allowed."),
1659 1659 zone, cmd_to_str(CMD_CREATE));
1660 1660 return (Z_ERR);
1661 1661 }
1662 1662
1663 1663 if (force) {
1664 1664 (void) printf(gettext("Zone %s already exists; overwriting.\n"),
1665 1665 zone);
1666 1666 return (Z_OK);
1667 1667 }
1668 1668 (void) snprintf(line, sizeof (line),
1669 1669 gettext("Zone %s already exists; %s anyway"), zone,
1670 1670 cmd_to_str(CMD_CREATE));
1671 1671 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
1672 1672 zerr(gettext("Zone exists, input not from terminal and -F not "
1673 1673 "specified:\n%s command ignored, exiting."),
1674 1674 cmd_to_str(CMD_CREATE));
1675 1675 exit(Z_ERR);
1676 1676 }
1677 1677 return (answer == 1 ? Z_OK : Z_ERR);
1678 1678 }
1679 1679
1680 1680 static boolean_t
1681 1681 zone_is_read_only(int cmd_num)
1682 1682 {
1683 1683 if (strncmp(zone, "SUNW", 4) == 0) {
1684 1684 zerr(gettext("%s: zones beginning with SUNW are read-only."),
1685 1685 zone);
1686 1686 saw_error = B_TRUE;
1687 1687 return (B_TRUE);
1688 1688 }
1689 1689 if (read_only_mode) {
1690 1690 zerr(gettext("%s: cannot %s in read-only mode."), zone,
1691 1691 cmd_to_str(cmd_num));
1692 1692 saw_error = B_TRUE;
1693 1693 return (B_TRUE);
1694 1694 }
1695 1695 return (B_FALSE);
1696 1696 }
1697 1697
1698 1698 /*
1699 1699 * Create a new configuration.
1700 1700 */
1701 1701 void
1702 1702 create_func(cmd_t *cmd)
1703 1703 {
1704 1704 int err, arg;
1705 1705 char zone_template[ZONENAME_MAX];
1706 1706 char attach_path[MAXPATHLEN];
1707 1707 zone_dochandle_t tmphandle;
1708 1708 boolean_t force = B_FALSE;
1709 1709 boolean_t attach = B_FALSE;
1710 1710 boolean_t arg_err = B_FALSE;
1711 1711
1712 1712 assert(cmd != NULL);
1713 1713
1714 1714 /* This is the default if no arguments are given. */
1715 1715 (void) strlcpy(zone_template, "SUNWdefault", sizeof (zone_template));
1716 1716
1717 1717 optind = 0;
1718 1718 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?a:bFt:"))
1719 1719 != EOF) {
1720 1720 switch (arg) {
1721 1721 case '?':
1722 1722 if (optopt == '?')
1723 1723 longer_usage(CMD_CREATE);
1724 1724 else
1725 1725 short_usage(CMD_CREATE);
1726 1726 arg_err = B_TRUE;
1727 1727 break;
1728 1728 case 'a':
1729 1729 (void) strlcpy(attach_path, optarg,
1730 1730 sizeof (attach_path));
1731 1731 attach = B_TRUE;
1732 1732 break;
1733 1733 case 'b':
1734 1734 (void) strlcpy(zone_template, "SUNWblank",
1735 1735 sizeof (zone_template));
1736 1736 break;
1737 1737 case 'F':
1738 1738 force = B_TRUE;
1739 1739 break;
1740 1740 case 't':
1741 1741 (void) strlcpy(zone_template, optarg,
1742 1742 sizeof (zone_template));
1743 1743 break;
1744 1744 default:
1745 1745 short_usage(CMD_CREATE);
1746 1746 arg_err = B_TRUE;
1747 1747 break;
1748 1748 }
1749 1749 }
1750 1750 if (arg_err)
1751 1751 return;
1752 1752
1753 1753 if (optind != cmd->cmd_argc) {
1754 1754 short_usage(CMD_CREATE);
1755 1755 return;
1756 1756 }
1757 1757
1758 1758 if (zone_is_read_only(CMD_CREATE))
1759 1759 return;
1760 1760
1761 1761 if (check_if_zone_already_exists(force) != Z_OK)
1762 1762 return;
1763 1763
1764 1764 /*
1765 1765 * Get a temporary handle first. If that fails, the old handle
1766 1766 * will not be lost. Then finish whichever one we don't need,
1767 1767 * to avoid leaks. Then get the handle for zone_template, and
1768 1768 * set the name to zone: this "copy, rename" method is how
1769 1769 * create -[b|t] works.
1770 1770 */
1771 1771 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1772 1772 zone_perror(execname, Z_NOMEM, B_TRUE);
1773 1773 exit(Z_ERR);
1774 1774 }
1775 1775
1776 1776 if (attach)
1777 1777 err = zonecfg_get_attach_handle(attach_path, ZONE_DETACHED,
1778 1778 zone, B_FALSE, tmphandle);
1779 1779 else
1780 1780 err = zonecfg_get_template_handle(zone_template, zone,
1781 1781 tmphandle);
1782 1782
1783 1783 if (err != Z_OK) {
1784 1784 zonecfg_fini_handle(tmphandle);
1785 1785 if (attach && err == Z_NO_ZONE)
1786 1786 (void) fprintf(stderr, gettext("invalid path to "
1787 1787 "detached zone\n"));
1788 1788 else if (attach && err == Z_INVALID_DOCUMENT)
1789 1789 (void) fprintf(stderr, gettext("Cannot attach to an "
1790 1790 "earlier release of the operating system\n"));
1791 1791 else
1792 1792 zone_perror(zone_template, err, B_TRUE);
1793 1793 return;
1794 1794 }
1795 1795
1796 1796 need_to_commit = B_TRUE;
1797 1797 zonecfg_fini_handle(handle);
1798 1798 handle = tmphandle;
1799 1799 got_handle = B_TRUE;
1800 1800 }
1801 1801
1802 1802 /*
1803 1803 * This malloc()'s memory, which must be freed by the caller.
1804 1804 */
1805 1805 static char *
1806 1806 quoteit(char *instr)
1807 1807 {
1808 1808 char *outstr;
1809 1809 size_t outstrsize = strlen(instr) + 3; /* 2 quotes + '\0' */
1810 1810
1811 1811 if ((outstr = malloc(outstrsize)) == NULL) {
1812 1812 zone_perror(zone, Z_NOMEM, B_FALSE);
1813 1813 exit(Z_ERR);
1814 1814 }
1815 1815 if (strchr(instr, ' ') == NULL) {
1816 1816 (void) strlcpy(outstr, instr, outstrsize);
1817 1817 return (outstr);
1818 1818 }
1819 1819 (void) snprintf(outstr, outstrsize, "\"%s\"", instr);
1820 1820 return (outstr);
1821 1821 }
1822 1822
1823 1823 static void
1824 1824 export_prop(FILE *of, int prop_num, char *prop_id)
1825 1825 {
1826 1826 if (strlen(prop_id) == 0)
1827 1827 return;
1828 1828 /*
1829 1829 * We're going to explicitly quote all strings on export.
1830 1830 * This should be fine since it seems that no amount of escaping
1831 1831 * will coerce zonecfg to properly parse a double quote as
1832 1832 * part of the string value.
1833 1833 */
1834 1834 (void) fprintf(of, "%s %s=\"%s\"\n", cmd_to_str(CMD_SET),
1835 1835 pt_to_str(prop_num), prop_id);
1836 1836 }
1837 1837
1838 1838 void
1839 1839 export_func(cmd_t *cmd)
1840 1840 {
1841 1841 struct zone_nwiftab nwiftab;
1842 1842 struct zone_fstab fstab;
1843 1843 struct zone_devtab devtab;
1844 1844 struct zone_attrtab attrtab;
1845 1845 struct zone_rctltab rctltab;
1846 1846 struct zone_dstab dstab;
1847 1847 struct zone_psettab psettab;
1848 1848 struct zone_mcaptab mcaptab;
1849 1849 struct zone_rctlvaltab *valptr;
1850 1850 struct zone_admintab admintab;
1851 1851 struct zone_secflagstab secflagstab;
1852 1852 int err, arg;
1853 1853 char zonepath[MAXPATHLEN], outfile[MAXPATHLEN], pool[MAXNAMELEN];
1854 1854 char bootargs[BOOTARGS_MAX];
1855 1855 char sched[MAXNAMELEN];
1856 1856 char brand[MAXNAMELEN];
1857 1857 char hostidp[HW_HOSTID_LEN];
1858 1858 char fsallowedp[ZONE_FS_ALLOWED_MAX];
1859 1859 char *limitpriv;
1860 1860 FILE *of;
1861 1861 boolean_t autoboot;
1862 1862 zone_iptype_t iptype;
1863 1863 boolean_t need_to_close = B_FALSE;
1864 1864 boolean_t arg_err = B_FALSE;
1865 1865
1866 1866 assert(cmd != NULL);
1867 1867
1868 1868 outfile[0] = '\0';
1869 1869 optind = 0;
1870 1870 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?f:")) != EOF) {
1871 1871 switch (arg) {
1872 1872 case '?':
1873 1873 if (optopt == '?')
1874 1874 longer_usage(CMD_EXPORT);
1875 1875 else
1876 1876 short_usage(CMD_EXPORT);
1877 1877 arg_err = B_TRUE;
1878 1878 break;
1879 1879 case 'f':
1880 1880 (void) strlcpy(outfile, optarg, sizeof (outfile));
1881 1881 break;
1882 1882 default:
1883 1883 short_usage(CMD_EXPORT);
1884 1884 arg_err = B_TRUE;
1885 1885 break;
1886 1886 }
1887 1887 }
1888 1888 if (arg_err)
1889 1889 return;
1890 1890
1891 1891 if (optind != cmd->cmd_argc) {
1892 1892 short_usage(CMD_EXPORT);
1893 1893 return;
1894 1894 }
1895 1895 if (strlen(outfile) == 0) {
1896 1896 of = stdout;
1897 1897 } else {
1898 1898 if ((of = fopen(outfile, "w")) == NULL) {
1899 1899 zerr(gettext("opening file %s: %s"),
1900 1900 outfile, strerror(errno));
1901 1901 goto done;
1902 1902 }
1903 1903 setbuf(of, NULL);
1904 1904 need_to_close = B_TRUE;
1905 1905 }
1906 1906
1907 1907 if ((err = initialize(B_TRUE)) != Z_OK)
1908 1908 goto done;
1909 1909
1910 1910 (void) fprintf(of, "%s -b\n", cmd_to_str(CMD_CREATE));
1911 1911
1912 1912 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK &&
1913 1913 strlen(zonepath) > 0)
1914 1914 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1915 1915 pt_to_str(PT_ZONEPATH), zonepath);
1916 1916
1917 1917 if ((zone_get_brand(zone, brand, sizeof (brand)) == Z_OK) &&
1918 1918 (strcmp(brand, NATIVE_BRAND_NAME) != 0))
1919 1919 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1920 1920 pt_to_str(PT_BRAND), brand);
1921 1921
1922 1922 if (zonecfg_get_autoboot(handle, &autoboot) == Z_OK)
1923 1923 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1924 1924 pt_to_str(PT_AUTOBOOT), autoboot ? "true" : "false");
1925 1925
1926 1926 if (zonecfg_get_bootargs(handle, bootargs, sizeof (bootargs)) == Z_OK &&
1927 1927 strlen(bootargs) > 0) {
1928 1928 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1929 1929 pt_to_str(PT_BOOTARGS), bootargs);
1930 1930 }
1931 1931
1932 1932 if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
1933 1933 strlen(pool) > 0)
1934 1934 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1935 1935 pt_to_str(PT_POOL), pool);
1936 1936
1937 1937 if (zonecfg_get_limitpriv(handle, &limitpriv) == Z_OK &&
1938 1938 strlen(limitpriv) > 0) {
1939 1939 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1940 1940 pt_to_str(PT_LIMITPRIV), limitpriv);
1941 1941 free(limitpriv);
1942 1942 }
1943 1943
1944 1944 if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
1945 1945 strlen(sched) > 0)
1946 1946 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1947 1947 pt_to_str(PT_SCHED), sched);
1948 1948
1949 1949 if (zonecfg_get_iptype(handle, &iptype) == Z_OK) {
1950 1950 switch (iptype) {
1951 1951 case ZS_SHARED:
1952 1952 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1953 1953 pt_to_str(PT_IPTYPE), "shared");
1954 1954 break;
1955 1955 case ZS_EXCLUSIVE:
1956 1956 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1957 1957 pt_to_str(PT_IPTYPE), "exclusive");
1958 1958 break;
1959 1959 }
1960 1960 }
1961 1961
1962 1962 if (zonecfg_get_hostid(handle, hostidp, sizeof (hostidp)) == Z_OK) {
1963 1963 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1964 1964 pt_to_str(PT_HOSTID), hostidp);
1965 1965 }
1966 1966
1967 1967 if (zonecfg_get_fs_allowed(handle, fsallowedp,
1968 1968 sizeof (fsallowedp)) == Z_OK) {
1969 1969 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1970 1970 pt_to_str(PT_FS_ALLOWED), fsallowedp);
1971 1971 }
1972 1972
1973 1973 if ((err = zonecfg_setfsent(handle)) != Z_OK) {
1974 1974 zone_perror(zone, err, B_FALSE);
1975 1975 goto done;
1976 1976 }
1977 1977 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1978 1978 zone_fsopt_t *optptr;
1979 1979
1980 1980 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1981 1981 rt_to_str(RT_FS));
1982 1982 export_prop(of, PT_DIR, fstab.zone_fs_dir);
1983 1983 export_prop(of, PT_SPECIAL, fstab.zone_fs_special);
1984 1984 export_prop(of, PT_RAW, fstab.zone_fs_raw);
1985 1985 export_prop(of, PT_TYPE, fstab.zone_fs_type);
1986 1986 for (optptr = fstab.zone_fs_options; optptr != NULL;
1987 1987 optptr = optptr->zone_fsopt_next) {
1988 1988 /*
1989 1989 * Simple property values with embedded equal signs
1990 1990 * need to be quoted to prevent the lexer from
1991 1991 * mis-parsing them as complex name=value pairs.
1992 1992 */
1993 1993 if (strchr(optptr->zone_fsopt_opt, '='))
1994 1994 (void) fprintf(of, "%s %s \"%s\"\n",
1995 1995 cmd_to_str(CMD_ADD),
1996 1996 pt_to_str(PT_OPTIONS),
1997 1997 optptr->zone_fsopt_opt);
1998 1998 else
1999 1999 (void) fprintf(of, "%s %s %s\n",
2000 2000 cmd_to_str(CMD_ADD),
2001 2001 pt_to_str(PT_OPTIONS),
2002 2002 optptr->zone_fsopt_opt);
2003 2003 }
2004 2004 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2005 2005 zonecfg_free_fs_option_list(fstab.zone_fs_options);
2006 2006 }
2007 2007 (void) zonecfg_endfsent(handle);
2008 2008
2009 2009 if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
2010 2010 zone_perror(zone, err, B_FALSE);
2011 2011 goto done;
2012 2012 }
2013 2013 while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
2014 2014 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2015 2015 rt_to_str(RT_NET));
2016 2016 export_prop(of, PT_ADDRESS, nwiftab.zone_nwif_address);
2017 2017 export_prop(of, PT_ALLOWED_ADDRESS,
2018 2018 nwiftab.zone_nwif_allowed_address);
2019 2019 export_prop(of, PT_PHYSICAL, nwiftab.zone_nwif_physical);
2020 2020 export_prop(of, PT_DEFROUTER, nwiftab.zone_nwif_defrouter);
2021 2021 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2022 2022 }
2023 2023 (void) zonecfg_endnwifent(handle);
2024 2024
2025 2025 if ((err = zonecfg_setdevent(handle)) != Z_OK) {
2026 2026 zone_perror(zone, err, B_FALSE);
2027 2027 goto done;
2028 2028 }
2029 2029 while (zonecfg_getdevent(handle, &devtab) == Z_OK) {
2030 2030 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2031 2031 rt_to_str(RT_DEVICE));
2032 2032 export_prop(of, PT_MATCH, devtab.zone_dev_match);
2033 2033 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2034 2034 }
2035 2035 (void) zonecfg_enddevent(handle);
2036 2036
2037 2037 if (zonecfg_getmcapent(handle, &mcaptab) == Z_OK) {
2038 2038 char buf[128];
2039 2039
2040 2040 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2041 2041 rt_to_str(RT_MCAP));
2042 2042 bytes_to_units(mcaptab.zone_physmem_cap, buf, sizeof (buf));
2043 2043 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2044 2044 pt_to_str(PT_PHYSICAL), buf);
2045 2045 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2046 2046 }
2047 2047
2048 2048 if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
2049 2049 zone_perror(zone, err, B_FALSE);
2050 2050 goto done;
2051 2051 }
2052 2052 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
2053 2053 (void) fprintf(of, "%s rctl\n", cmd_to_str(CMD_ADD));
2054 2054 export_prop(of, PT_NAME, rctltab.zone_rctl_name);
2055 2055 for (valptr = rctltab.zone_rctl_valptr; valptr != NULL;
2056 2056 valptr = valptr->zone_rctlval_next) {
2057 2057 fprintf(of, "%s %s (%s=%s,%s=%s,%s=%s)\n",
2058 2058 cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
2059 2059 pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
2060 2060 pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
2061 2061 pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
2062 2062 }
2063 2063 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2064 2064 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2065 2065 }
2066 2066 (void) zonecfg_endrctlent(handle);
2067 2067
2068 2068 if ((err = zonecfg_setattrent(handle)) != Z_OK) {
2069 2069 zone_perror(zone, err, B_FALSE);
2070 2070 goto done;
2071 2071 }
2072 2072 while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
2073 2073 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2074 2074 rt_to_str(RT_ATTR));
2075 2075 export_prop(of, PT_NAME, attrtab.zone_attr_name);
2076 2076 export_prop(of, PT_TYPE, attrtab.zone_attr_type);
2077 2077 export_prop(of, PT_VALUE, attrtab.zone_attr_value);
2078 2078 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2079 2079 }
2080 2080 (void) zonecfg_endattrent(handle);
2081 2081
2082 2082 if ((err = zonecfg_setdsent(handle)) != Z_OK) {
2083 2083 zone_perror(zone, err, B_FALSE);
2084 2084 goto done;
2085 2085 }
2086 2086 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
2087 2087 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2088 2088 rt_to_str(RT_DATASET));
2089 2089 export_prop(of, PT_NAME, dstab.zone_dataset_name);
2090 2090 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2091 2091 }
2092 2092 (void) zonecfg_enddsent(handle);
2093 2093
2094 2094 if (zonecfg_getpsetent(handle, &psettab) == Z_OK) {
2095 2095 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2096 2096 rt_to_str(RT_DCPU));
2097 2097 if (strcmp(psettab.zone_ncpu_min, psettab.zone_ncpu_max) == 0)
2098 2098 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2099 2099 pt_to_str(PT_NCPUS), psettab.zone_ncpu_max);
2100 2100 else
2101 2101 (void) fprintf(of, "%s %s=%s-%s\n", cmd_to_str(CMD_SET),
2102 2102 pt_to_str(PT_NCPUS), psettab.zone_ncpu_min,
2103 2103 psettab.zone_ncpu_max);
2104 2104 if (psettab.zone_importance[0] != '\0')
2105 2105 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2106 2106 pt_to_str(PT_IMPORTANCE), psettab.zone_importance);
2107 2107 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2108 2108 }
2109 2109
2110 2110 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
2111 2111 zone_perror(zone, err, B_FALSE);
2112 2112 goto done;
2113 2113 }
2114 2114 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
2115 2115 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2116 2116 rt_to_str(RT_ADMIN));
2117 2117 export_prop(of, PT_USER, admintab.zone_admin_user);
2118 2118 export_prop(of, PT_AUTHS, admintab.zone_admin_auths);
2119 2119 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2120 2120 }
2121 2121
2122 2122 (void) zonecfg_endadminent(handle);
2123 2123
2124 2124 if (zonecfg_getsecflagsent(handle, &secflagstab) == Z_OK) {
2125 2125 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2126 2126 rt_to_str(RT_SECFLAGS));
2127 2127 export_prop(of, PT_DEFAULT, secflagstab.zone_secflags_default);
2128 2128 export_prop(of, PT_LOWER, secflagstab.zone_secflags_lower);
2129 2129 export_prop(of, PT_UPPER, secflagstab.zone_secflags_upper);
2130 2130 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2131 2131 }
2132 2132
2133 2133 /*
2134 2134 * There is nothing to export for pcap since this resource is just
2135 2135 * a container for an rctl alias.
2136 2136 */
2137 2137
2138 2138 done:
2139 2139 if (need_to_close)
2140 2140 (void) fclose(of);
2141 2141 }
2142 2142
2143 2143 void
2144 2144 exit_func(cmd_t *cmd)
2145 2145 {
2146 2146 int arg, answer;
2147 2147 boolean_t arg_err = B_FALSE;
2148 2148
2149 2149 optind = 0;
2150 2150 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2151 2151 switch (arg) {
2152 2152 case '?':
2153 2153 longer_usage(CMD_EXIT);
2154 2154 arg_err = B_TRUE;
2155 2155 break;
2156 2156 case 'F':
2157 2157 force_exit = B_TRUE;
2158 2158 break;
2159 2159 default:
2160 2160 short_usage(CMD_EXIT);
2161 2161 arg_err = B_TRUE;
2162 2162 break;
2163 2163 }
2164 2164 }
2165 2165 if (arg_err)
2166 2166 return;
2167 2167
2168 2168 if (optind < cmd->cmd_argc) {
2169 2169 short_usage(CMD_EXIT);
2170 2170 return;
2171 2171 }
2172 2172
2173 2173 if (global_scope || force_exit) {
2174 2174 time_to_exit = B_TRUE;
2175 2175 return;
2176 2176 }
2177 2177
2178 2178 answer = ask_yesno(B_FALSE, "Resource incomplete; really quit");
2179 2179 if (answer == -1) {
2180 2180 zerr(gettext("Resource incomplete, input "
2181 2181 "not from terminal and -F not specified:\n%s command "
2182 2182 "ignored, but exiting anyway."), cmd_to_str(CMD_EXIT));
2183 2183 exit(Z_ERR);
2184 2184 } else if (answer == 1) {
2185 2185 time_to_exit = B_TRUE;
2186 2186 }
2187 2187 /* (answer == 0) => just return */
2188 2188 }
2189 2189
2190 2190 static int
2191 2191 validate_zonepath_syntax(char *path)
2192 2192 {
2193 2193 if (path[0] != '/') {
2194 2194 zerr(gettext("%s is not an absolute path."), path);
2195 2195 return (Z_ERR);
2196 2196 }
2197 2197 /* If path is all slashes, then fail */
2198 2198 if (strspn(path, "/") == strlen(path)) {
2199 2199 zerr(gettext("/ is not allowed as a %s."),
2200 2200 pt_to_str(PT_ZONEPATH));
2201 2201 return (Z_ERR);
2202 2202 }
2203 2203 return (Z_OK);
2204 2204 }
2205 2205
2206 2206 static void
2207 2207 add_resource(cmd_t *cmd)
2208 2208 {
2209 2209 int type;
2210 2210 struct zone_psettab tmp_psettab;
2211 2211 struct zone_mcaptab tmp_mcaptab;
2212 2212 struct zone_secflagstab tmp_secflagstab;
2213 2213 uint64_t tmp;
2214 2214 uint64_t tmp_mcap;
2215 2215 char pool[MAXNAMELEN];
2216 2216
2217 2217 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
2218 2218 long_usage(CMD_ADD, B_TRUE);
2219 2219 goto bad;
2220 2220 }
2221 2221
2222 2222 switch (type) {
2223 2223 case RT_FS:
2224 2224 bzero(&in_progress_fstab, sizeof (in_progress_fstab));
2225 2225 return;
2226 2226 case RT_NET:
2227 2227 bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
2228 2228 return;
2229 2229 case RT_DEVICE:
2230 2230 bzero(&in_progress_devtab, sizeof (in_progress_devtab));
2231 2231 return;
2232 2232 case RT_RCTL:
2233 2233 if (global_zone)
2234 2234 zerr(gettext("WARNING: Setting a global zone resource "
2235 2235 "control too low could deny\nservice "
2236 2236 "to even the root user; "
2237 2237 "this could render the system impossible\n"
2238 2238 "to administer. Please use caution."));
2239 2239 bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
2240 2240 return;
2241 2241 case RT_ATTR:
2242 2242 bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
2243 2243 return;
2244 2244 case RT_DATASET:
2245 2245 bzero(&in_progress_dstab, sizeof (in_progress_dstab));
2246 2246 return;
2247 2247 case RT_DCPU:
2248 2248 /* Make sure there isn't already a cpu-set or cpu-cap entry. */
2249 2249 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2250 2250 zerr(gettext("The %s resource already exists."),
2251 2251 rt_to_str(RT_DCPU));
2252 2252 goto bad;
2253 2253 }
2254 2254 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) !=
2255 2255 Z_NO_ENTRY) {
2256 2256 zerr(gettext("The %s resource already exists."),
2257 2257 rt_to_str(RT_PCAP));
2258 2258 goto bad;
2259 2259 }
2260 2260
2261 2261 /* Make sure the pool property isn't set. */
2262 2262 if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
2263 2263 strlen(pool) > 0) {
2264 2264 zerr(gettext("The %s property is already set. "
2265 2265 "A persistent pool is incompatible with\nthe %s "
2266 2266 "resource."),
2267 2267 pt_to_str(PT_POOL), rt_to_str(RT_DCPU));
2268 2268 goto bad;
2269 2269 }
2270 2270
2271 2271 bzero(&in_progress_psettab, sizeof (in_progress_psettab));
2272 2272 return;
2273 2273 case RT_PCAP:
2274 2274 /*
2275 2275 * Make sure there isn't already a cpu-set or incompatible
2276 2276 * cpu-cap rctls.
2277 2277 */
2278 2278 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2279 2279 zerr(gettext("The %s resource already exists."),
2280 2280 rt_to_str(RT_DCPU));
2281 2281 goto bad;
2282 2282 }
2283 2283
2284 2284 switch (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp)) {
2285 2285 case Z_ALIAS_DISALLOW:
2286 2286 zone_perror(rt_to_str(RT_PCAP), Z_ALIAS_DISALLOW,
2287 2287 B_FALSE);
2288 2288 goto bad;
2289 2289
2290 2290 case Z_OK:
2291 2291 zerr(gettext("The %s resource already exists."),
2292 2292 rt_to_str(RT_PCAP));
2293 2293 goto bad;
2294 2294
2295 2295 default:
2296 2296 break;
2297 2297 }
2298 2298 return;
2299 2299 case RT_MCAP:
2300 2300 /*
2301 2301 * Make sure there isn't already a mem-cap entry or max-swap
2302 2302 * or max-locked rctl.
2303 2303 */
2304 2304 if (zonecfg_lookup_mcap(handle, &tmp_mcaptab) == Z_OK ||
2305 2305 zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp_mcap)
2306 2306 == Z_OK ||
2307 2307 zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
2308 2308 &tmp_mcap) == Z_OK) {
2309 2309 zerr(gettext("The %s resource or a related resource "
2310 2310 "control already exists."), rt_to_str(RT_MCAP));
2311 2311 goto bad;
2312 2312 }
2313 2313 if (global_zone)
2314 2314 zerr(gettext("WARNING: Setting a global zone memory "
2315 2315 "cap too low could deny\nservice "
2316 2316 "to even the root user; "
2317 2317 "this could render the system impossible\n"
2318 2318 "to administer. Please use caution."));
2319 2319 bzero(&in_progress_mcaptab, sizeof (in_progress_mcaptab));
2320 2320 return;
2321 2321 case RT_ADMIN:
2322 2322 bzero(&in_progress_admintab, sizeof (in_progress_admintab));
2323 2323 return;
2324 2324 case RT_SECFLAGS:
2325 2325 /* Make sure we haven't already set this */
2326 2326 if (zonecfg_lookup_secflags(handle, &tmp_secflagstab) == Z_OK)
2327 2327 zerr(gettext("The %s resource already exists."),
2328 2328 rt_to_str(RT_SECFLAGS));
2329 2329 bzero(&in_progress_secflagstab,
2330 2330 sizeof (in_progress_secflagstab));
2331 2331 return;
2332 2332 default:
2333 2333 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
2334 2334 long_usage(CMD_ADD, B_TRUE);
2335 2335 usage(B_FALSE, HELP_RESOURCES);
2336 2336 }
2337 2337 bad:
2338 2338 global_scope = B_TRUE;
2339 2339 end_op = -1;
2340 2340 }
2341 2341
2342 2342 static void
2343 2343 do_complex_rctl_val(complex_property_ptr_t cp)
2344 2344 {
2345 2345 struct zone_rctlvaltab *rctlvaltab;
2346 2346 complex_property_ptr_t cx;
2347 2347 boolean_t seen_priv = B_FALSE, seen_limit = B_FALSE,
2348 2348 seen_action = B_FALSE;
2349 2349 rctlblk_t *rctlblk;
2350 2350 int err;
2351 2351
2352 2352 if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
2353 2353 zone_perror(zone, Z_NOMEM, B_TRUE);
2354 2354 exit(Z_ERR);
2355 2355 }
2356 2356 for (cx = cp; cx != NULL; cx = cx->cp_next) {
2357 2357 switch (cx->cp_type) {
2358 2358 case PT_PRIV:
2359 2359 if (seen_priv) {
2360 2360 zerr(gettext("%s already specified"),
2361 2361 pt_to_str(PT_PRIV));
2362 2362 goto bad;
2363 2363 }
2364 2364 (void) strlcpy(rctlvaltab->zone_rctlval_priv,
2365 2365 cx->cp_value,
2366 2366 sizeof (rctlvaltab->zone_rctlval_priv));
2367 2367 seen_priv = B_TRUE;
2368 2368 break;
2369 2369 case PT_LIMIT:
2370 2370 if (seen_limit) {
2371 2371 zerr(gettext("%s already specified"),
2372 2372 pt_to_str(PT_LIMIT));
2373 2373 goto bad;
2374 2374 }
2375 2375 (void) strlcpy(rctlvaltab->zone_rctlval_limit,
2376 2376 cx->cp_value,
2377 2377 sizeof (rctlvaltab->zone_rctlval_limit));
2378 2378 seen_limit = B_TRUE;
2379 2379 break;
2380 2380 case PT_ACTION:
2381 2381 if (seen_action) {
2382 2382 zerr(gettext("%s already specified"),
2383 2383 pt_to_str(PT_ACTION));
2384 2384 goto bad;
2385 2385 }
2386 2386 (void) strlcpy(rctlvaltab->zone_rctlval_action,
2387 2387 cx->cp_value,
2388 2388 sizeof (rctlvaltab->zone_rctlval_action));
2389 2389 seen_action = B_TRUE;
2390 2390 break;
2391 2391 default:
2392 2392 zone_perror(pt_to_str(PT_VALUE),
2393 2393 Z_NO_PROPERTY_TYPE, B_TRUE);
2394 2394 long_usage(CMD_ADD, B_TRUE);
2395 2395 usage(B_FALSE, HELP_PROPS);
2396 2396 zonecfg_free_rctl_value_list(rctlvaltab);
2397 2397 return;
2398 2398 }
2399 2399 }
2400 2400 if (!seen_priv)
2401 2401 zerr(gettext("%s not specified"), pt_to_str(PT_PRIV));
2402 2402 if (!seen_limit)
2403 2403 zerr(gettext("%s not specified"), pt_to_str(PT_LIMIT));
2404 2404 if (!seen_action)
2405 2405 zerr(gettext("%s not specified"), pt_to_str(PT_ACTION));
2406 2406 if (!seen_priv || !seen_limit || !seen_action)
2407 2407 goto bad;
2408 2408 rctlvaltab->zone_rctlval_next = NULL;
2409 2409 rctlblk = alloca(rctlblk_size());
2410 2410 /*
2411 2411 * Make sure the rctl value looks roughly correct; we won't know if
2412 2412 * it's truly OK until we verify the configuration on the target
2413 2413 * system.
2414 2414 */
2415 2415 if (zonecfg_construct_rctlblk(rctlvaltab, rctlblk) != Z_OK ||
2416 2416 !zonecfg_valid_rctlblk(rctlblk)) {
2417 2417 zerr(gettext("Invalid %s %s specification"), rt_to_str(RT_RCTL),
2418 2418 pt_to_str(PT_VALUE));
2419 2419 goto bad;
2420 2420 }
2421 2421 err = zonecfg_add_rctl_value(&in_progress_rctltab, rctlvaltab);
2422 2422 if (err != Z_OK)
2423 2423 zone_perror(pt_to_str(PT_VALUE), err, B_TRUE);
2424 2424 return;
2425 2425
2426 2426 bad:
2427 2427 zonecfg_free_rctl_value_list(rctlvaltab);
2428 2428 }
2429 2429
2430 2430 static void
2431 2431 add_property(cmd_t *cmd)
2432 2432 {
2433 2433 char *prop_id;
2434 2434 int err, res_type, prop_type;
2435 2435 property_value_ptr_t pp;
2436 2436 list_property_ptr_t l;
2437 2437
2438 2438 res_type = resource_scope;
2439 2439 prop_type = cmd->cmd_prop_name[0];
2440 2440 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
2441 2441 long_usage(CMD_ADD, B_TRUE);
2442 2442 return;
2443 2443 }
2444 2444
2445 2445 if (cmd->cmd_prop_nv_pairs != 1) {
2446 2446 long_usage(CMD_ADD, B_TRUE);
2447 2447 return;
2448 2448 }
2449 2449
2450 2450 if (initialize(B_TRUE) != Z_OK)
2451 2451 return;
2452 2452
2453 2453 switch (res_type) {
2454 2454 case RT_FS:
2455 2455 if (prop_type != PT_OPTIONS) {
2456 2456 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2457 2457 B_TRUE);
2458 2458 long_usage(CMD_ADD, B_TRUE);
2459 2459 usage(B_FALSE, HELP_PROPS);
2460 2460 return;
2461 2461 }
2462 2462 pp = cmd->cmd_property_ptr[0];
2463 2463 if (pp->pv_type != PROP_VAL_SIMPLE &&
2464 2464 pp->pv_type != PROP_VAL_LIST) {
2465 2465 zerr(gettext("A %s or %s value was expected here."),
2466 2466 pvt_to_str(PROP_VAL_SIMPLE),
2467 2467 pvt_to_str(PROP_VAL_LIST));
2468 2468 saw_error = B_TRUE;
2469 2469 return;
2470 2470 }
2471 2471 if (pp->pv_type == PROP_VAL_SIMPLE) {
2472 2472 if (pp->pv_simple == NULL) {
2473 2473 long_usage(CMD_ADD, B_TRUE);
2474 2474 return;
2475 2475 }
2476 2476 prop_id = pp->pv_simple;
2477 2477 err = zonecfg_add_fs_option(&in_progress_fstab,
2478 2478 prop_id);
2479 2479 if (err != Z_OK)
2480 2480 zone_perror(pt_to_str(prop_type), err, B_TRUE);
2481 2481 } else {
2482 2482 list_property_ptr_t list;
2483 2483
2484 2484 for (list = pp->pv_list; list != NULL;
2485 2485 list = list->lp_next) {
2486 2486 prop_id = list->lp_simple;
2487 2487 if (prop_id == NULL)
2488 2488 break;
2489 2489 err = zonecfg_add_fs_option(
2490 2490 &in_progress_fstab, prop_id);
2491 2491 if (err != Z_OK)
2492 2492 zone_perror(pt_to_str(prop_type), err,
2493 2493 B_TRUE);
2494 2494 }
2495 2495 }
2496 2496 return;
2497 2497 case RT_RCTL:
2498 2498 if (prop_type != PT_VALUE) {
2499 2499 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2500 2500 B_TRUE);
2501 2501 long_usage(CMD_ADD, B_TRUE);
2502 2502 usage(B_FALSE, HELP_PROPS);
2503 2503 return;
2504 2504 }
2505 2505 pp = cmd->cmd_property_ptr[0];
2506 2506 if (pp->pv_type != PROP_VAL_COMPLEX &&
2507 2507 pp->pv_type != PROP_VAL_LIST) {
2508 2508 zerr(gettext("A %s or %s value was expected here."),
2509 2509 pvt_to_str(PROP_VAL_COMPLEX),
2510 2510 pvt_to_str(PROP_VAL_LIST));
2511 2511 saw_error = B_TRUE;
2512 2512 return;
2513 2513 }
2514 2514 if (pp->pv_type == PROP_VAL_COMPLEX) {
2515 2515 do_complex_rctl_val(pp->pv_complex);
2516 2516 return;
2517 2517 }
2518 2518 for (l = pp->pv_list; l != NULL; l = l->lp_next)
2519 2519 do_complex_rctl_val(l->lp_complex);
2520 2520 return;
2521 2521 default:
2522 2522 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
2523 2523 long_usage(CMD_ADD, B_TRUE);
2524 2524 usage(B_FALSE, HELP_RESOURCES);
2525 2525 return;
2526 2526 }
2527 2527 }
2528 2528
2529 2529 static boolean_t
2530 2530 gz_invalid_resource(int type)
2531 2531 {
2532 2532 return (global_zone && (type == RT_FS ||
2533 2533 type == RT_NET || type == RT_DEVICE || type == RT_ATTR ||
2534 2534 type == RT_DATASET));
2535 2535 }
2536 2536
2537 2537 static boolean_t
2538 2538 gz_invalid_rt_property(int type)
2539 2539 {
2540 2540 return (global_zone && (type == RT_ZONENAME || type == RT_ZONEPATH ||
2541 2541 type == RT_AUTOBOOT || type == RT_LIMITPRIV ||
2542 2542 type == RT_BOOTARGS || type == RT_BRAND || type == RT_SCHED ||
2543 2543 type == RT_IPTYPE || type == RT_HOSTID || type == RT_FS_ALLOWED));
2544 2544 }
2545 2545
2546 2546 static boolean_t
2547 2547 gz_invalid_property(int type)
2548 2548 {
2549 2549 return (global_zone && (type == PT_ZONENAME || type == PT_ZONEPATH ||
2550 2550 type == PT_AUTOBOOT || type == PT_LIMITPRIV ||
2551 2551 type == PT_BOOTARGS || type == PT_BRAND || type == PT_SCHED ||
2552 2552 type == PT_IPTYPE || type == PT_HOSTID || type == PT_FS_ALLOWED));
2553 2553 }
2554 2554
2555 2555 void
2556 2556 add_func(cmd_t *cmd)
2557 2557 {
2558 2558 int arg;
2559 2559 boolean_t arg_err = B_FALSE;
2560 2560
2561 2561 assert(cmd != NULL);
2562 2562
2563 2563 optind = 0;
2564 2564 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
2565 2565 switch (arg) {
2566 2566 case '?':
2567 2567 longer_usage(CMD_ADD);
2568 2568 arg_err = B_TRUE;
2569 2569 break;
2570 2570 default:
2571 2571 short_usage(CMD_ADD);
2572 2572 arg_err = B_TRUE;
2573 2573 break;
2574 2574 }
2575 2575 }
2576 2576 if (arg_err)
2577 2577 return;
2578 2578
2579 2579 if (optind != cmd->cmd_argc) {
2580 2580 short_usage(CMD_ADD);
2581 2581 return;
2582 2582 }
2583 2583
2584 2584 if (zone_is_read_only(CMD_ADD))
2585 2585 return;
2586 2586
2587 2587 if (initialize(B_TRUE) != Z_OK)
2588 2588 return;
2589 2589 if (global_scope) {
2590 2590 if (gz_invalid_resource(cmd->cmd_res_type)) {
2591 2591 zerr(gettext("Cannot add a %s resource to the "
2592 2592 "global zone."), rt_to_str(cmd->cmd_res_type));
2593 2593 saw_error = B_TRUE;
2594 2594 return;
2595 2595 }
2596 2596
2597 2597 global_scope = B_FALSE;
2598 2598 resource_scope = cmd->cmd_res_type;
2599 2599 end_op = CMD_ADD;
2600 2600 add_resource(cmd);
2601 2601 } else
2602 2602 add_property(cmd);
2603 2603 }
2604 2604
2605 2605 /*
2606 2606 * This routine has an unusual implementation, because it tries very
2607 2607 * hard to succeed in the face of a variety of failure modes.
2608 2608 * The most common and most vexing occurs when the index file and
2609 2609 * the /etc/zones/<zonename.xml> file are not both present. In
2610 2610 * this case, delete must eradicate as much of the zone state as is left
2611 2611 * so that the user can later create a new zone with the same name.
2612 2612 */
2613 2613 void
2614 2614 delete_func(cmd_t *cmd)
2615 2615 {
2616 2616 int err, arg, answer;
2617 2617 char line[ZONENAME_MAX + 128]; /* enough to ask a question */
2618 2618 boolean_t force = B_FALSE;
2619 2619 boolean_t arg_err = B_FALSE;
2620 2620
2621 2621 optind = 0;
2622 2622 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2623 2623 switch (arg) {
2624 2624 case '?':
2625 2625 longer_usage(CMD_DELETE);
2626 2626 arg_err = B_TRUE;
2627 2627 break;
2628 2628 case 'F':
2629 2629 force = B_TRUE;
2630 2630 break;
2631 2631 default:
2632 2632 short_usage(CMD_DELETE);
2633 2633 arg_err = B_TRUE;
2634 2634 break;
2635 2635 }
2636 2636 }
2637 2637 if (arg_err)
2638 2638 return;
2639 2639
2640 2640 if (optind != cmd->cmd_argc) {
2641 2641 short_usage(CMD_DELETE);
2642 2642 return;
2643 2643 }
2644 2644
2645 2645 if (zone_is_read_only(CMD_DELETE))
2646 2646 return;
2647 2647
2648 2648 if (!force) {
2649 2649 /*
2650 2650 * Initialize sets up the global called "handle" and warns the
2651 2651 * user if the zone is not configured. In force mode, we don't
2652 2652 * trust that evaluation, and hence skip it. (We don't need the
2653 2653 * handle to be loaded anyway, since zonecfg_destroy is done by
2654 2654 * zonename). However, we also have to take care to emulate the
2655 2655 * messages spit out by initialize; see below.
2656 2656 */
2657 2657 if (initialize(B_TRUE) != Z_OK)
2658 2658 return;
2659 2659
2660 2660 (void) snprintf(line, sizeof (line),
2661 2661 gettext("Are you sure you want to delete zone %s"), zone);
2662 2662 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
2663 2663 zerr(gettext("Input not from terminal and -F not "
2664 2664 "specified:\n%s command ignored, exiting."),
2665 2665 cmd_to_str(CMD_DELETE));
2666 2666 exit(Z_ERR);
2667 2667 }
2668 2668 if (answer != 1)
2669 2669 return;
2670 2670 }
2671 2671
2672 2672 /*
2673 2673 * This function removes the authorizations from user_attr
2674 2674 * that correspond to those specified in the configuration
2675 2675 */
2676 2676 if (initialize(B_TRUE) == Z_OK) {
2677 2677 (void) zonecfg_deauthorize_users(handle, zone);
2678 2678 }
2679 2679 if ((err = zonecfg_destroy(zone, force)) != Z_OK) {
2680 2680 if ((err == Z_BAD_ZONE_STATE) && !force) {
2681 2681 zerr(gettext("Zone %s not in %s state; %s not "
2682 2682 "allowed. Use -F to force %s."),
2683 2683 zone, zone_state_str(ZONE_STATE_CONFIGURED),
2684 2684 cmd_to_str(CMD_DELETE), cmd_to_str(CMD_DELETE));
2685 2685 } else {
2686 2686 zone_perror(zone, err, B_TRUE);
2687 2687 }
2688 2688 }
2689 2689 need_to_commit = B_FALSE;
2690 2690
2691 2691 /*
2692 2692 * Emulate initialize's messaging; if there wasn't a valid handle to
2693 2693 * begin with, then user had typed delete (or delete -F) multiple
2694 2694 * times. So we emit a message.
2695 2695 *
2696 2696 * We only do this in the 'force' case because normally, initialize()
2697 2697 * takes care of this for us.
2698 2698 */
2699 2699 if (force && zonecfg_check_handle(handle) != Z_OK && interactive_mode)
2700 2700 (void) printf(gettext("Use '%s' to begin "
2701 2701 "configuring a new zone.\n"), cmd_to_str(CMD_CREATE));
2702 2702
2703 2703 /*
2704 2704 * Time for a new handle: finish the old one off first
2705 2705 * then get a new one properly to avoid leaks.
2706 2706 */
2707 2707 if (got_handle) {
2708 2708 zonecfg_fini_handle(handle);
2709 2709 if ((handle = zonecfg_init_handle()) == NULL) {
2710 2710 zone_perror(execname, Z_NOMEM, B_TRUE);
2711 2711 exit(Z_ERR);
2712 2712 }
2713 2713 if ((err = zonecfg_get_handle(zone, handle)) != Z_OK) {
2714 2714 /* If there was no zone before, that's OK */
2715 2715 if (err != Z_NO_ZONE)
2716 2716 zone_perror(zone, err, B_TRUE);
2717 2717 got_handle = B_FALSE;
2718 2718 }
2719 2719 }
2720 2720 }
2721 2721
2722 2722 static int
2723 2723 fill_in_fstab(cmd_t *cmd, struct zone_fstab *fstab, boolean_t fill_in_only)
2724 2724 {
2725 2725 int err, i;
2726 2726 property_value_ptr_t pp;
2727 2727
2728 2728 if ((err = initialize(B_TRUE)) != Z_OK)
2729 2729 return (err);
2730 2730
2731 2731 bzero(fstab, sizeof (*fstab));
2732 2732 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2733 2733 pp = cmd->cmd_property_ptr[i];
2734 2734 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2735 2735 zerr(gettext("A simple value was expected here."));
2736 2736 saw_error = B_TRUE;
2737 2737 return (Z_INSUFFICIENT_SPEC);
2738 2738 }
2739 2739 switch (cmd->cmd_prop_name[i]) {
2740 2740 case PT_DIR:
2741 2741 (void) strlcpy(fstab->zone_fs_dir, pp->pv_simple,
2742 2742 sizeof (fstab->zone_fs_dir));
2743 2743 break;
2744 2744 case PT_SPECIAL:
2745 2745 (void) strlcpy(fstab->zone_fs_special, pp->pv_simple,
2746 2746 sizeof (fstab->zone_fs_special));
2747 2747 break;
2748 2748 case PT_RAW:
2749 2749 (void) strlcpy(fstab->zone_fs_raw, pp->pv_simple,
2750 2750 sizeof (fstab->zone_fs_raw));
2751 2751 break;
2752 2752 case PT_TYPE:
2753 2753 (void) strlcpy(fstab->zone_fs_type, pp->pv_simple,
2754 2754 sizeof (fstab->zone_fs_type));
2755 2755 break;
2756 2756 default:
2757 2757 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2758 2758 Z_NO_PROPERTY_TYPE, B_TRUE);
2759 2759 return (Z_INSUFFICIENT_SPEC);
2760 2760 }
2761 2761 }
2762 2762 if (fill_in_only)
2763 2763 return (Z_OK);
2764 2764 return (zonecfg_lookup_filesystem(handle, fstab));
2765 2765 }
2766 2766
2767 2767 static int
2768 2768 fill_in_nwiftab(cmd_t *cmd, struct zone_nwiftab *nwiftab,
2769 2769 boolean_t fill_in_only)
2770 2770 {
2771 2771 int err, i;
2772 2772 property_value_ptr_t pp;
2773 2773
2774 2774 if ((err = initialize(B_TRUE)) != Z_OK)
2775 2775 return (err);
2776 2776
2777 2777 bzero(nwiftab, sizeof (*nwiftab));
2778 2778 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2779 2779 pp = cmd->cmd_property_ptr[i];
2780 2780 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2781 2781 zerr(gettext("A simple value was expected here."));
2782 2782 saw_error = B_TRUE;
2783 2783 return (Z_INSUFFICIENT_SPEC);
2784 2784 }
2785 2785 switch (cmd->cmd_prop_name[i]) {
2786 2786 case PT_ADDRESS:
2787 2787 (void) strlcpy(nwiftab->zone_nwif_address,
2788 2788 pp->pv_simple, sizeof (nwiftab->zone_nwif_address));
2789 2789 break;
2790 2790 case PT_ALLOWED_ADDRESS:
2791 2791 (void) strlcpy(nwiftab->zone_nwif_allowed_address,
2792 2792 pp->pv_simple,
2793 2793 sizeof (nwiftab->zone_nwif_allowed_address));
2794 2794 break;
2795 2795 case PT_PHYSICAL:
2796 2796 (void) strlcpy(nwiftab->zone_nwif_physical,
2797 2797 pp->pv_simple,
2798 2798 sizeof (nwiftab->zone_nwif_physical));
2799 2799 break;
2800 2800 case PT_DEFROUTER:
2801 2801 (void) strlcpy(nwiftab->zone_nwif_defrouter,
2802 2802 pp->pv_simple,
2803 2803 sizeof (nwiftab->zone_nwif_defrouter));
2804 2804 break;
2805 2805 default:
2806 2806 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2807 2807 Z_NO_PROPERTY_TYPE, B_TRUE);
2808 2808 return (Z_INSUFFICIENT_SPEC);
2809 2809 }
2810 2810 }
2811 2811 if (fill_in_only)
2812 2812 return (Z_OK);
2813 2813 err = zonecfg_lookup_nwif(handle, nwiftab);
2814 2814 return (err);
2815 2815 }
2816 2816
2817 2817 static int
2818 2818 fill_in_devtab(cmd_t *cmd, struct zone_devtab *devtab, boolean_t fill_in_only)
2819 2819 {
2820 2820 int err, i;
2821 2821 property_value_ptr_t pp;
2822 2822
2823 2823 if ((err = initialize(B_TRUE)) != Z_OK)
2824 2824 return (err);
2825 2825
2826 2826 bzero(devtab, sizeof (*devtab));
2827 2827 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2828 2828 pp = cmd->cmd_property_ptr[i];
2829 2829 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2830 2830 zerr(gettext("A simple value was expected here."));
2831 2831 saw_error = B_TRUE;
2832 2832 return (Z_INSUFFICIENT_SPEC);
2833 2833 }
2834 2834 switch (cmd->cmd_prop_name[i]) {
2835 2835 case PT_MATCH:
2836 2836 (void) strlcpy(devtab->zone_dev_match, pp->pv_simple,
2837 2837 sizeof (devtab->zone_dev_match));
2838 2838 break;
2839 2839 default:
2840 2840 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2841 2841 Z_NO_PROPERTY_TYPE, B_TRUE);
2842 2842 return (Z_INSUFFICIENT_SPEC);
2843 2843 }
2844 2844 }
2845 2845 if (fill_in_only)
2846 2846 return (Z_OK);
2847 2847 err = zonecfg_lookup_dev(handle, devtab);
2848 2848 return (err);
2849 2849 }
2850 2850
2851 2851 static int
2852 2852 fill_in_rctltab(cmd_t *cmd, struct zone_rctltab *rctltab,
2853 2853 boolean_t fill_in_only)
2854 2854 {
2855 2855 int err, i;
2856 2856 property_value_ptr_t pp;
2857 2857
2858 2858 if ((err = initialize(B_TRUE)) != Z_OK)
2859 2859 return (err);
2860 2860
2861 2861 bzero(rctltab, sizeof (*rctltab));
2862 2862 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2863 2863 pp = cmd->cmd_property_ptr[i];
2864 2864 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2865 2865 zerr(gettext("A simple value was expected here."));
2866 2866 saw_error = B_TRUE;
2867 2867 return (Z_INSUFFICIENT_SPEC);
2868 2868 }
2869 2869 switch (cmd->cmd_prop_name[i]) {
2870 2870 case PT_NAME:
2871 2871 (void) strlcpy(rctltab->zone_rctl_name, pp->pv_simple,
2872 2872 sizeof (rctltab->zone_rctl_name));
2873 2873 break;
2874 2874 default:
2875 2875 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2876 2876 Z_NO_PROPERTY_TYPE, B_TRUE);
2877 2877 return (Z_INSUFFICIENT_SPEC);
2878 2878 }
2879 2879 }
2880 2880 if (fill_in_only)
2881 2881 return (Z_OK);
2882 2882 err = zonecfg_lookup_rctl(handle, rctltab);
2883 2883 return (err);
2884 2884 }
2885 2885
2886 2886 static int
2887 2887 fill_in_attrtab(cmd_t *cmd, struct zone_attrtab *attrtab,
2888 2888 boolean_t fill_in_only)
2889 2889 {
2890 2890 int err, i;
2891 2891 property_value_ptr_t pp;
2892 2892
2893 2893 if ((err = initialize(B_TRUE)) != Z_OK)
2894 2894 return (err);
2895 2895
2896 2896 bzero(attrtab, sizeof (*attrtab));
2897 2897 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2898 2898 pp = cmd->cmd_property_ptr[i];
2899 2899 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2900 2900 zerr(gettext("A simple value was expected here."));
2901 2901 saw_error = B_TRUE;
2902 2902 return (Z_INSUFFICIENT_SPEC);
2903 2903 }
2904 2904 switch (cmd->cmd_prop_name[i]) {
2905 2905 case PT_NAME:
2906 2906 (void) strlcpy(attrtab->zone_attr_name, pp->pv_simple,
2907 2907 sizeof (attrtab->zone_attr_name));
2908 2908 break;
2909 2909 case PT_TYPE:
2910 2910 (void) strlcpy(attrtab->zone_attr_type, pp->pv_simple,
2911 2911 sizeof (attrtab->zone_attr_type));
2912 2912 break;
2913 2913 case PT_VALUE:
2914 2914 (void) strlcpy(attrtab->zone_attr_value, pp->pv_simple,
2915 2915 sizeof (attrtab->zone_attr_value));
2916 2916 break;
2917 2917 default:
2918 2918 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2919 2919 Z_NO_PROPERTY_TYPE, B_TRUE);
2920 2920 return (Z_INSUFFICIENT_SPEC);
2921 2921 }
2922 2922 }
2923 2923 if (fill_in_only)
2924 2924 return (Z_OK);
2925 2925 err = zonecfg_lookup_attr(handle, attrtab);
2926 2926 return (err);
2927 2927 }
2928 2928
2929 2929 static int
2930 2930 fill_in_dstab(cmd_t *cmd, struct zone_dstab *dstab, boolean_t fill_in_only)
2931 2931 {
2932 2932 int err, i;
2933 2933 property_value_ptr_t pp;
2934 2934
2935 2935 if ((err = initialize(B_TRUE)) != Z_OK)
2936 2936 return (err);
2937 2937
2938 2938 dstab->zone_dataset_name[0] = '\0';
2939 2939 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2940 2940 pp = cmd->cmd_property_ptr[i];
2941 2941 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2942 2942 zerr(gettext("A simple value was expected here."));
2943 2943 saw_error = B_TRUE;
2944 2944 return (Z_INSUFFICIENT_SPEC);
2945 2945 }
2946 2946 switch (cmd->cmd_prop_name[i]) {
2947 2947 case PT_NAME:
2948 2948 (void) strlcpy(dstab->zone_dataset_name, pp->pv_simple,
2949 2949 sizeof (dstab->zone_dataset_name));
2950 2950 break;
2951 2951 default:
2952 2952 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2953 2953 Z_NO_PROPERTY_TYPE, B_TRUE);
2954 2954 return (Z_INSUFFICIENT_SPEC);
2955 2955 }
2956 2956 }
2957 2957 if (fill_in_only)
2958 2958 return (Z_OK);
2959 2959 return (zonecfg_lookup_ds(handle, dstab));
2960 2960 }
2961 2961
2962 2962 static int
2963 2963 fill_in_admintab(cmd_t *cmd, struct zone_admintab *admintab,
2964 2964 boolean_t fill_in_only)
2965 2965 {
2966 2966 int err, i;
2967 2967 property_value_ptr_t pp;
2968 2968
2969 2969 if ((err = initialize(B_TRUE)) != Z_OK)
2970 2970 return (err);
2971 2971
2972 2972 bzero(admintab, sizeof (*admintab));
2973 2973 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2974 2974 pp = cmd->cmd_property_ptr[i];
2975 2975 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2976 2976 zerr(gettext("A simple value was expected here."));
2977 2977 saw_error = B_TRUE;
2978 2978 return (Z_INSUFFICIENT_SPEC);
2979 2979 }
2980 2980 switch (cmd->cmd_prop_name[i]) {
2981 2981 case PT_USER:
2982 2982 (void) strlcpy(admintab->zone_admin_user, pp->pv_simple,
2983 2983 sizeof (admintab->zone_admin_user));
2984 2984 break;
2985 2985 case PT_AUTHS:
2986 2986 (void) strlcpy(admintab->zone_admin_auths,
2987 2987 pp->pv_simple, sizeof (admintab->zone_admin_auths));
2988 2988 break;
2989 2989 default:
2990 2990 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2991 2991 Z_NO_PROPERTY_TYPE, B_TRUE);
2992 2992 return (Z_INSUFFICIENT_SPEC);
2993 2993 }
2994 2994 }
2995 2995 if (fill_in_only)
2996 2996 return (Z_OK);
2997 2997 err = zonecfg_lookup_admin(handle, admintab);
2998 2998 return (err);
2999 2999 }
3000 3000
3001 3001 static int
3002 3002 fill_in_secflagstab(cmd_t *cmd, struct zone_secflagstab *secflagstab,
3003 3003 boolean_t fill_in_only)
3004 3004 {
3005 3005 int err, i;
3006 3006 property_value_ptr_t pp;
3007 3007
3008 3008 if ((err = initialize(B_TRUE)) != Z_OK)
3009 3009 return (err);
3010 3010
3011 3011 bzero(secflagstab, sizeof (*secflagstab));
3012 3012 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
3013 3013 pp = cmd->cmd_property_ptr[i];
3014 3014 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
3015 3015 zerr(gettext("A simple value was expected here."));
3016 3016 saw_error = B_TRUE;
3017 3017 return (Z_INSUFFICIENT_SPEC);
3018 3018 }
3019 3019 switch (cmd->cmd_prop_name[i]) {
3020 3020 case PT_DEFAULT:
3021 3021 (void) strlcpy(secflagstab->zone_secflags_default,
3022 3022 pp->pv_simple,
3023 3023 sizeof (secflagstab->zone_secflags_default));
3024 3024 break;
3025 3025 case PT_LOWER:
3026 3026 (void) strlcpy(secflagstab->zone_secflags_lower,
3027 3027 pp->pv_simple,
3028 3028 sizeof (secflagstab->zone_secflags_lower));
3029 3029 break;
3030 3030 case PT_UPPER:
3031 3031 (void) strlcpy(secflagstab->zone_secflags_upper,
3032 3032 pp->pv_simple,
3033 3033 sizeof (secflagstab->zone_secflags_upper));
3034 3034 break;
3035 3035 default:
3036 3036 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
3037 3037 Z_NO_PROPERTY_TYPE, B_TRUE);
3038 3038 return (Z_INSUFFICIENT_SPEC);
3039 3039 }
3040 3040 }
3041 3041 if (fill_in_only)
3042 3042 return (Z_OK);
3043 3043
3044 3044 err = zonecfg_lookup_secflags(handle, secflagstab);
3045 3045
3046 3046 return (err);
3047 3047 }
3048 3048
3049 3049 static void
3050 3050 remove_aliased_rctl(int type, char *name)
3051 3051 {
3052 3052 int err;
3053 3053 uint64_t tmp;
3054 3054
3055 3055 if ((err = zonecfg_get_aliased_rctl(handle, name, &tmp)) != Z_OK) {
3056 3056 zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
3057 3057 zonecfg_strerror(err));
3058 3058 saw_error = B_TRUE;
3059 3059 return;
3060 3060 }
3061 3061 if ((err = zonecfg_rm_aliased_rctl(handle, name)) != Z_OK) {
3062 3062 zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
3063 3063 zonecfg_strerror(err));
3064 3064 saw_error = B_TRUE;
3065 3065 } else {
3066 3066 need_to_commit = B_TRUE;
3067 3067 }
3068 3068 }
3069 3069
3070 3070 static boolean_t
3071 3071 prompt_remove_resource(cmd_t *cmd, char *rsrc)
3072 3072 {
3073 3073 int num;
3074 3074 int answer;
3075 3075 int arg;
3076 3076 boolean_t force = B_FALSE;
3077 3077 char prompt[128];
3078 3078 boolean_t arg_err = B_FALSE;
3079 3079
3080 3080 optind = 0;
3081 3081 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
3082 3082 switch (arg) {
3083 3083 case 'F':
3084 3084 force = B_TRUE;
3085 3085 break;
3086 3086 default:
3087 3087 arg_err = B_TRUE;
3088 3088 break;
3089 3089 }
3090 3090 }
3091 3091 if (arg_err)
3092 3092 return (B_FALSE);
3093 3093
3094 3094
3095 3095 num = zonecfg_num_resources(handle, rsrc);
3096 3096
3097 3097 if (num == 0) {
3098 3098 z_cmd_rt_perror(CMD_REMOVE, cmd->cmd_res_type, Z_NO_ENTRY,
3099 3099 B_TRUE);
3100 3100 return (B_FALSE);
3101 3101 }
3102 3102 if (num > 1 && !force) {
3103 3103 if (!interactive_mode) {
3104 3104 zerr(gettext("There are multiple instances of this "
3105 3105 "resource. Either qualify the resource to\n"
3106 3106 "remove a single instance or use the -F option to "
3107 3107 "remove all instances."));
3108 3108 saw_error = B_TRUE;
3109 3109 return (B_FALSE);
3110 3110 }
3111 3111 (void) snprintf(prompt, sizeof (prompt), gettext(
3112 3112 "Are you sure you want to remove ALL '%s' resources"),
3113 3113 rsrc);
3114 3114 answer = ask_yesno(B_FALSE, prompt);
3115 3115 if (answer == -1) {
3116 3116 zerr(gettext("Resource incomplete."));
3117 3117 return (B_FALSE);
3118 3118 }
3119 3119 if (answer != 1)
3120 3120 return (B_FALSE);
3121 3121 }
3122 3122 return (B_TRUE);
3123 3123 }
3124 3124
3125 3125 static void
3126 3126 remove_fs(cmd_t *cmd)
3127 3127 {
3128 3128 int err;
3129 3129
3130 3130 /* traditional, qualified fs removal */
3131 3131 if (cmd->cmd_prop_nv_pairs > 0) {
3132 3132 struct zone_fstab fstab;
3133 3133
3134 3134 if ((err = fill_in_fstab(cmd, &fstab, B_FALSE)) != Z_OK) {
3135 3135 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3136 3136 return;
3137 3137 }
3138 3138 if ((err = zonecfg_delete_filesystem(handle, &fstab)) != Z_OK)
3139 3139 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3140 3140 else
3141 3141 need_to_commit = B_TRUE;
3142 3142 zonecfg_free_fs_option_list(fstab.zone_fs_options);
3143 3143 return;
3144 3144 }
3145 3145
3146 3146 /*
3147 3147 * unqualified fs removal. remove all fs's but prompt if more
3148 3148 * than one.
3149 3149 */
3150 3150 if (!prompt_remove_resource(cmd, "fs"))
3151 3151 return;
3152 3152
3153 3153 if ((err = zonecfg_del_all_resources(handle, "fs")) != Z_OK)
3154 3154 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3155 3155 else
3156 3156 need_to_commit = B_TRUE;
3157 3157 }
3158 3158
3159 3159 static void
3160 3160 remove_net(cmd_t *cmd)
3161 3161 {
3162 3162 int err;
3163 3163
3164 3164 /* traditional, qualified net removal */
3165 3165 if (cmd->cmd_prop_nv_pairs > 0) {
3166 3166 struct zone_nwiftab nwiftab;
3167 3167
3168 3168 if ((err = fill_in_nwiftab(cmd, &nwiftab, B_FALSE)) != Z_OK) {
3169 3169 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3170 3170 return;
3171 3171 }
3172 3172 if ((err = zonecfg_delete_nwif(handle, &nwiftab)) != Z_OK)
3173 3173 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3174 3174 else
3175 3175 need_to_commit = B_TRUE;
3176 3176 return;
3177 3177 }
3178 3178
3179 3179 /*
3180 3180 * unqualified net removal. remove all nets but prompt if more
3181 3181 * than one.
3182 3182 */
3183 3183 if (!prompt_remove_resource(cmd, "net"))
3184 3184 return;
3185 3185
3186 3186 if ((err = zonecfg_del_all_resources(handle, "net")) != Z_OK)
3187 3187 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3188 3188 else
3189 3189 need_to_commit = B_TRUE;
3190 3190 }
3191 3191
3192 3192 static void
3193 3193 remove_device(cmd_t *cmd)
3194 3194 {
3195 3195 int err;
3196 3196
3197 3197 /* traditional, qualified device removal */
3198 3198 if (cmd->cmd_prop_nv_pairs > 0) {
3199 3199 struct zone_devtab devtab;
3200 3200
3201 3201 if ((err = fill_in_devtab(cmd, &devtab, B_FALSE)) != Z_OK) {
3202 3202 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3203 3203 return;
3204 3204 }
3205 3205 if ((err = zonecfg_delete_dev(handle, &devtab)) != Z_OK)
3206 3206 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3207 3207 else
3208 3208 need_to_commit = B_TRUE;
3209 3209 return;
3210 3210 }
3211 3211
3212 3212 /*
3213 3213 * unqualified device removal. remove all devices but prompt if more
3214 3214 * than one.
3215 3215 */
3216 3216 if (!prompt_remove_resource(cmd, "device"))
3217 3217 return;
3218 3218
3219 3219 if ((err = zonecfg_del_all_resources(handle, "device")) != Z_OK)
3220 3220 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3221 3221 else
3222 3222 need_to_commit = B_TRUE;
3223 3223 }
3224 3224
3225 3225 static void
3226 3226 remove_attr(cmd_t *cmd)
3227 3227 {
3228 3228 int err;
3229 3229
3230 3230 /* traditional, qualified attr removal */
3231 3231 if (cmd->cmd_prop_nv_pairs > 0) {
3232 3232 struct zone_attrtab attrtab;
3233 3233
3234 3234 if ((err = fill_in_attrtab(cmd, &attrtab, B_FALSE)) != Z_OK) {
3235 3235 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3236 3236 return;
3237 3237 }
3238 3238 if ((err = zonecfg_delete_attr(handle, &attrtab)) != Z_OK)
3239 3239 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3240 3240 else
3241 3241 need_to_commit = B_TRUE;
3242 3242 return;
3243 3243 }
3244 3244
3245 3245 /*
3246 3246 * unqualified attr removal. remove all attrs but prompt if more
3247 3247 * than one.
3248 3248 */
3249 3249 if (!prompt_remove_resource(cmd, "attr"))
3250 3250 return;
3251 3251
3252 3252 if ((err = zonecfg_del_all_resources(handle, "attr")) != Z_OK)
3253 3253 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3254 3254 else
3255 3255 need_to_commit = B_TRUE;
3256 3256 }
3257 3257
3258 3258 static void
3259 3259 remove_dataset(cmd_t *cmd)
3260 3260 {
3261 3261 int err;
3262 3262
3263 3263 /* traditional, qualified dataset removal */
3264 3264 if (cmd->cmd_prop_nv_pairs > 0) {
3265 3265 struct zone_dstab dstab;
3266 3266
3267 3267 if ((err = fill_in_dstab(cmd, &dstab, B_FALSE)) != Z_OK) {
3268 3268 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3269 3269 return;
3270 3270 }
3271 3271 if ((err = zonecfg_delete_ds(handle, &dstab)) != Z_OK)
3272 3272 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3273 3273 else
3274 3274 need_to_commit = B_TRUE;
3275 3275 return;
3276 3276 }
3277 3277
3278 3278 /*
3279 3279 * unqualified dataset removal. remove all datasets but prompt if more
3280 3280 * than one.
3281 3281 */
3282 3282 if (!prompt_remove_resource(cmd, "dataset"))
3283 3283 return;
3284 3284
3285 3285 if ((err = zonecfg_del_all_resources(handle, "dataset")) != Z_OK)
3286 3286 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3287 3287 else
3288 3288 need_to_commit = B_TRUE;
3289 3289 }
3290 3290
3291 3291 static void
3292 3292 remove_rctl(cmd_t *cmd)
3293 3293 {
3294 3294 int err;
3295 3295
3296 3296 /* traditional, qualified rctl removal */
3297 3297 if (cmd->cmd_prop_nv_pairs > 0) {
3298 3298 struct zone_rctltab rctltab;
3299 3299
3300 3300 if ((err = fill_in_rctltab(cmd, &rctltab, B_FALSE)) != Z_OK) {
3301 3301 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3302 3302 return;
3303 3303 }
3304 3304 if ((err = zonecfg_delete_rctl(handle, &rctltab)) != Z_OK)
3305 3305 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3306 3306 else
3307 3307 need_to_commit = B_TRUE;
3308 3308 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3309 3309 return;
3310 3310 }
3311 3311
3312 3312 /*
3313 3313 * unqualified rctl removal. remove all rctls but prompt if more
3314 3314 * than one.
3315 3315 */
3316 3316 if (!prompt_remove_resource(cmd, "rctl"))
3317 3317 return;
3318 3318
3319 3319 if ((err = zonecfg_del_all_resources(handle, "rctl")) != Z_OK)
3320 3320 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3321 3321 else
3322 3322 need_to_commit = B_TRUE;
3323 3323 }
3324 3324
3325 3325 static void
3326 3326 remove_pset()
3327 3327 {
3328 3328 int err;
3329 3329 struct zone_psettab psettab;
3330 3330
3331 3331 if ((err = zonecfg_lookup_pset(handle, &psettab)) != Z_OK) {
3332 3332 z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3333 3333 return;
3334 3334 }
3335 3335 if ((err = zonecfg_delete_pset(handle)) != Z_OK)
3336 3336 z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3337 3337 else
3338 3338 need_to_commit = B_TRUE;
3339 3339 }
3340 3340
3341 3341 static void
3342 3342 remove_pcap()
3343 3343 {
3344 3344 int err;
3345 3345 uint64_t tmp;
3346 3346
3347 3347 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) != Z_OK) {
3348 3348 zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_PCAP),
3349 3349 zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3350 3350 saw_error = B_TRUE;
3351 3351 return;
3352 3352 }
3353 3353
3354 3354 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_CPUCAP)) != Z_OK)
3355 3355 z_cmd_rt_perror(CMD_REMOVE, RT_PCAP, err, B_TRUE);
3356 3356 else
3357 3357 need_to_commit = B_TRUE;
3358 3358 }
3359 3359
3360 3360 static void
3361 3361 remove_mcap()
3362 3362 {
3363 3363 int err, res1, res2, res3;
3364 3364 uint64_t tmp;
3365 3365 struct zone_mcaptab mcaptab;
3366 3366 boolean_t revert = B_FALSE;
3367 3367
3368 3368 res1 = zonecfg_lookup_mcap(handle, &mcaptab);
3369 3369 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp);
3370 3370 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &tmp);
3371 3371
3372 3372 /* if none of these exist, there is no resource to remove */
3373 3373 if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
3374 3374 zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_MCAP),
3375 3375 zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3376 3376 saw_error = B_TRUE;
3377 3377 return;
3378 3378 }
3379 3379 if (res1 == Z_OK) {
3380 3380 if ((err = zonecfg_delete_mcap(handle)) != Z_OK) {
3381 3381 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3382 3382 revert = B_TRUE;
3383 3383 } else {
3384 3384 need_to_commit = B_TRUE;
3385 3385 }
3386 3386 }
3387 3387 if (res2 == Z_OK) {
3388 3388 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXSWAP))
3389 3389 != Z_OK) {
3390 3390 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3391 3391 revert = B_TRUE;
3392 3392 } else {
3393 3393 need_to_commit = B_TRUE;
3394 3394 }
3395 3395 }
3396 3396 if (res3 == Z_OK) {
3397 3397 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM))
3398 3398 != Z_OK) {
3399 3399 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3400 3400 revert = B_TRUE;
3401 3401 } else {
3402 3402 need_to_commit = B_TRUE;
3403 3403 }
3404 3404 }
3405 3405
3406 3406 if (revert)
3407 3407 need_to_commit = B_FALSE;
3408 3408 }
3409 3409
3410 3410 static void
3411 3411 remove_admin(cmd_t *cmd)
3412 3412 {
3413 3413 int err;
3414 3414
3415 3415 /* traditional, qualified attr removal */
3416 3416 if (cmd->cmd_prop_nv_pairs > 0) {
3417 3417 struct zone_admintab admintab;
3418 3418
3419 3419 if ((err = fill_in_admintab(cmd, &admintab, B_FALSE)) != Z_OK) {
3420 3420 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3421 3421 err, B_TRUE);
3422 3422 return;
3423 3423 }
3424 3424 if ((err = zonecfg_delete_admin(handle, &admintab,
3425 3425 zone))
3426 3426 != Z_OK)
3427 3427 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3428 3428 err, B_TRUE);
3429 3429 else
3430 3430 need_to_commit = B_TRUE;
3431 3431 return;
3432 3432 } else {
3433 3433 /*
3434 3434 * unqualified admin removal.
3435 3435 * remove all admins but prompt if more
3436 3436 * than one.
3437 3437 */
3438 3438 if (!prompt_remove_resource(cmd, "admin"))
3439 3439 return;
3440 3440
3441 3441 if ((err = zonecfg_delete_admins(handle, zone))
3442 3442 != Z_OK)
3443 3443 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3444 3444 err, B_TRUE);
3445 3445 else
3446 3446 need_to_commit = B_TRUE;
3447 3447 }
3448 3448 }
3449 3449
3450 3450 static void
3451 3451 remove_secflags()
3452 3452 {
3453 3453 int err;
3454 3454 struct zone_secflagstab sectab = { 0 };
3455 3455
3456 3456 if (zonecfg_lookup_secflags(handle, §ab) != Z_OK) {
3457 3457 zerr("%s %s: %s", cmd_to_str(CMD_REMOVE),
3458 3458 rt_to_str(RT_SECFLAGS),
3459 3459 zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3460 3460 return;
3461 3461 }
3462 3462
3463 3463 if ((err = zonecfg_delete_secflags(handle, §ab)) != Z_OK) {
3464 3464 z_cmd_rt_perror(CMD_REMOVE, RT_SECFLAGS, err, B_TRUE);
3465 3465 return;
3466 3466 }
3467 3467
3468 3468 need_to_commit = B_TRUE;
3469 3469 }
3470 3470
3471 3471 static void
3472 3472 remove_resource(cmd_t *cmd)
3473 3473 {
3474 3474 int type;
3475 3475 int arg;
3476 3476 boolean_t arg_err = B_FALSE;
3477 3477
3478 3478 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3479 3479 long_usage(CMD_REMOVE, B_TRUE);
3480 3480 return;
3481 3481 }
3482 3482
3483 3483 optind = 0;
3484 3484 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
3485 3485 switch (arg) {
3486 3486 case '?':
3487 3487 longer_usage(CMD_REMOVE);
3488 3488 arg_err = B_TRUE;
3489 3489 break;
3490 3490 case 'F':
3491 3491 break;
3492 3492 default:
3493 3493 short_usage(CMD_REMOVE);
3494 3494 arg_err = B_TRUE;
3495 3495 break;
3496 3496 }
3497 3497 }
3498 3498 if (arg_err)
3499 3499 return;
3500 3500
3501 3501 if (initialize(B_TRUE) != Z_OK)
3502 3502 return;
3503 3503
3504 3504 switch (type) {
3505 3505 case RT_FS:
3506 3506 remove_fs(cmd);
3507 3507 return;
3508 3508 case RT_NET:
3509 3509 remove_net(cmd);
3510 3510 return;
3511 3511 case RT_DEVICE:
3512 3512 remove_device(cmd);
3513 3513 return;
3514 3514 case RT_RCTL:
3515 3515 remove_rctl(cmd);
3516 3516 return;
3517 3517 case RT_ATTR:
3518 3518 remove_attr(cmd);
3519 3519 return;
3520 3520 case RT_DATASET:
3521 3521 remove_dataset(cmd);
3522 3522 return;
3523 3523 case RT_DCPU:
3524 3524 remove_pset();
3525 3525 return;
3526 3526 case RT_PCAP:
3527 3527 remove_pcap();
3528 3528 return;
3529 3529 case RT_MCAP:
3530 3530 remove_mcap();
3531 3531 return;
3532 3532 case RT_ADMIN:
3533 3533 remove_admin(cmd);
3534 3534 return;
3535 3535 case RT_SECFLAGS:
3536 3536 remove_secflags();
3537 3537 return;
3538 3538 default:
3539 3539 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3540 3540 long_usage(CMD_REMOVE, B_TRUE);
3541 3541 usage(B_FALSE, HELP_RESOURCES);
3542 3542 return;
3543 3543 }
3544 3544 }
3545 3545
3546 3546 static void
3547 3547 remove_property(cmd_t *cmd)
3548 3548 {
3549 3549 char *prop_id;
3550 3550 int err, res_type, prop_type;
3551 3551 property_value_ptr_t pp;
3552 3552 struct zone_rctlvaltab *rctlvaltab;
3553 3553 complex_property_ptr_t cx;
3554 3554
3555 3555 res_type = resource_scope;
3556 3556 prop_type = cmd->cmd_prop_name[0];
3557 3557 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3558 3558 long_usage(CMD_REMOVE, B_TRUE);
3559 3559 return;
3560 3560 }
3561 3561
3562 3562 if (cmd->cmd_prop_nv_pairs != 1) {
3563 3563 long_usage(CMD_ADD, B_TRUE);
3564 3564 return;
3565 3565 }
3566 3566
3567 3567 if (initialize(B_TRUE) != Z_OK)
3568 3568 return;
3569 3569
3570 3570 switch (res_type) {
3571 3571 case RT_FS:
3572 3572 if (prop_type != PT_OPTIONS) {
3573 3573 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3574 3574 B_TRUE);
3575 3575 long_usage(CMD_REMOVE, B_TRUE);
3576 3576 usage(B_FALSE, HELP_PROPS);
3577 3577 return;
3578 3578 }
3579 3579 pp = cmd->cmd_property_ptr[0];
3580 3580 if (pp->pv_type == PROP_VAL_COMPLEX) {
3581 3581 zerr(gettext("A %s or %s value was expected here."),
3582 3582 pvt_to_str(PROP_VAL_SIMPLE),
3583 3583 pvt_to_str(PROP_VAL_LIST));
3584 3584 saw_error = B_TRUE;
3585 3585 return;
3586 3586 }
3587 3587 if (pp->pv_type == PROP_VAL_SIMPLE) {
3588 3588 if (pp->pv_simple == NULL) {
3589 3589 long_usage(CMD_ADD, B_TRUE);
3590 3590 return;
3591 3591 }
3592 3592 prop_id = pp->pv_simple;
3593 3593 err = zonecfg_remove_fs_option(&in_progress_fstab,
3594 3594 prop_id);
3595 3595 if (err != Z_OK)
3596 3596 zone_perror(pt_to_str(prop_type), err, B_TRUE);
3597 3597 } else {
3598 3598 list_property_ptr_t list;
3599 3599
3600 3600 for (list = pp->pv_list; list != NULL;
3601 3601 list = list->lp_next) {
3602 3602 prop_id = list->lp_simple;
3603 3603 if (prop_id == NULL)
3604 3604 break;
3605 3605 err = zonecfg_remove_fs_option(
3606 3606 &in_progress_fstab, prop_id);
3607 3607 if (err != Z_OK)
3608 3608 zone_perror(pt_to_str(prop_type), err,
3609 3609 B_TRUE);
3610 3610 }
3611 3611 }
3612 3612 return;
3613 3613 case RT_RCTL:
3614 3614 if (prop_type != PT_VALUE) {
3615 3615 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3616 3616 B_TRUE);
3617 3617 long_usage(CMD_REMOVE, B_TRUE);
3618 3618 usage(B_FALSE, HELP_PROPS);
3619 3619 return;
3620 3620 }
3621 3621 pp = cmd->cmd_property_ptr[0];
3622 3622 if (pp->pv_type != PROP_VAL_COMPLEX) {
3623 3623 zerr(gettext("A %s value was expected here."),
3624 3624 pvt_to_str(PROP_VAL_COMPLEX));
3625 3625 saw_error = B_TRUE;
3626 3626 return;
3627 3627 }
3628 3628 if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
3629 3629 zone_perror(zone, Z_NOMEM, B_TRUE);
3630 3630 exit(Z_ERR);
3631 3631 }
3632 3632 for (cx = pp->pv_complex; cx != NULL; cx = cx->cp_next) {
3633 3633 switch (cx->cp_type) {
3634 3634 case PT_PRIV:
3635 3635 (void) strlcpy(rctlvaltab->zone_rctlval_priv,
3636 3636 cx->cp_value,
3637 3637 sizeof (rctlvaltab->zone_rctlval_priv));
3638 3638 break;
3639 3639 case PT_LIMIT:
3640 3640 (void) strlcpy(rctlvaltab->zone_rctlval_limit,
3641 3641 cx->cp_value,
3642 3642 sizeof (rctlvaltab->zone_rctlval_limit));
3643 3643 break;
3644 3644 case PT_ACTION:
3645 3645 (void) strlcpy(rctlvaltab->zone_rctlval_action,
3646 3646 cx->cp_value,
3647 3647 sizeof (rctlvaltab->zone_rctlval_action));
3648 3648 break;
3649 3649 default:
3650 3650 zone_perror(pt_to_str(prop_type),
3651 3651 Z_NO_PROPERTY_TYPE, B_TRUE);
3652 3652 long_usage(CMD_ADD, B_TRUE);
3653 3653 usage(B_FALSE, HELP_PROPS);
3654 3654 zonecfg_free_rctl_value_list(rctlvaltab);
3655 3655 return;
3656 3656 }
3657 3657 }
3658 3658 rctlvaltab->zone_rctlval_next = NULL;
3659 3659 err = zonecfg_remove_rctl_value(&in_progress_rctltab,
3660 3660 rctlvaltab);
3661 3661 if (err != Z_OK)
3662 3662 zone_perror(pt_to_str(prop_type), err, B_TRUE);
3663 3663 zonecfg_free_rctl_value_list(rctlvaltab);
3664 3664 return;
3665 3665 case RT_NET:
3666 3666 if (prop_type != PT_DEFROUTER) {
3667 3667 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3668 3668 B_TRUE);
3669 3669 long_usage(CMD_REMOVE, B_TRUE);
3670 3670 usage(B_FALSE, HELP_PROPS);
3671 3671 return;
3672 3672 } else {
3673 3673 bzero(&in_progress_nwiftab.zone_nwif_defrouter,
3674 3674 sizeof (in_progress_nwiftab.zone_nwif_defrouter));
3675 3675 return;
3676 3676 }
3677 3677 default:
3678 3678 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
3679 3679 long_usage(CMD_REMOVE, B_TRUE);
3680 3680 usage(B_FALSE, HELP_RESOURCES);
3681 3681 return;
3682 3682 }
3683 3683 }
3684 3684
3685 3685 void
3686 3686 remove_func(cmd_t *cmd)
3687 3687 {
3688 3688 if (zone_is_read_only(CMD_REMOVE))
3689 3689 return;
3690 3690
3691 3691 assert(cmd != NULL);
3692 3692
3693 3693 if (global_scope) {
3694 3694 if (gz_invalid_resource(cmd->cmd_res_type)) {
3695 3695 zerr(gettext("%s is not a valid resource for the "
3696 3696 "global zone."), rt_to_str(cmd->cmd_res_type));
3697 3697 saw_error = B_TRUE;
3698 3698 return;
3699 3699 }
3700 3700 remove_resource(cmd);
3701 3701 } else {
3702 3702 remove_property(cmd);
3703 3703 }
3704 3704 }
3705 3705
3706 3706 static void
3707 3707 clear_property(cmd_t *cmd)
3708 3708 {
3709 3709 int res_type, prop_type;
3710 3710
3711 3711 res_type = resource_scope;
3712 3712 prop_type = cmd->cmd_res_type;
3713 3713 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3714 3714 long_usage(CMD_CLEAR, B_TRUE);
3715 3715 return;
3716 3716 }
3717 3717
3718 3718 if (initialize(B_TRUE) != Z_OK)
3719 3719 return;
3720 3720
3721 3721 switch (res_type) {
3722 3722 case RT_FS:
3723 3723 if (prop_type == PT_RAW) {
3724 3724 in_progress_fstab.zone_fs_raw[0] = '\0';
3725 3725 need_to_commit = B_TRUE;
3726 3726 return;
3727 3727 }
3728 3728 break;
3729 3729 case RT_DCPU:
3730 3730 if (prop_type == PT_IMPORTANCE) {
3731 3731 in_progress_psettab.zone_importance[0] = '\0';
3732 3732 need_to_commit = B_TRUE;
3733 3733 return;
3734 3734 }
3735 3735 break;
3736 3736 case RT_MCAP:
3737 3737 switch (prop_type) {
3738 3738 case PT_PHYSICAL:
3739 3739 in_progress_mcaptab.zone_physmem_cap[0] = '\0';
3740 3740 need_to_commit = B_TRUE;
3741 3741 return;
3742 3742 case PT_SWAP:
3743 3743 remove_aliased_rctl(PT_SWAP, ALIAS_MAXSWAP);
3744 3744 return;
3745 3745 case PT_LOCKED:
3746 3746 remove_aliased_rctl(PT_LOCKED, ALIAS_MAXLOCKEDMEM);
3747 3747 return;
3748 3748 }
3749 3749 break;
3750 3750 case RT_SECFLAGS:
3751 3751 switch (prop_type) {
3752 3752 case PT_LOWER:
3753 3753 in_progress_secflagstab.zone_secflags_lower[0] = '\0';
3754 3754 need_to_commit = B_TRUE;
3755 3755 return;
3756 3756 case PT_DEFAULT:
3757 3757 in_progress_secflagstab.zone_secflags_default[0] = '\0';
3758 3758 need_to_commit = B_TRUE;
3759 3759 return;
3760 3760 case PT_UPPER:
3761 3761 in_progress_secflagstab.zone_secflags_upper[0] = '\0';
3762 3762 need_to_commit = B_TRUE;
3763 3763 return;
3764 3764 }
3765 3765 break;
3766 3766 default:
3767 3767 break;
3768 3768 }
3769 3769
3770 3770 zone_perror(pt_to_str(prop_type), Z_CLEAR_DISALLOW, B_TRUE);
3771 3771 }
3772 3772
3773 3773 static void
3774 3774 clear_global(cmd_t *cmd)
3775 3775 {
3776 3776 int err, type;
3777 3777
3778 3778 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3779 3779 long_usage(CMD_CLEAR, B_TRUE);
3780 3780 return;
3781 3781 }
3782 3782
3783 3783 if (initialize(B_TRUE) != Z_OK)
3784 3784 return;
3785 3785
3786 3786 switch (type) {
3787 3787 case PT_ZONENAME:
3788 3788 /* FALLTHRU */
3789 3789 case PT_ZONEPATH:
3790 3790 /* FALLTHRU */
3791 3791 case PT_BRAND:
3792 3792 zone_perror(pt_to_str(type), Z_CLEAR_DISALLOW, B_TRUE);
3793 3793 return;
3794 3794 case PT_AUTOBOOT:
3795 3795 /* false is default; we'll treat as equivalent to clearing */
3796 3796 if ((err = zonecfg_set_autoboot(handle, B_FALSE)) != Z_OK)
3797 3797 z_cmd_rt_perror(CMD_CLEAR, RT_AUTOBOOT, err, B_TRUE);
3798 3798 else
3799 3799 need_to_commit = B_TRUE;
3800 3800 return;
3801 3801 case PT_POOL:
3802 3802 if ((err = zonecfg_set_pool(handle, NULL)) != Z_OK)
3803 3803 z_cmd_rt_perror(CMD_CLEAR, RT_POOL, err, B_TRUE);
3804 3804 else
3805 3805 need_to_commit = B_TRUE;
3806 3806 return;
3807 3807 case PT_LIMITPRIV:
3808 3808 if ((err = zonecfg_set_limitpriv(handle, NULL)) != Z_OK)
3809 3809 z_cmd_rt_perror(CMD_CLEAR, RT_LIMITPRIV, err, B_TRUE);
3810 3810 else
3811 3811 need_to_commit = B_TRUE;
3812 3812 return;
3813 3813 case PT_BOOTARGS:
3814 3814 if ((err = zonecfg_set_bootargs(handle, NULL)) != Z_OK)
3815 3815 z_cmd_rt_perror(CMD_CLEAR, RT_BOOTARGS, err, B_TRUE);
3816 3816 else
3817 3817 need_to_commit = B_TRUE;
3818 3818 return;
3819 3819 case PT_SCHED:
3820 3820 if ((err = zonecfg_set_sched(handle, NULL)) != Z_OK)
3821 3821 z_cmd_rt_perror(CMD_CLEAR, RT_SCHED, err, B_TRUE);
3822 3822 else
3823 3823 need_to_commit = B_TRUE;
3824 3824 return;
3825 3825 case PT_IPTYPE:
3826 3826 /* shared is default; we'll treat as equivalent to clearing */
3827 3827 if ((err = zonecfg_set_iptype(handle, ZS_SHARED)) != Z_OK)
3828 3828 z_cmd_rt_perror(CMD_CLEAR, RT_IPTYPE, err, B_TRUE);
3829 3829 else
3830 3830 need_to_commit = B_TRUE;
3831 3831 return;
3832 3832 case PT_MAXLWPS:
3833 3833 remove_aliased_rctl(PT_MAXLWPS, ALIAS_MAXLWPS);
3834 3834 return;
3835 3835 case PT_MAXPROCS:
3836 3836 remove_aliased_rctl(PT_MAXPROCS, ALIAS_MAXPROCS);
3837 3837 return;
3838 3838 case PT_MAXSHMMEM:
3839 3839 remove_aliased_rctl(PT_MAXSHMMEM, ALIAS_MAXSHMMEM);
3840 3840 return;
3841 3841 case PT_MAXSHMIDS:
3842 3842 remove_aliased_rctl(PT_MAXSHMIDS, ALIAS_MAXSHMIDS);
3843 3843 return;
3844 3844 case PT_MAXMSGIDS:
3845 3845 remove_aliased_rctl(PT_MAXMSGIDS, ALIAS_MAXMSGIDS);
3846 3846 return;
3847 3847 case PT_MAXSEMIDS:
3848 3848 remove_aliased_rctl(PT_MAXSEMIDS, ALIAS_MAXSEMIDS);
3849 3849 return;
3850 3850 case PT_SHARES:
3851 3851 remove_aliased_rctl(PT_SHARES, ALIAS_SHARES);
3852 3852 return;
3853 3853 case PT_HOSTID:
3854 3854 if ((err = zonecfg_set_hostid(handle, NULL)) != Z_OK)
3855 3855 z_cmd_rt_perror(CMD_CLEAR, RT_HOSTID, err, B_TRUE);
3856 3856 else
3857 3857 need_to_commit = B_TRUE;
3858 3858 return;
3859 3859 case PT_FS_ALLOWED:
3860 3860 if ((err = zonecfg_set_fs_allowed(handle, NULL)) != Z_OK)
3861 3861 z_cmd_rt_perror(CMD_CLEAR, RT_FS_ALLOWED, err, B_TRUE);
3862 3862 else
3863 3863 need_to_commit = B_TRUE;
3864 3864 return;
3865 3865 default:
3866 3866 zone_perror(pt_to_str(type), Z_NO_PROPERTY_TYPE, B_TRUE);
3867 3867 long_usage(CMD_CLEAR, B_TRUE);
3868 3868 usage(B_FALSE, HELP_PROPS);
3869 3869 return;
3870 3870 }
3871 3871 }
3872 3872
3873 3873 void
3874 3874 clear_func(cmd_t *cmd)
3875 3875 {
3876 3876 if (zone_is_read_only(CMD_CLEAR))
3877 3877 return;
3878 3878
3879 3879 assert(cmd != NULL);
3880 3880
3881 3881 if (global_scope) {
3882 3882 if (gz_invalid_property(cmd->cmd_res_type)) {
3883 3883 zerr(gettext("%s is not a valid property for the "
3884 3884 "global zone."), pt_to_str(cmd->cmd_res_type));
3885 3885 saw_error = B_TRUE;
3886 3886 return;
3887 3887 }
3888 3888
3889 3889 clear_global(cmd);
3890 3890 } else {
3891 3891 clear_property(cmd);
3892 3892 }
3893 3893 }
3894 3894
3895 3895 void
3896 3896 select_func(cmd_t *cmd)
3897 3897 {
3898 3898 int type, err, res;
3899 3899 uint64_t limit;
3900 3900 uint64_t tmp;
3901 3901
3902 3902 if (zone_is_read_only(CMD_SELECT))
3903 3903 return;
3904 3904
3905 3905 assert(cmd != NULL);
3906 3906
3907 3907 if (global_scope) {
3908 3908 global_scope = B_FALSE;
3909 3909 resource_scope = cmd->cmd_res_type;
3910 3910 end_op = CMD_SELECT;
3911 3911 } else {
3912 3912 scope_usage(CMD_SELECT);
3913 3913 return;
3914 3914 }
3915 3915
3916 3916 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3917 3917 long_usage(CMD_SELECT, B_TRUE);
3918 3918 return;
3919 3919 }
3920 3920
3921 3921 if (initialize(B_TRUE) != Z_OK)
3922 3922 return;
3923 3923
3924 3924 switch (type) {
3925 3925 case RT_FS:
3926 3926 if ((err = fill_in_fstab(cmd, &old_fstab, B_FALSE)) != Z_OK) {
3927 3927 z_cmd_rt_perror(CMD_SELECT, RT_FS, err, B_TRUE);
3928 3928 global_scope = B_TRUE;
3929 3929 }
3930 3930 bcopy(&old_fstab, &in_progress_fstab,
3931 3931 sizeof (struct zone_fstab));
3932 3932 return;
3933 3933 case RT_NET:
3934 3934 if ((err = fill_in_nwiftab(cmd, &old_nwiftab, B_FALSE))
3935 3935 != Z_OK) {
3936 3936 z_cmd_rt_perror(CMD_SELECT, RT_NET, err, B_TRUE);
3937 3937 global_scope = B_TRUE;
3938 3938 }
3939 3939 bcopy(&old_nwiftab, &in_progress_nwiftab,
3940 3940 sizeof (struct zone_nwiftab));
3941 3941 return;
3942 3942 case RT_DEVICE:
3943 3943 if ((err = fill_in_devtab(cmd, &old_devtab, B_FALSE)) != Z_OK) {
3944 3944 z_cmd_rt_perror(CMD_SELECT, RT_DEVICE, err, B_TRUE);
3945 3945 global_scope = B_TRUE;
3946 3946 }
3947 3947 bcopy(&old_devtab, &in_progress_devtab,
3948 3948 sizeof (struct zone_devtab));
3949 3949 return;
3950 3950 case RT_RCTL:
3951 3951 if ((err = fill_in_rctltab(cmd, &old_rctltab, B_FALSE))
3952 3952 != Z_OK) {
3953 3953 z_cmd_rt_perror(CMD_SELECT, RT_RCTL, err, B_TRUE);
3954 3954 global_scope = B_TRUE;
3955 3955 }
3956 3956 bcopy(&old_rctltab, &in_progress_rctltab,
3957 3957 sizeof (struct zone_rctltab));
3958 3958 return;
3959 3959 case RT_ATTR:
3960 3960 if ((err = fill_in_attrtab(cmd, &old_attrtab, B_FALSE))
3961 3961 != Z_OK) {
3962 3962 z_cmd_rt_perror(CMD_SELECT, RT_ATTR, err, B_TRUE);
3963 3963 global_scope = B_TRUE;
3964 3964 }
3965 3965 bcopy(&old_attrtab, &in_progress_attrtab,
3966 3966 sizeof (struct zone_attrtab));
3967 3967 return;
3968 3968 case RT_DATASET:
3969 3969 if ((err = fill_in_dstab(cmd, &old_dstab, B_FALSE)) != Z_OK) {
3970 3970 z_cmd_rt_perror(CMD_SELECT, RT_DATASET, err, B_TRUE);
3971 3971 global_scope = B_TRUE;
3972 3972 }
3973 3973 bcopy(&old_dstab, &in_progress_dstab,
3974 3974 sizeof (struct zone_dstab));
3975 3975 return;
3976 3976 case RT_DCPU:
3977 3977 if ((err = zonecfg_lookup_pset(handle, &old_psettab)) != Z_OK) {
3978 3978 z_cmd_rt_perror(CMD_SELECT, RT_DCPU, err, B_TRUE);
3979 3979 global_scope = B_TRUE;
3980 3980 }
3981 3981 bcopy(&old_psettab, &in_progress_psettab,
3982 3982 sizeof (struct zone_psettab));
3983 3983 return;
3984 3984 case RT_PCAP:
3985 3985 if ((err = zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp))
3986 3986 != Z_OK) {
3987 3987 z_cmd_rt_perror(CMD_SELECT, RT_PCAP, err, B_TRUE);
3988 3988 global_scope = B_TRUE;
3989 3989 }
3990 3990 return;
3991 3991 case RT_MCAP:
3992 3992 /* if none of these exist, there is no resource to select */
3993 3993 if ((res = zonecfg_lookup_mcap(handle, &old_mcaptab)) != Z_OK &&
3994 3994 zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &limit)
3995 3995 != Z_OK &&
3996 3996 zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &limit)
3997 3997 != Z_OK) {
3998 3998 z_cmd_rt_perror(CMD_SELECT, RT_MCAP, Z_NO_RESOURCE_TYPE,
3999 3999 B_TRUE);
4000 4000 global_scope = B_TRUE;
4001 4001 }
4002 4002 if (res == Z_OK)
4003 4003 bcopy(&old_mcaptab, &in_progress_mcaptab,
4004 4004 sizeof (struct zone_mcaptab));
4005 4005 else
4006 4006 bzero(&in_progress_mcaptab,
4007 4007 sizeof (in_progress_mcaptab));
4008 4008 return;
4009 4009 case RT_ADMIN:
4010 4010 if ((err = fill_in_admintab(cmd, &old_admintab, B_FALSE))
4011 4011 != Z_OK) {
4012 4012 z_cmd_rt_perror(CMD_SELECT, RT_ADMIN, err,
4013 4013 B_TRUE);
4014 4014 global_scope = B_TRUE;
4015 4015 }
4016 4016 bcopy(&old_admintab, &in_progress_admintab,
4017 4017 sizeof (struct zone_admintab));
4018 4018 return;
4019 4019 case RT_SECFLAGS:
4020 4020 if ((err = fill_in_secflagstab(cmd, &old_secflagstab, B_FALSE))
4021 4021 != Z_OK) {
4022 4022 z_cmd_rt_perror(CMD_SELECT, RT_SECFLAGS, err,
4023 4023 B_TRUE);
4024 4024 global_scope = B_TRUE;
4025 4025 }
4026 4026 bcopy(&old_secflagstab, &in_progress_secflagstab,
4027 4027 sizeof (struct zone_secflagstab));
4028 4028 return;
4029 4029 default:
4030 4030 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
4031 4031 long_usage(CMD_SELECT, B_TRUE);
4032 4032 usage(B_FALSE, HELP_RESOURCES);
4033 4033 return;
4034 4034 }
4035 4035 }
4036 4036
4037 4037 /*
4038 4038 * Network "addresses" can be one of the following forms:
4039 4039 * <IPv4 address>
4040 4040 * <IPv4 address>/<prefix length>
4041 4041 * <IPv6 address>/<prefix length>
4042 4042 * <host name>
4043 4043 * <host name>/<prefix length>
4044 4044 * In other words, the "/" followed by a prefix length is allowed but not
4045 4045 * required for IPv4 addresses and host names, and required for IPv6 addresses.
4046 4046 * If a prefix length is given, it must be in the allowable range: 0 to 32 for
4047 4047 * IPv4 addresses and host names, 0 to 128 for IPv6 addresses.
4048 4048 * Host names must start with an alpha-numeric character, and all subsequent
4049 4049 * characters must be either alpha-numeric or "-".
4050 4050 *
4051 4051 * In some cases, e.g., the nexthop for the defrouter, the context indicates
4052 4052 * that this is the IPV4_ABITS or IPV6_ABITS netmask, in which case we don't
4053 4053 * require the /<prefix length> (and should ignore it if provided).
4054 4054 */
4055 4055
4056 4056 static int
4057 4057 validate_net_address_syntax(char *address, boolean_t ishost)
4058 4058 {
4059 4059 char *slashp, part1[MAXHOSTNAMELEN];
4060 4060 struct in6_addr in6;
4061 4061 struct in_addr in4;
4062 4062 int prefixlen, i;
4063 4063
4064 4064 /*
4065 4065 * Copy the part before any '/' into part1 or copy the whole
4066 4066 * thing if there is no '/'.
4067 4067 */
4068 4068 if ((slashp = strchr(address, '/')) != NULL) {
4069 4069 *slashp = '\0';
4070 4070 (void) strlcpy(part1, address, sizeof (part1));
4071 4071 *slashp = '/';
4072 4072 prefixlen = atoi(++slashp);
4073 4073 } else {
4074 4074 (void) strlcpy(part1, address, sizeof (part1));
4075 4075 }
4076 4076
4077 4077 if (ishost && slashp != NULL) {
4078 4078 zerr(gettext("Warning: prefix length in %s is not required and "
4079 4079 "will be ignored. The default host-prefix length "
4080 4080 "will be used"), address);
4081 4081 }
4082 4082
4083 4083
4084 4084 if (inet_pton(AF_INET6, part1, &in6) == 1) {
4085 4085 if (ishost) {
4086 4086 prefixlen = IPV6_ABITS;
4087 4087 } else if (slashp == NULL) {
4088 4088 zerr(gettext("%s: IPv6 addresses "
4089 4089 "require /prefix-length suffix."), address);
4090 4090 return (Z_ERR);
4091 4091 }
4092 4092 if (prefixlen < 0 || prefixlen > 128) {
4093 4093 zerr(gettext("%s: IPv6 address "
4094 4094 "prefix lengths must be 0 - 128."), address);
4095 4095 return (Z_ERR);
4096 4096 }
4097 4097 return (Z_OK);
4098 4098 }
4099 4099
4100 4100 /* At this point, any /prefix must be for IPv4. */
4101 4101 if (ishost)
4102 4102 prefixlen = IPV4_ABITS;
4103 4103 else if (slashp != NULL) {
4104 4104 if (prefixlen < 0 || prefixlen > 32) {
4105 4105 zerr(gettext("%s: IPv4 address "
4106 4106 "prefix lengths must be 0 - 32."), address);
4107 4107 return (Z_ERR);
4108 4108 }
4109 4109 }
4110 4110
4111 4111 if (inet_pton(AF_INET, part1, &in4) == 1)
4112 4112 return (Z_OK);
4113 4113
4114 4114 /* address may also be a host name */
4115 4115 if (!isalnum(part1[0])) {
4116 4116 zerr(gettext("%s: bogus host name or network address syntax"),
4117 4117 part1);
4118 4118 saw_error = B_TRUE;
4119 4119 usage(B_FALSE, HELP_NETADDR);
4120 4120 return (Z_ERR);
4121 4121 }
4122 4122 for (i = 1; part1[i]; i++)
4123 4123 if (!isalnum(part1[i]) && part1[i] != '-' && part1[i] != '.') {
4124 4124 zerr(gettext("%s: bogus host name or "
4125 4125 "network address syntax"), part1);
4126 4126 saw_error = B_TRUE;
4127 4127 usage(B_FALSE, HELP_NETADDR);
4128 4128 return (Z_ERR);
4129 4129 }
4130 4130 return (Z_OK);
4131 4131 }
4132 4132
4133 4133 static int
4134 4134 validate_net_physical_syntax(const char *ifname)
4135 4135 {
4136 4136 ifspec_t ifnameprop;
4137 4137 zone_iptype_t iptype;
4138 4138
4139 4139 if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
4140 4140 zerr(gettext("zone configuration has an invalid or nonexistent "
4141 4141 "ip-type property"));
4142 4142 return (Z_ERR);
4143 4143 }
4144 4144 switch (iptype) {
4145 4145 case ZS_SHARED:
4146 4146 if (ifparse_ifspec(ifname, &ifnameprop) == B_FALSE) {
4147 4147 zerr(gettext("%s: invalid physical interface name"),
4148 4148 ifname);
4149 4149 return (Z_ERR);
4150 4150 }
4151 4151 if (ifnameprop.ifsp_lunvalid) {
4152 4152 zerr(gettext("%s: LUNs not allowed in physical "
4153 4153 "interface names"), ifname);
4154 4154 return (Z_ERR);
4155 4155 }
4156 4156 break;
4157 4157 case ZS_EXCLUSIVE:
4158 4158 if (dladm_valid_linkname(ifname) == B_FALSE) {
4159 4159 if (strchr(ifname, ':') != NULL)
4160 4160 zerr(gettext("%s: physical interface name "
4161 4161 "required; logical interface name not "
4162 4162 "allowed"), ifname);
4163 4163 else
4164 4164 zerr(gettext("%s: invalid physical interface "
4165 4165 "name"), ifname);
4166 4166 return (Z_ERR);
4167 4167 }
4168 4168 break;
4169 4169 }
4170 4170 return (Z_OK);
4171 4171 }
4172 4172
4173 4173 static boolean_t
4174 4174 valid_fs_type(const char *type)
4175 4175 {
4176 4176 /*
4177 4177 * Is this a valid path component?
4178 4178 */
4179 4179 if (strlen(type) + 1 > MAXNAMELEN)
4180 4180 return (B_FALSE);
4181 4181 /*
4182 4182 * Make sure a bad value for "type" doesn't make
4183 4183 * /usr/lib/fs/<type>/mount turn into something else.
4184 4184 */
4185 4185 if (strchr(type, '/') != NULL || type[0] == '\0' ||
4186 4186 strcmp(type, ".") == 0 || strcmp(type, "..") == 0)
4187 4187 return (B_FALSE);
4188 4188 /*
4189 4189 * More detailed verification happens later by zoneadm(1m).
4190 4190 */
4191 4191 return (B_TRUE);
4192 4192 }
4193 4193
4194 4194 static boolean_t
4195 4195 allow_exclusive()
4196 4196 {
4197 4197 brand_handle_t bh;
4198 4198 char brand[MAXNAMELEN];
4199 4199 boolean_t ret;
4200 4200
4201 4201 if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
4202 4202 zerr("%s: %s\n", zone, gettext("could not get zone brand"));
4203 4203 return (B_FALSE);
4204 4204 }
4205 4205 if ((bh = brand_open(brand)) == NULL) {
4206 4206 zerr("%s: %s\n", zone, gettext("unknown brand."));
4207 4207 return (B_FALSE);
4208 4208 }
4209 4209 ret = brand_allow_exclusive_ip(bh);
4210 4210 brand_close(bh);
4211 4211 if (!ret)
4212 4212 zerr(gettext("%s cannot be '%s' when %s is '%s'."),
4213 4213 pt_to_str(PT_IPTYPE), "exclusive",
4214 4214 pt_to_str(PT_BRAND), brand);
4215 4215 return (ret);
4216 4216 }
4217 4217
4218 4218 static void
4219 4219 set_aliased_rctl(char *alias, int prop_type, char *s)
4220 4220 {
4221 4221 uint64_t limit;
4222 4222 int err;
4223 4223 char tmp[128];
4224 4224
4225 4225 if (global_zone && strcmp(alias, ALIAS_SHARES) != 0)
4226 4226 zerr(gettext("WARNING: Setting a global zone resource "
4227 4227 "control too low could deny\nservice "
4228 4228 "to even the root user; "
4229 4229 "this could render the system impossible\n"
4230 4230 "to administer. Please use caution."));
4231 4231
4232 4232 /* convert memory based properties */
4233 4233 if (prop_type == PT_MAXSHMMEM) {
4234 4234 if (!zonecfg_valid_memlimit(s, &limit)) {
4235 4235 zerr(gettext("A non-negative number with a required "
4236 4236 "scale suffix (K, M, G or T) was expected\nhere."));
4237 4237 saw_error = B_TRUE;
4238 4238 return;
4239 4239 }
4240 4240
4241 4241 (void) snprintf(tmp, sizeof (tmp), "%llu", limit);
4242 4242 s = tmp;
4243 4243 }
4244 4244
4245 4245 if (!zonecfg_aliased_rctl_ok(handle, alias)) {
4246 4246 zone_perror(pt_to_str(prop_type), Z_ALIAS_DISALLOW, B_FALSE);
4247 4247 saw_error = B_TRUE;
4248 4248 } else if (!zonecfg_valid_alias_limit(alias, s, &limit)) {
4249 4249 zerr(gettext("%s property is out of range."),
4250 4250 pt_to_str(prop_type));
4251 4251 saw_error = B_TRUE;
4252 4252 } else if ((err = zonecfg_set_aliased_rctl(handle, alias, limit))
4253 4253 != Z_OK) {
4254 4254 zone_perror(zone, err, B_TRUE);
4255 4255 saw_error = B_TRUE;
4256 4256 } else {
4257 4257 need_to_commit = B_TRUE;
4258 4258 }
4259 4259 }
4260 4260
4261 4261 static void
4262 4262 set_in_progress_nwiftab_address(char *prop_id, int prop_type)
4263 4263 {
4264 4264 if (prop_type == PT_ADDRESS) {
4265 4265 (void) strlcpy(in_progress_nwiftab.zone_nwif_address, prop_id,
4266 4266 sizeof (in_progress_nwiftab.zone_nwif_address));
4267 4267 } else {
4268 4268 assert(prop_type == PT_ALLOWED_ADDRESS);
4269 4269 (void) strlcpy(in_progress_nwiftab.zone_nwif_allowed_address,
4270 4270 prop_id,
4271 4271 sizeof (in_progress_nwiftab.zone_nwif_allowed_address));
4272 4272 }
4273 4273 }
4274 4274
4275 4275 void
4276 4276 set_func(cmd_t *cmd)
4277 4277 {
4278 4278 char *prop_id;
4279 4279 int arg, err, res_type, prop_type;
4280 4280 property_value_ptr_t pp;
4281 4281 boolean_t autoboot;
4282 4282 zone_iptype_t iptype;
4283 4283 boolean_t force_set = B_FALSE;
4284 4284 size_t physmem_size = sizeof (in_progress_mcaptab.zone_physmem_cap);
4285 4285 uint64_t mem_cap, mem_limit;
4286 4286 float cap;
4287 4287 char *unitp;
4288 4288 struct zone_psettab tmp_psettab;
4289 4289 boolean_t arg_err = B_FALSE;
4290 4290
4291 4291 if (zone_is_read_only(CMD_SET))
4292 4292 return;
4293 4293
4294 4294 assert(cmd != NULL);
4295 4295
4296 4296 optind = opterr = 0;
4297 4297 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
4298 4298 switch (arg) {
4299 4299 case 'F':
4300 4300 force_set = B_TRUE;
4301 4301 break;
4302 4302 default:
4303 4303 if (optopt == '?')
4304 4304 longer_usage(CMD_SET);
4305 4305 else
4306 4306 short_usage(CMD_SET);
4307 4307 arg_err = B_TRUE;
4308 4308 break;
4309 4309 }
4310 4310 }
4311 4311 if (arg_err)
4312 4312 return;
4313 4313
4314 4314 prop_type = cmd->cmd_prop_name[0];
4315 4315 if (global_scope) {
4316 4316 if (gz_invalid_property(prop_type)) {
4317 4317 zerr(gettext("%s is not a valid property for the "
4318 4318 "global zone."), pt_to_str(prop_type));
4319 4319 saw_error = B_TRUE;
4320 4320 return;
4321 4321 }
4322 4322
4323 4323 if (prop_type == PT_ZONENAME) {
4324 4324 res_type = RT_ZONENAME;
4325 4325 } else if (prop_type == PT_ZONEPATH) {
4326 4326 res_type = RT_ZONEPATH;
4327 4327 } else if (prop_type == PT_AUTOBOOT) {
4328 4328 res_type = RT_AUTOBOOT;
4329 4329 } else if (prop_type == PT_BRAND) {
4330 4330 res_type = RT_BRAND;
4331 4331 } else if (prop_type == PT_POOL) {
4332 4332 res_type = RT_POOL;
4333 4333 } else if (prop_type == PT_LIMITPRIV) {
4334 4334 res_type = RT_LIMITPRIV;
4335 4335 } else if (prop_type == PT_BOOTARGS) {
4336 4336 res_type = RT_BOOTARGS;
4337 4337 } else if (prop_type == PT_SCHED) {
4338 4338 res_type = RT_SCHED;
4339 4339 } else if (prop_type == PT_IPTYPE) {
4340 4340 res_type = RT_IPTYPE;
4341 4341 } else if (prop_type == PT_MAXLWPS) {
4342 4342 res_type = RT_MAXLWPS;
4343 4343 } else if (prop_type == PT_MAXPROCS) {
4344 4344 res_type = RT_MAXPROCS;
4345 4345 } else if (prop_type == PT_MAXSHMMEM) {
4346 4346 res_type = RT_MAXSHMMEM;
4347 4347 } else if (prop_type == PT_MAXSHMIDS) {
4348 4348 res_type = RT_MAXSHMIDS;
4349 4349 } else if (prop_type == PT_MAXMSGIDS) {
4350 4350 res_type = RT_MAXMSGIDS;
4351 4351 } else if (prop_type == PT_MAXSEMIDS) {
4352 4352 res_type = RT_MAXSEMIDS;
4353 4353 } else if (prop_type == PT_SHARES) {
4354 4354 res_type = RT_SHARES;
4355 4355 } else if (prop_type == PT_HOSTID) {
4356 4356 res_type = RT_HOSTID;
4357 4357 } else if (prop_type == PT_FS_ALLOWED) {
4358 4358 res_type = RT_FS_ALLOWED;
4359 4359 } else {
4360 4360 zerr(gettext("Cannot set a resource-specific property "
4361 4361 "from the global scope."));
4362 4362 saw_error = B_TRUE;
4363 4363 return;
4364 4364 }
4365 4365 } else {
4366 4366 res_type = resource_scope;
4367 4367 }
4368 4368
4369 4369 if (force_set) {
4370 4370 if (res_type != RT_ZONEPATH) {
4371 4371 zerr(gettext("Only zonepath setting can be forced."));
4372 4372 saw_error = B_TRUE;
4373 4373 return;
4374 4374 }
4375 4375 if (!zonecfg_in_alt_root()) {
4376 4376 zerr(gettext("Zonepath is changeable only in an "
4377 4377 "alternate root."));
4378 4378 saw_error = B_TRUE;
4379 4379 return;
4380 4380 }
4381 4381 }
4382 4382
4383 4383 pp = cmd->cmd_property_ptr[0];
4384 4384 /*
4385 4385 * A nasty expression but not that complicated:
4386 4386 * 1. fs options are simple or list (tested below)
4387 4387 * 2. rctl value's are complex or list (tested below)
4388 4388 * Anything else should be simple.
4389 4389 */
4390 4390 if (!(res_type == RT_FS && prop_type == PT_OPTIONS) &&
4391 4391 !(res_type == RT_RCTL && prop_type == PT_VALUE) &&
4392 4392 (pp->pv_type != PROP_VAL_SIMPLE ||
4393 4393 (prop_id = pp->pv_simple) == NULL)) {
4394 4394 zerr(gettext("A %s value was expected here."),
4395 4395 pvt_to_str(PROP_VAL_SIMPLE));
4396 4396 saw_error = B_TRUE;
4397 4397 return;
4398 4398 }
4399 4399 if (prop_type == PT_UNKNOWN) {
4400 4400 long_usage(CMD_SET, B_TRUE);
4401 4401 return;
4402 4402 }
4403 4403
4404 4404 /*
4405 4405 * Special case: the user can change the zone name prior to 'create';
4406 4406 * if the zone already exists, we fall through letting initialize()
4407 4407 * and the rest of the logic run.
4408 4408 */
4409 4409 if (res_type == RT_ZONENAME && got_handle == B_FALSE &&
4410 4410 !state_atleast(ZONE_STATE_CONFIGURED)) {
4411 4411 if ((err = zonecfg_validate_zonename(prop_id)) != Z_OK) {
4412 4412 zone_perror(prop_id, err, B_TRUE);
4413 4413 usage(B_FALSE, HELP_SYNTAX);
4414 4414 return;
4415 4415 }
4416 4416 (void) strlcpy(zone, prop_id, sizeof (zone));
4417 4417 return;
4418 4418 }
4419 4419
4420 4420 if (initialize(B_TRUE) != Z_OK)
4421 4421 return;
4422 4422
4423 4423 switch (res_type) {
4424 4424 case RT_ZONENAME:
4425 4425 if ((err = zonecfg_set_name(handle, prop_id)) != Z_OK) {
4426 4426 /*
4427 4427 * Use prop_id instead of 'zone' here, since we're
4428 4428 * reporting a problem about the *new* zonename.
4429 4429 */
4430 4430 zone_perror(prop_id, err, B_TRUE);
4431 4431 usage(B_FALSE, HELP_SYNTAX);
4432 4432 } else {
4433 4433 need_to_commit = B_TRUE;
4434 4434 (void) strlcpy(zone, prop_id, sizeof (zone));
4435 4435 }
4436 4436 return;
4437 4437 case RT_ZONEPATH:
4438 4438 if (!force_set && state_atleast(ZONE_STATE_INSTALLED)) {
4439 4439 zerr(gettext("Zone %s already installed; %s %s not "
4440 4440 "allowed."), zone, cmd_to_str(CMD_SET),
4441 4441 rt_to_str(RT_ZONEPATH));
4442 4442 return;
4443 4443 }
4444 4444 if (validate_zonepath_syntax(prop_id) != Z_OK) {
4445 4445 saw_error = B_TRUE;
4446 4446 return;
4447 4447 }
4448 4448 if ((err = zonecfg_set_zonepath(handle, prop_id)) != Z_OK)
4449 4449 zone_perror(zone, err, B_TRUE);
4450 4450 else
4451 4451 need_to_commit = B_TRUE;
4452 4452 return;
4453 4453 case RT_BRAND:
4454 4454 if (state_atleast(ZONE_STATE_INSTALLED)) {
4455 4455 zerr(gettext("Zone %s already installed; %s %s not "
4456 4456 "allowed."), zone, cmd_to_str(CMD_SET),
4457 4457 rt_to_str(RT_BRAND));
4458 4458 return;
4459 4459 }
4460 4460 if ((err = zonecfg_set_brand(handle, prop_id)) != Z_OK)
4461 4461 zone_perror(zone, err, B_TRUE);
4462 4462 else
4463 4463 need_to_commit = B_TRUE;
4464 4464 return;
4465 4465 case RT_AUTOBOOT:
4466 4466 if (strcmp(prop_id, "true") == 0) {
4467 4467 autoboot = B_TRUE;
4468 4468 } else if (strcmp(prop_id, "false") == 0) {
4469 4469 autoboot = B_FALSE;
4470 4470 } else {
4471 4471 zerr(gettext("%s value must be '%s' or '%s'."),
4472 4472 pt_to_str(PT_AUTOBOOT), "true", "false");
4473 4473 saw_error = B_TRUE;
4474 4474 return;
4475 4475 }
4476 4476 if ((err = zonecfg_set_autoboot(handle, autoboot)) != Z_OK)
4477 4477 zone_perror(zone, err, B_TRUE);
4478 4478 else
4479 4479 need_to_commit = B_TRUE;
4480 4480 return;
4481 4481 case RT_POOL:
4482 4482 /* don't allow use of the reserved temporary pool names */
4483 4483 if (strncmp("SUNW", prop_id, 4) == 0) {
4484 4484 zerr(gettext("pool names starting with SUNW are "
4485 4485 "reserved."));
4486 4486 saw_error = B_TRUE;
4487 4487 return;
4488 4488 }
4489 4489
4490 4490 /* can't set pool if dedicated-cpu exists */
4491 4491 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
4492 4492 zerr(gettext("The %s resource already exists. "
4493 4493 "A persistent pool is incompatible\nwith the %s "
4494 4494 "resource."), rt_to_str(RT_DCPU),
4495 4495 rt_to_str(RT_DCPU));
4496 4496 saw_error = B_TRUE;
4497 4497 return;
4498 4498 }
4499 4499
4500 4500 if ((err = zonecfg_set_pool(handle, prop_id)) != Z_OK)
4501 4501 zone_perror(zone, err, B_TRUE);
4502 4502 else
4503 4503 need_to_commit = B_TRUE;
4504 4504 return;
4505 4505 case RT_LIMITPRIV:
4506 4506 if ((err = zonecfg_set_limitpriv(handle, prop_id)) != Z_OK)
4507 4507 zone_perror(zone, err, B_TRUE);
4508 4508 else
4509 4509 need_to_commit = B_TRUE;
4510 4510 return;
4511 4511 case RT_BOOTARGS:
4512 4512 if ((err = zonecfg_set_bootargs(handle, prop_id)) != Z_OK)
4513 4513 zone_perror(zone, err, B_TRUE);
4514 4514 else
4515 4515 need_to_commit = B_TRUE;
4516 4516 return;
4517 4517 case RT_SCHED:
4518 4518 if ((err = zonecfg_set_sched(handle, prop_id)) != Z_OK)
4519 4519 zone_perror(zone, err, B_TRUE);
4520 4520 else
4521 4521 need_to_commit = B_TRUE;
4522 4522 return;
4523 4523 case RT_IPTYPE:
4524 4524 if (strcmp(prop_id, "shared") == 0) {
4525 4525 iptype = ZS_SHARED;
4526 4526 } else if (strcmp(prop_id, "exclusive") == 0) {
4527 4527 iptype = ZS_EXCLUSIVE;
4528 4528 } else {
4529 4529 zerr(gettext("%s value must be '%s' or '%s'."),
4530 4530 pt_to_str(PT_IPTYPE), "shared", "exclusive");
4531 4531 saw_error = B_TRUE;
4532 4532 return;
4533 4533 }
4534 4534 if (iptype == ZS_EXCLUSIVE && !allow_exclusive()) {
4535 4535 saw_error = B_TRUE;
4536 4536 return;
4537 4537 }
4538 4538 if ((err = zonecfg_set_iptype(handle, iptype)) != Z_OK)
4539 4539 zone_perror(zone, err, B_TRUE);
4540 4540 else
4541 4541 need_to_commit = B_TRUE;
4542 4542 return;
4543 4543 case RT_MAXLWPS:
4544 4544 set_aliased_rctl(ALIAS_MAXLWPS, prop_type, prop_id);
4545 4545 return;
4546 4546 case RT_MAXPROCS:
4547 4547 set_aliased_rctl(ALIAS_MAXPROCS, prop_type, prop_id);
4548 4548 return;
4549 4549 case RT_MAXSHMMEM:
4550 4550 set_aliased_rctl(ALIAS_MAXSHMMEM, prop_type, prop_id);
4551 4551 return;
4552 4552 case RT_MAXSHMIDS:
4553 4553 set_aliased_rctl(ALIAS_MAXSHMIDS, prop_type, prop_id);
4554 4554 return;
4555 4555 case RT_MAXMSGIDS:
4556 4556 set_aliased_rctl(ALIAS_MAXMSGIDS, prop_type, prop_id);
4557 4557 return;
4558 4558 case RT_MAXSEMIDS:
4559 4559 set_aliased_rctl(ALIAS_MAXSEMIDS, prop_type, prop_id);
4560 4560 return;
4561 4561 case RT_SHARES:
4562 4562 set_aliased_rctl(ALIAS_SHARES, prop_type, prop_id);
4563 4563 return;
4564 4564 case RT_HOSTID:
4565 4565 if ((err = zonecfg_set_hostid(handle, prop_id)) != Z_OK) {
4566 4566 if (err == Z_TOO_BIG) {
4567 4567 zerr(gettext("hostid string is too large: %s"),
4568 4568 prop_id);
4569 4569 saw_error = B_TRUE;
4570 4570 } else {
4571 4571 zone_perror(pt_to_str(prop_type), err, B_TRUE);
4572 4572 }
4573 4573 return;
4574 4574 }
4575 4575 need_to_commit = B_TRUE;
4576 4576 return;
4577 4577 case RT_FS_ALLOWED:
4578 4578 if ((err = zonecfg_set_fs_allowed(handle, prop_id)) != Z_OK)
4579 4579 zone_perror(zone, err, B_TRUE);
4580 4580 else
4581 4581 need_to_commit = B_TRUE;
4582 4582 return;
4583 4583 case RT_FS:
4584 4584 switch (prop_type) {
4585 4585 case PT_DIR:
4586 4586 (void) strlcpy(in_progress_fstab.zone_fs_dir, prop_id,
4587 4587 sizeof (in_progress_fstab.zone_fs_dir));
4588 4588 return;
4589 4589 case PT_SPECIAL:
4590 4590 (void) strlcpy(in_progress_fstab.zone_fs_special,
4591 4591 prop_id,
4592 4592 sizeof (in_progress_fstab.zone_fs_special));
4593 4593 return;
4594 4594 case PT_RAW:
4595 4595 (void) strlcpy(in_progress_fstab.zone_fs_raw,
4596 4596 prop_id, sizeof (in_progress_fstab.zone_fs_raw));
4597 4597 return;
4598 4598 case PT_TYPE:
4599 4599 if (!valid_fs_type(prop_id)) {
4600 4600 zerr(gettext("\"%s\" is not a valid %s."),
4601 4601 prop_id, pt_to_str(PT_TYPE));
4602 4602 saw_error = B_TRUE;
4603 4603 return;
4604 4604 }
4605 4605 (void) strlcpy(in_progress_fstab.zone_fs_type, prop_id,
4606 4606 sizeof (in_progress_fstab.zone_fs_type));
4607 4607 return;
4608 4608 case PT_OPTIONS:
4609 4609 if (pp->pv_type != PROP_VAL_SIMPLE &&
4610 4610 pp->pv_type != PROP_VAL_LIST) {
4611 4611 zerr(gettext("A %s or %s value was expected "
4612 4612 "here."), pvt_to_str(PROP_VAL_SIMPLE),
4613 4613 pvt_to_str(PROP_VAL_LIST));
4614 4614 saw_error = B_TRUE;
4615 4615 return;
4616 4616 }
4617 4617 zonecfg_free_fs_option_list(
4618 4618 in_progress_fstab.zone_fs_options);
4619 4619 in_progress_fstab.zone_fs_options = NULL;
4620 4620 if (!(pp->pv_type == PROP_VAL_LIST &&
4621 4621 pp->pv_list == NULL))
4622 4622 add_property(cmd);
4623 4623 return;
4624 4624 default:
4625 4625 break;
4626 4626 }
4627 4627 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4628 4628 long_usage(CMD_SET, B_TRUE);
4629 4629 usage(B_FALSE, HELP_PROPS);
4630 4630 return;
4631 4631 case RT_NET:
4632 4632 switch (prop_type) {
4633 4633 case PT_ADDRESS:
4634 4634 case PT_ALLOWED_ADDRESS:
4635 4635 if (validate_net_address_syntax(prop_id, B_FALSE)
4636 4636 != Z_OK) {
4637 4637 saw_error = B_TRUE;
4638 4638 return;
4639 4639 }
4640 4640 set_in_progress_nwiftab_address(prop_id, prop_type);
4641 4641 break;
4642 4642 case PT_PHYSICAL:
4643 4643 if (validate_net_physical_syntax(prop_id) != Z_OK) {
4644 4644 saw_error = B_TRUE;
4645 4645 return;
4646 4646 }
4647 4647 (void) strlcpy(in_progress_nwiftab.zone_nwif_physical,
4648 4648 prop_id,
4649 4649 sizeof (in_progress_nwiftab.zone_nwif_physical));
4650 4650 break;
4651 4651 case PT_DEFROUTER:
4652 4652 if (validate_net_address_syntax(prop_id, B_TRUE)
4653 4653 != Z_OK) {
4654 4654 saw_error = B_TRUE;
4655 4655 return;
4656 4656 }
4657 4657 (void) strlcpy(in_progress_nwiftab.zone_nwif_defrouter,
4658 4658 prop_id,
4659 4659 sizeof (in_progress_nwiftab.zone_nwif_defrouter));
4660 4660 break;
4661 4661 default:
4662 4662 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4663 4663 B_TRUE);
4664 4664 long_usage(CMD_SET, B_TRUE);
4665 4665 usage(B_FALSE, HELP_PROPS);
4666 4666 return;
4667 4667 }
4668 4668 return;
4669 4669 case RT_DEVICE:
4670 4670 switch (prop_type) {
4671 4671 case PT_MATCH:
4672 4672 (void) strlcpy(in_progress_devtab.zone_dev_match,
4673 4673 prop_id,
4674 4674 sizeof (in_progress_devtab.zone_dev_match));
4675 4675 break;
4676 4676 default:
4677 4677 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4678 4678 B_TRUE);
4679 4679 long_usage(CMD_SET, B_TRUE);
4680 4680 usage(B_FALSE, HELP_PROPS);
4681 4681 return;
4682 4682 }
4683 4683 return;
4684 4684 case RT_RCTL:
4685 4685 switch (prop_type) {
4686 4686 case PT_NAME:
4687 4687 if (!zonecfg_valid_rctlname(prop_id)) {
4688 4688 zerr(gettext("'%s' is not a valid zone %s "
4689 4689 "name."), prop_id, rt_to_str(RT_RCTL));
4690 4690 return;
4691 4691 }
4692 4692 (void) strlcpy(in_progress_rctltab.zone_rctl_name,
4693 4693 prop_id,
4694 4694 sizeof (in_progress_rctltab.zone_rctl_name));
4695 4695 break;
4696 4696 case PT_VALUE:
4697 4697 if (pp->pv_type != PROP_VAL_COMPLEX &&
4698 4698 pp->pv_type != PROP_VAL_LIST) {
4699 4699 zerr(gettext("A %s or %s value was expected "
4700 4700 "here."), pvt_to_str(PROP_VAL_COMPLEX),
4701 4701 pvt_to_str(PROP_VAL_LIST));
4702 4702 saw_error = B_TRUE;
4703 4703 return;
4704 4704 }
4705 4705 zonecfg_free_rctl_value_list(
4706 4706 in_progress_rctltab.zone_rctl_valptr);
4707 4707 in_progress_rctltab.zone_rctl_valptr = NULL;
4708 4708 if (!(pp->pv_type == PROP_VAL_LIST &&
4709 4709 pp->pv_list == NULL))
4710 4710 add_property(cmd);
4711 4711 break;
4712 4712 default:
4713 4713 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4714 4714 B_TRUE);
4715 4715 long_usage(CMD_SET, B_TRUE);
4716 4716 usage(B_FALSE, HELP_PROPS);
4717 4717 return;
4718 4718 }
4719 4719 return;
4720 4720 case RT_ATTR:
4721 4721 switch (prop_type) {
4722 4722 case PT_NAME:
4723 4723 (void) strlcpy(in_progress_attrtab.zone_attr_name,
4724 4724 prop_id,
4725 4725 sizeof (in_progress_attrtab.zone_attr_name));
4726 4726 break;
4727 4727 case PT_TYPE:
4728 4728 (void) strlcpy(in_progress_attrtab.zone_attr_type,
4729 4729 prop_id,
4730 4730 sizeof (in_progress_attrtab.zone_attr_type));
4731 4731 break;
4732 4732 case PT_VALUE:
4733 4733 (void) strlcpy(in_progress_attrtab.zone_attr_value,
4734 4734 prop_id,
4735 4735 sizeof (in_progress_attrtab.zone_attr_value));
4736 4736 break;
4737 4737 default:
4738 4738 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4739 4739 B_TRUE);
4740 4740 long_usage(CMD_SET, B_TRUE);
4741 4741 usage(B_FALSE, HELP_PROPS);
4742 4742 return;
4743 4743 }
4744 4744 return;
4745 4745 case RT_DATASET:
4746 4746 switch (prop_type) {
4747 4747 case PT_NAME:
4748 4748 (void) strlcpy(in_progress_dstab.zone_dataset_name,
4749 4749 prop_id,
4750 4750 sizeof (in_progress_dstab.zone_dataset_name));
4751 4751 return;
4752 4752 default:
4753 4753 break;
4754 4754 }
4755 4755 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4756 4756 long_usage(CMD_SET, B_TRUE);
4757 4757 usage(B_FALSE, HELP_PROPS);
4758 4758 return;
4759 4759 case RT_DCPU:
4760 4760 switch (prop_type) {
4761 4761 char *lowp, *highp;
4762 4762
4763 4763 case PT_NCPUS:
4764 4764 lowp = prop_id;
4765 4765 if ((highp = strchr(prop_id, '-')) != NULL)
4766 4766 *highp++ = '\0';
4767 4767 else
4768 4768 highp = lowp;
4769 4769
4770 4770 /* Make sure the input makes sense. */
4771 4771 if (!zonecfg_valid_ncpus(lowp, highp)) {
4772 4772 zerr(gettext("%s property is out of range."),
4773 4773 pt_to_str(PT_NCPUS));
4774 4774 saw_error = B_TRUE;
4775 4775 return;
4776 4776 }
4777 4777
4778 4778 (void) strlcpy(
4779 4779 in_progress_psettab.zone_ncpu_min, lowp,
4780 4780 sizeof (in_progress_psettab.zone_ncpu_min));
4781 4781 (void) strlcpy(
4782 4782 in_progress_psettab.zone_ncpu_max, highp,
4783 4783 sizeof (in_progress_psettab.zone_ncpu_max));
4784 4784 return;
4785 4785 case PT_IMPORTANCE:
4786 4786 /* Make sure the value makes sense. */
4787 4787 if (!zonecfg_valid_importance(prop_id)) {
4788 4788 zerr(gettext("%s property is out of range."),
4789 4789 pt_to_str(PT_IMPORTANCE));
4790 4790 saw_error = B_TRUE;
4791 4791 return;
4792 4792 }
4793 4793
4794 4794 (void) strlcpy(in_progress_psettab.zone_importance,
4795 4795 prop_id,
4796 4796 sizeof (in_progress_psettab.zone_importance));
4797 4797 return;
4798 4798 default:
4799 4799 break;
4800 4800 }
4801 4801 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4802 4802 long_usage(CMD_SET, B_TRUE);
4803 4803 usage(B_FALSE, HELP_PROPS);
4804 4804 return;
4805 4805 case RT_PCAP:
4806 4806 if (prop_type != PT_NCPUS) {
4807 4807 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4808 4808 B_TRUE);
4809 4809 long_usage(CMD_SET, B_TRUE);
4810 4810 usage(B_FALSE, HELP_PROPS);
4811 4811 return;
4812 4812 }
4813 4813
4814 4814 /*
4815 4815 * We already checked that an rctl alias is allowed in
4816 4816 * the add_resource() function.
4817 4817 */
4818 4818
4819 4819 if ((cap = strtof(prop_id, &unitp)) <= 0 || *unitp != '\0' ||
4820 4820 (int)(cap * 100) < 1) {
4821 4821 zerr(gettext("%s property is out of range."),
4822 4822 pt_to_str(PT_NCPUS));
4823 4823 saw_error = B_TRUE;
4824 4824 return;
4825 4825 }
4826 4826
4827 4827 if ((err = zonecfg_set_aliased_rctl(handle, ALIAS_CPUCAP,
4828 4828 (int)(cap * 100))) != Z_OK)
4829 4829 zone_perror(zone, err, B_TRUE);
4830 4830 else
4831 4831 need_to_commit = B_TRUE;
4832 4832 return;
4833 4833 case RT_MCAP:
4834 4834 switch (prop_type) {
4835 4835 case PT_PHYSICAL:
4836 4836 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4837 4837 zerr(gettext("A positive number with a "
4838 4838 "required scale suffix (K, M, G or T) was "
4839 4839 "expected here."));
4840 4840 saw_error = B_TRUE;
4841 4841 } else if (mem_cap < ONE_MB) {
4842 4842 zerr(gettext("%s value is too small. It must "
4843 4843 "be at least 1M."), pt_to_str(PT_PHYSICAL));
4844 4844 saw_error = B_TRUE;
4845 4845 } else {
4846 4846 snprintf(in_progress_mcaptab.zone_physmem_cap,
4847 4847 physmem_size, "%llu", mem_cap);
4848 4848 }
4849 4849 break;
4850 4850 case PT_SWAP:
4851 4851 /*
4852 4852 * We have to check if an rctl is allowed here since
4853 4853 * there might already be a rctl defined that blocks
4854 4854 * the alias.
4855 4855 */
4856 4856 if (!zonecfg_aliased_rctl_ok(handle, ALIAS_MAXSWAP)) {
4857 4857 zone_perror(pt_to_str(PT_MAXSWAP),
4858 4858 Z_ALIAS_DISALLOW, B_FALSE);
4859 4859 saw_error = B_TRUE;
4860 4860 return;
4861 4861 }
4862 4862
4863 4863 if (global_zone)
4864 4864 mem_limit = ONE_MB * 100;
4865 4865 else
4866 4866 mem_limit = ONE_MB * 50;
4867 4867
4868 4868 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4869 4869 zerr(gettext("A positive number with a "
4870 4870 "required scale suffix (K, M, G or T) was "
4871 4871 "expected here."));
4872 4872 saw_error = B_TRUE;
4873 4873 } else if (mem_cap < mem_limit) {
4874 4874 char buf[128];
4875 4875
4876 4876 (void) snprintf(buf, sizeof (buf), "%llu",
4877 4877 mem_limit);
4878 4878 bytes_to_units(buf, buf, sizeof (buf));
4879 4879 zerr(gettext("%s value is too small. It must "
4880 4880 "be at least %s."), pt_to_str(PT_SWAP),
4881 4881 buf);
4882 4882 saw_error = B_TRUE;
4883 4883 } else {
4884 4884 if ((err = zonecfg_set_aliased_rctl(handle,
4885 4885 ALIAS_MAXSWAP, mem_cap)) != Z_OK)
4886 4886 zone_perror(zone, err, B_TRUE);
4887 4887 else
4888 4888 need_to_commit = B_TRUE;
4889 4889 }
4890 4890 break;
4891 4891 case PT_LOCKED:
4892 4892 /*
4893 4893 * We have to check if an rctl is allowed here since
4894 4894 * there might already be a rctl defined that blocks
4895 4895 * the alias.
4896 4896 */
4897 4897 if (!zonecfg_aliased_rctl_ok(handle,
4898 4898 ALIAS_MAXLOCKEDMEM)) {
4899 4899 zone_perror(pt_to_str(PT_LOCKED),
4900 4900 Z_ALIAS_DISALLOW, B_FALSE);
4901 4901 saw_error = B_TRUE;
4902 4902 return;
4903 4903 }
4904 4904
4905 4905 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4906 4906 zerr(gettext("A non-negative number with a "
4907 4907 "required scale suffix (K, M, G or T) was "
4908 4908 "expected\nhere."));
4909 4909 saw_error = B_TRUE;
4910 4910 } else {
4911 4911 if ((err = zonecfg_set_aliased_rctl(handle,
4912 4912 ALIAS_MAXLOCKEDMEM, mem_cap)) != Z_OK)
4913 4913 zone_perror(zone, err, B_TRUE);
4914 4914 else
4915 4915 need_to_commit = B_TRUE;
4916 4916 }
4917 4917 break;
4918 4918 default:
4919 4919 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4920 4920 B_TRUE);
4921 4921 long_usage(CMD_SET, B_TRUE);
4922 4922 usage(B_FALSE, HELP_PROPS);
4923 4923 return;
4924 4924 }
4925 4925 return;
4926 4926 case RT_ADMIN:
4927 4927 switch (prop_type) {
4928 4928 case PT_USER:
4929 4929 (void) strlcpy(in_progress_admintab.zone_admin_user,
4930 4930 prop_id,
4931 4931 sizeof (in_progress_admintab.zone_admin_user));
4932 4932 return;
4933 4933 case PT_AUTHS:
4934 4934 (void) strlcpy(in_progress_admintab.zone_admin_auths,
4935 4935 prop_id,
4936 4936 sizeof (in_progress_admintab.zone_admin_auths));
4937 4937 return;
4938 4938 default:
4939 4939 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4940 4940 B_TRUE);
4941 4941 long_usage(CMD_SET, B_TRUE);
4942 4942 usage(B_FALSE, HELP_PROPS);
4943 4943 return;
4944 4944 }
4945 4945 case RT_SECFLAGS: {
4946 4946 char *propstr;
4947 4947
4948 4948 switch (prop_type) {
4949 4949 case PT_DEFAULT:
4950 4950 propstr = in_progress_secflagstab.zone_secflags_default;
4951 4951 break;
4952 4952 case PT_UPPER:
4953 4953 propstr = in_progress_secflagstab.zone_secflags_upper;
4954 4954 break;
4955 4955 case PT_LOWER:
4956 4956 propstr = in_progress_secflagstab.zone_secflags_lower;
4957 4957 break;
4958 4958 default:
4959 4959 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4960 4960 B_TRUE);
4961 4961 long_usage(CMD_SET, B_TRUE);
4962 4962 usage(B_FALSE, HELP_PROPS);
4963 4963 return;
4964 4964 }
4965 4965 (void) strlcpy(propstr, prop_id, ZONECFG_SECFLAGS_MAX);
4966 4966 return;
4967 4967 }
4968 4968 default:
4969 4969 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
4970 4970 long_usage(CMD_SET, B_TRUE);
4971 4971 usage(B_FALSE, HELP_RESOURCES);
4972 4972 return;
4973 4973 }
4974 4974 }
4975 4975
4976 4976 static void
4977 4977 output_prop(FILE *fp, int pnum, char *pval, boolean_t print_notspec)
4978 4978 {
4979 4979 char *qstr;
4980 4980
4981 4981 if (*pval != '\0') {
4982 4982 qstr = quoteit(pval);
4983 4983 if (pnum == PT_SWAP || pnum == PT_LOCKED)
4984 4984 (void) fprintf(fp, "\t[%s: %s]\n", pt_to_str(pnum),
4985 4985 qstr);
4986 4986 else
4987 4987 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(pnum), qstr);
4988 4988 free(qstr);
4989 4989 } else if (print_notspec)
4990 4990 (void) fprintf(fp, gettext("\t%s not specified\n"),
4991 4991 pt_to_str(pnum));
4992 4992 }
4993 4993
4994 4994 static void
4995 4995 info_zonename(zone_dochandle_t handle, FILE *fp)
4996 4996 {
4997 4997 char zonename[ZONENAME_MAX];
4998 4998
4999 4999 if (zonecfg_get_name(handle, zonename, sizeof (zonename)) == Z_OK)
5000 5000 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONENAME),
5001 5001 zonename);
5002 5002 else
5003 5003 (void) fprintf(fp, gettext("%s not specified\n"),
5004 5004 pt_to_str(PT_ZONENAME));
5005 5005 }
5006 5006
5007 5007 static void
5008 5008 info_zonepath(zone_dochandle_t handle, FILE *fp)
5009 5009 {
5010 5010 char zonepath[MAXPATHLEN];
5011 5011
5012 5012 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK)
5013 5013 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONEPATH),
5014 5014 zonepath);
5015 5015 else {
5016 5016 (void) fprintf(fp, gettext("%s not specified\n"),
5017 5017 pt_to_str(PT_ZONEPATH));
5018 5018 }
5019 5019 }
5020 5020
5021 5021 static void
5022 5022 info_brand(zone_dochandle_t handle, FILE *fp)
5023 5023 {
5024 5024 char brand[MAXNAMELEN];
5025 5025
5026 5026 if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK)
5027 5027 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BRAND),
5028 5028 brand);
5029 5029 else
5030 5030 (void) fprintf(fp, "%s %s\n", pt_to_str(PT_BRAND),
5031 5031 gettext("not specified"));
5032 5032 }
5033 5033
5034 5034 static void
5035 5035 info_autoboot(zone_dochandle_t handle, FILE *fp)
5036 5036 {
5037 5037 boolean_t autoboot;
5038 5038 int err;
5039 5039
5040 5040 if ((err = zonecfg_get_autoboot(handle, &autoboot)) == Z_OK)
5041 5041 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_AUTOBOOT),
5042 5042 autoboot ? "true" : "false");
5043 5043 else
5044 5044 zone_perror(zone, err, B_TRUE);
5045 5045 }
5046 5046
5047 5047 static void
5048 5048 info_pool(zone_dochandle_t handle, FILE *fp)
5049 5049 {
5050 5050 char pool[MAXNAMELEN];
5051 5051 int err;
5052 5052
5053 5053 if ((err = zonecfg_get_pool(handle, pool, sizeof (pool))) == Z_OK)
5054 5054 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_POOL), pool);
5055 5055 else
5056 5056 zone_perror(zone, err, B_TRUE);
5057 5057 }
5058 5058
5059 5059 static void
5060 5060 info_limitpriv(zone_dochandle_t handle, FILE *fp)
5061 5061 {
5062 5062 char *limitpriv;
5063 5063 int err;
5064 5064
5065 5065 if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) == Z_OK) {
5066 5066 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_LIMITPRIV),
5067 5067 limitpriv);
5068 5068 free(limitpriv);
5069 5069 } else {
5070 5070 zone_perror(zone, err, B_TRUE);
5071 5071 }
5072 5072 }
5073 5073
5074 5074 static void
5075 5075 info_bootargs(zone_dochandle_t handle, FILE *fp)
5076 5076 {
5077 5077 char bootargs[BOOTARGS_MAX];
5078 5078 int err;
5079 5079
5080 5080 if ((err = zonecfg_get_bootargs(handle, bootargs,
5081 5081 sizeof (bootargs))) == Z_OK) {
5082 5082 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BOOTARGS),
5083 5083 bootargs);
5084 5084 } else {
5085 5085 zone_perror(zone, err, B_TRUE);
5086 5086 }
5087 5087 }
5088 5088
5089 5089 static void
5090 5090 info_sched(zone_dochandle_t handle, FILE *fp)
5091 5091 {
5092 5092 char sched[MAXNAMELEN];
5093 5093 int err;
5094 5094
5095 5095 if ((err = zonecfg_get_sched_class(handle, sched, sizeof (sched)))
5096 5096 == Z_OK) {
5097 5097 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_SCHED), sched);
5098 5098 } else {
5099 5099 zone_perror(zone, err, B_TRUE);
5100 5100 }
5101 5101 }
5102 5102
5103 5103 static void
5104 5104 info_iptype(zone_dochandle_t handle, FILE *fp)
5105 5105 {
5106 5106 zone_iptype_t iptype;
5107 5107 int err;
5108 5108
5109 5109 if ((err = zonecfg_get_iptype(handle, &iptype)) == Z_OK) {
5110 5110 switch (iptype) {
5111 5111 case ZS_SHARED:
5112 5112 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
5113 5113 "shared");
5114 5114 break;
5115 5115 case ZS_EXCLUSIVE:
5116 5116 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
5117 5117 "exclusive");
5118 5118 break;
5119 5119 }
5120 5120 } else {
5121 5121 zone_perror(zone, err, B_TRUE);
5122 5122 }
5123 5123 }
5124 5124
5125 5125 static void
5126 5126 info_hostid(zone_dochandle_t handle, FILE *fp)
5127 5127 {
5128 5128 char hostidp[HW_HOSTID_LEN];
5129 5129 int err;
5130 5130
5131 5131 if ((err = zonecfg_get_hostid(handle, hostidp,
5132 5132 sizeof (hostidp))) == Z_OK) {
5133 5133 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_HOSTID), hostidp);
5134 5134 } else if (err == Z_BAD_PROPERTY) {
5135 5135 (void) fprintf(fp, "%s: \n", pt_to_str(PT_HOSTID));
5136 5136 } else {
5137 5137 zone_perror(zone, err, B_TRUE);
5138 5138 }
5139 5139 }
5140 5140
5141 5141 static void
5142 5142 info_fs_allowed(zone_dochandle_t handle, FILE *fp)
5143 5143 {
5144 5144 char fsallowedp[ZONE_FS_ALLOWED_MAX];
5145 5145 int err;
5146 5146
5147 5147 if ((err = zonecfg_get_fs_allowed(handle, fsallowedp,
5148 5148 sizeof (fsallowedp))) == Z_OK) {
5149 5149 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_FS_ALLOWED),
5150 5150 fsallowedp);
5151 5151 } else if (err == Z_BAD_PROPERTY) {
5152 5152 (void) fprintf(fp, "%s: \n", pt_to_str(PT_FS_ALLOWED));
5153 5153 } else {
5154 5154 zone_perror(zone, err, B_TRUE);
5155 5155 }
5156 5156 }
5157 5157
5158 5158 static void
5159 5159 output_fs(FILE *fp, struct zone_fstab *fstab)
5160 5160 {
5161 5161 zone_fsopt_t *this;
5162 5162
5163 5163 (void) fprintf(fp, "%s:\n", rt_to_str(RT_FS));
5164 5164 output_prop(fp, PT_DIR, fstab->zone_fs_dir, B_TRUE);
5165 5165 output_prop(fp, PT_SPECIAL, fstab->zone_fs_special, B_TRUE);
5166 5166 output_prop(fp, PT_RAW, fstab->zone_fs_raw, B_TRUE);
5167 5167 output_prop(fp, PT_TYPE, fstab->zone_fs_type, B_TRUE);
5168 5168 (void) fprintf(fp, "\t%s: [", pt_to_str(PT_OPTIONS));
5169 5169 for (this = fstab->zone_fs_options; this != NULL;
5170 5170 this = this->zone_fsopt_next) {
5171 5171 if (strchr(this->zone_fsopt_opt, '='))
5172 5172 (void) fprintf(fp, "\"%s\"", this->zone_fsopt_opt);
5173 5173 else
5174 5174 (void) fprintf(fp, "%s", this->zone_fsopt_opt);
5175 5175 if (this->zone_fsopt_next != NULL)
5176 5176 (void) fprintf(fp, ",");
5177 5177 }
5178 5178 (void) fprintf(fp, "]\n");
5179 5179 }
5180 5180
5181 5181 static void
5182 5182 info_fs(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5183 5183 {
5184 5184 struct zone_fstab lookup, user;
5185 5185 boolean_t output = B_FALSE;
5186 5186
5187 5187 if (zonecfg_setfsent(handle) != Z_OK)
5188 5188 return;
5189 5189 while (zonecfg_getfsent(handle, &lookup) == Z_OK) {
5190 5190 if (cmd->cmd_prop_nv_pairs == 0) {
5191 5191 output_fs(fp, &lookup);
5192 5192 goto loopend;
5193 5193 }
5194 5194 if (fill_in_fstab(cmd, &user, B_TRUE) != Z_OK)
5195 5195 goto loopend;
5196 5196 if (strlen(user.zone_fs_dir) > 0 &&
5197 5197 strcmp(user.zone_fs_dir, lookup.zone_fs_dir) != 0)
5198 5198 goto loopend; /* no match */
5199 5199 if (strlen(user.zone_fs_special) > 0 &&
5200 5200 strcmp(user.zone_fs_special, lookup.zone_fs_special) != 0)
5201 5201 goto loopend; /* no match */
5202 5202 if (strlen(user.zone_fs_type) > 0 &&
5203 5203 strcmp(user.zone_fs_type, lookup.zone_fs_type) != 0)
5204 5204 goto loopend; /* no match */
5205 5205 output_fs(fp, &lookup);
5206 5206 output = B_TRUE;
5207 5207 loopend:
5208 5208 zonecfg_free_fs_option_list(lookup.zone_fs_options);
5209 5209 }
5210 5210 (void) zonecfg_endfsent(handle);
5211 5211 /*
5212 5212 * If a property n/v pair was specified, warn the user if there was
5213 5213 * nothing to output.
5214 5214 */
5215 5215 if (!output && cmd->cmd_prop_nv_pairs > 0)
5216 5216 (void) printf(gettext("No such %s resource.\n"),
5217 5217 rt_to_str(RT_FS));
5218 5218 }
5219 5219
5220 5220 static void
5221 5221 output_net(FILE *fp, struct zone_nwiftab *nwiftab)
5222 5222 {
5223 5223 (void) fprintf(fp, "%s:\n", rt_to_str(RT_NET));
5224 5224 output_prop(fp, PT_ADDRESS, nwiftab->zone_nwif_address, B_TRUE);
5225 5225 output_prop(fp, PT_ALLOWED_ADDRESS,
5226 5226 nwiftab->zone_nwif_allowed_address, B_TRUE);
5227 5227 output_prop(fp, PT_PHYSICAL, nwiftab->zone_nwif_physical, B_TRUE);
5228 5228 output_prop(fp, PT_DEFROUTER, nwiftab->zone_nwif_defrouter, B_TRUE);
5229 5229 }
5230 5230
5231 5231 static void
5232 5232 info_net(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5233 5233 {
5234 5234 struct zone_nwiftab lookup, user;
5235 5235 boolean_t output = B_FALSE;
5236 5236
5237 5237 if (zonecfg_setnwifent(handle) != Z_OK)
5238 5238 return;
5239 5239 while (zonecfg_getnwifent(handle, &lookup) == Z_OK) {
5240 5240 if (cmd->cmd_prop_nv_pairs == 0) {
5241 5241 output_net(fp, &lookup);
5242 5242 continue;
5243 5243 }
5244 5244 if (fill_in_nwiftab(cmd, &user, B_TRUE) != Z_OK)
5245 5245 continue;
5246 5246 if (strlen(user.zone_nwif_physical) > 0 &&
5247 5247 strcmp(user.zone_nwif_physical,
5248 5248 lookup.zone_nwif_physical) != 0)
5249 5249 continue; /* no match */
5250 5250 /* If present make sure it matches */
5251 5251 if (strlen(user.zone_nwif_address) > 0 &&
5252 5252 !zonecfg_same_net_address(user.zone_nwif_address,
5253 5253 lookup.zone_nwif_address))
5254 5254 continue; /* no match */
5255 5255 output_net(fp, &lookup);
5256 5256 output = B_TRUE;
5257 5257 }
5258 5258 (void) zonecfg_endnwifent(handle);
5259 5259 /*
5260 5260 * If a property n/v pair was specified, warn the user if there was
5261 5261 * nothing to output.
5262 5262 */
5263 5263 if (!output && cmd->cmd_prop_nv_pairs > 0)
5264 5264 (void) printf(gettext("No such %s resource.\n"),
5265 5265 rt_to_str(RT_NET));
5266 5266 }
5267 5267
5268 5268 static void
5269 5269 output_dev(FILE *fp, struct zone_devtab *devtab)
5270 5270 {
5271 5271 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DEVICE));
5272 5272 output_prop(fp, PT_MATCH, devtab->zone_dev_match, B_TRUE);
5273 5273 }
5274 5274
5275 5275 static void
5276 5276 info_dev(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5277 5277 {
5278 5278 struct zone_devtab lookup, user;
5279 5279 boolean_t output = B_FALSE;
5280 5280
5281 5281 if (zonecfg_setdevent(handle) != Z_OK)
5282 5282 return;
5283 5283 while (zonecfg_getdevent(handle, &lookup) == Z_OK) {
5284 5284 if (cmd->cmd_prop_nv_pairs == 0) {
5285 5285 output_dev(fp, &lookup);
5286 5286 continue;
5287 5287 }
5288 5288 if (fill_in_devtab(cmd, &user, B_TRUE) != Z_OK)
5289 5289 continue;
5290 5290 if (strlen(user.zone_dev_match) > 0 &&
5291 5291 strcmp(user.zone_dev_match, lookup.zone_dev_match) != 0)
5292 5292 continue; /* no match */
5293 5293 output_dev(fp, &lookup);
5294 5294 output = B_TRUE;
5295 5295 }
5296 5296 (void) zonecfg_enddevent(handle);
5297 5297 /*
5298 5298 * If a property n/v pair was specified, warn the user if there was
5299 5299 * nothing to output.
5300 5300 */
5301 5301 if (!output && cmd->cmd_prop_nv_pairs > 0)
5302 5302 (void) printf(gettext("No such %s resource.\n"),
5303 5303 rt_to_str(RT_DEVICE));
5304 5304 }
5305 5305
5306 5306 static void
5307 5307 output_rctl(FILE *fp, struct zone_rctltab *rctltab)
5308 5308 {
5309 5309 struct zone_rctlvaltab *valptr;
5310 5310
5311 5311 (void) fprintf(fp, "%s:\n", rt_to_str(RT_RCTL));
5312 5312 output_prop(fp, PT_NAME, rctltab->zone_rctl_name, B_TRUE);
5313 5313 for (valptr = rctltab->zone_rctl_valptr; valptr != NULL;
5314 5314 valptr = valptr->zone_rctlval_next) {
5315 5315 fprintf(fp, "\t%s: (%s=%s,%s=%s,%s=%s)\n",
5316 5316 pt_to_str(PT_VALUE),
5317 5317 pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
5318 5318 pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
5319 5319 pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
5320 5320 }
5321 5321 }
5322 5322
5323 5323 static void
5324 5324 info_rctl(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5325 5325 {
5326 5326 struct zone_rctltab lookup, user;
5327 5327 boolean_t output = B_FALSE;
5328 5328
5329 5329 if (zonecfg_setrctlent(handle) != Z_OK)
5330 5330 return;
5331 5331 while (zonecfg_getrctlent(handle, &lookup) == Z_OK) {
5332 5332 if (cmd->cmd_prop_nv_pairs == 0) {
5333 5333 output_rctl(fp, &lookup);
5334 5334 } else if (fill_in_rctltab(cmd, &user, B_TRUE) == Z_OK &&
5335 5335 (strlen(user.zone_rctl_name) == 0 ||
5336 5336 strcmp(user.zone_rctl_name, lookup.zone_rctl_name) == 0)) {
5337 5337 output_rctl(fp, &lookup);
5338 5338 output = B_TRUE;
5339 5339 }
5340 5340 zonecfg_free_rctl_value_list(lookup.zone_rctl_valptr);
5341 5341 }
5342 5342 (void) zonecfg_endrctlent(handle);
5343 5343 /*
5344 5344 * If a property n/v pair was specified, warn the user if there was
5345 5345 * nothing to output.
5346 5346 */
5347 5347 if (!output && cmd->cmd_prop_nv_pairs > 0)
5348 5348 (void) printf(gettext("No such %s resource.\n"),
5349 5349 rt_to_str(RT_RCTL));
5350 5350 }
5351 5351
5352 5352 static void
5353 5353 output_attr(FILE *fp, struct zone_attrtab *attrtab)
5354 5354 {
5355 5355 (void) fprintf(fp, "%s:\n", rt_to_str(RT_ATTR));
5356 5356 output_prop(fp, PT_NAME, attrtab->zone_attr_name, B_TRUE);
5357 5357 output_prop(fp, PT_TYPE, attrtab->zone_attr_type, B_TRUE);
5358 5358 output_prop(fp, PT_VALUE, attrtab->zone_attr_value, B_TRUE);
5359 5359 }
5360 5360
5361 5361 static void
5362 5362 info_attr(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5363 5363 {
5364 5364 struct zone_attrtab lookup, user;
5365 5365 boolean_t output = B_FALSE;
5366 5366
5367 5367 if (zonecfg_setattrent(handle) != Z_OK)
5368 5368 return;
5369 5369 while (zonecfg_getattrent(handle, &lookup) == Z_OK) {
5370 5370 if (cmd->cmd_prop_nv_pairs == 0) {
5371 5371 output_attr(fp, &lookup);
5372 5372 continue;
5373 5373 }
5374 5374 if (fill_in_attrtab(cmd, &user, B_TRUE) != Z_OK)
5375 5375 continue;
5376 5376 if (strlen(user.zone_attr_name) > 0 &&
5377 5377 strcmp(user.zone_attr_name, lookup.zone_attr_name) != 0)
5378 5378 continue; /* no match */
5379 5379 if (strlen(user.zone_attr_type) > 0 &&
5380 5380 strcmp(user.zone_attr_type, lookup.zone_attr_type) != 0)
5381 5381 continue; /* no match */
5382 5382 if (strlen(user.zone_attr_value) > 0 &&
5383 5383 strcmp(user.zone_attr_value, lookup.zone_attr_value) != 0)
5384 5384 continue; /* no match */
5385 5385 output_attr(fp, &lookup);
5386 5386 output = B_TRUE;
5387 5387 }
5388 5388 (void) zonecfg_endattrent(handle);
5389 5389 /*
5390 5390 * If a property n/v pair was specified, warn the user if there was
5391 5391 * nothing to output.
5392 5392 */
5393 5393 if (!output && cmd->cmd_prop_nv_pairs > 0)
5394 5394 (void) printf(gettext("No such %s resource.\n"),
5395 5395 rt_to_str(RT_ATTR));
5396 5396 }
5397 5397
5398 5398 static void
5399 5399 output_ds(FILE *fp, struct zone_dstab *dstab)
5400 5400 {
5401 5401 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DATASET));
5402 5402 output_prop(fp, PT_NAME, dstab->zone_dataset_name, B_TRUE);
5403 5403 }
5404 5404
5405 5405 static void
5406 5406 info_ds(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5407 5407 {
5408 5408 struct zone_dstab lookup, user;
5409 5409 boolean_t output = B_FALSE;
5410 5410
5411 5411 if (zonecfg_setdsent(handle) != Z_OK)
5412 5412 return;
5413 5413 while (zonecfg_getdsent(handle, &lookup) == Z_OK) {
5414 5414 if (cmd->cmd_prop_nv_pairs == 0) {
5415 5415 output_ds(fp, &lookup);
5416 5416 continue;
5417 5417 }
5418 5418 if (fill_in_dstab(cmd, &user, B_TRUE) != Z_OK)
5419 5419 continue;
5420 5420 if (strlen(user.zone_dataset_name) > 0 &&
5421 5421 strcmp(user.zone_dataset_name,
5422 5422 lookup.zone_dataset_name) != 0)
5423 5423 continue; /* no match */
5424 5424 output_ds(fp, &lookup);
5425 5425 output = B_TRUE;
5426 5426 }
5427 5427 (void) zonecfg_enddsent(handle);
5428 5428 /*
5429 5429 * If a property n/v pair was specified, warn the user if there was
5430 5430 * nothing to output.
5431 5431 */
5432 5432 if (!output && cmd->cmd_prop_nv_pairs > 0)
5433 5433 (void) printf(gettext("No such %s resource.\n"),
5434 5434 rt_to_str(RT_DATASET));
5435 5435 }
5436 5436
5437 5437 static void
5438 5438 output_pset(FILE *fp, struct zone_psettab *psettab)
5439 5439 {
5440 5440 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DCPU));
5441 5441 if (strcmp(psettab->zone_ncpu_min, psettab->zone_ncpu_max) == 0)
5442 5442 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_NCPUS),
5443 5443 psettab->zone_ncpu_max);
5444 5444 else
5445 5445 (void) fprintf(fp, "\t%s: %s-%s\n", pt_to_str(PT_NCPUS),
5446 5446 psettab->zone_ncpu_min, psettab->zone_ncpu_max);
5447 5447 if (psettab->zone_importance[0] != '\0')
5448 5448 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_IMPORTANCE),
5449 5449 psettab->zone_importance);
5450 5450 }
5451 5451
5452 5452 static void
5453 5453 info_pset(zone_dochandle_t handle, FILE *fp)
5454 5454 {
5455 5455 struct zone_psettab lookup;
5456 5456
5457 5457 if (zonecfg_getpsetent(handle, &lookup) == Z_OK)
5458 5458 output_pset(fp, &lookup);
5459 5459 }
5460 5460
5461 5461 static void
5462 5462 output_pcap(FILE *fp)
5463 5463 {
5464 5464 uint64_t cap;
5465 5465
5466 5466 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &cap) == Z_OK) {
5467 5467 float scaled = (float)cap / 100;
5468 5468 (void) fprintf(fp, "%s:\n", rt_to_str(RT_PCAP));
5469 5469 (void) fprintf(fp, "\t[%s: %.2f]\n", pt_to_str(PT_NCPUS),
5470 5470 scaled);
5471 5471 }
5472 5472 }
5473 5473
5474 5474 static void
5475 5475 info_pcap(FILE *fp)
5476 5476 {
5477 5477 output_pcap(fp);
5478 5478 }
5479 5479
5480 5480
5481 5481 static void
5482 5482 info_aliased_rctl(zone_dochandle_t handle, FILE *fp, char *alias)
5483 5483 {
5484 5484 uint64_t limit;
5485 5485
5486 5486 if (zonecfg_get_aliased_rctl(handle, alias, &limit) == Z_OK) {
5487 5487 /* convert memory based properties */
5488 5488 if (strcmp(alias, ALIAS_MAXSHMMEM) == 0) {
5489 5489 char buf[128];
5490 5490
5491 5491 (void) snprintf(buf, sizeof (buf), "%llu", limit);
5492 5492 bytes_to_units(buf, buf, sizeof (buf));
5493 5493 (void) fprintf(fp, "[%s: %s]\n", alias, buf);
5494 5494 return;
5495 5495 }
5496 5496
5497 5497 (void) fprintf(fp, "[%s: %llu]\n", alias, limit);
5498 5498 }
5499 5499 }
5500 5500
5501 5501 static void
5502 5502 bytes_to_units(char *str, char *buf, int bufsize)
5503 5503 {
5504 5504 unsigned long long num;
5505 5505 unsigned long long save = 0;
5506 5506 char *units = "BKMGT";
5507 5507 char *up = units;
5508 5508
5509 5509 num = strtoll(str, NULL, 10);
5510 5510
5511 5511 if (num < 1024) {
5512 5512 (void) snprintf(buf, bufsize, "%llu", num);
5513 5513 return;
5514 5514 }
5515 5515
5516 5516 while ((num >= 1024) && (*up != 'T')) {
5517 5517 up++; /* next unit of measurement */
5518 5518 save = num;
5519 5519 num = (num + 512) >> 10;
5520 5520 }
5521 5521
5522 5522 /* check if we should output a fraction. snprintf will round for us */
5523 5523 if (save % 1024 != 0 && ((save >> 10) < 10))
5524 5524 (void) snprintf(buf, bufsize, "%2.1f%c", ((float)save / 1024),
5525 5525 *up);
5526 5526 else
5527 5527 (void) snprintf(buf, bufsize, "%llu%c", num, *up);
5528 5528 }
5529 5529
5530 5530 static void
5531 5531 output_mcap(FILE *fp, struct zone_mcaptab *mcaptab, int showswap,
5532 5532 uint64_t maxswap, int showlocked, uint64_t maxlocked)
5533 5533 {
5534 5534 char buf[128];
5535 5535
5536 5536 (void) fprintf(fp, "%s:\n", rt_to_str(RT_MCAP));
5537 5537 if (mcaptab->zone_physmem_cap[0] != '\0') {
5538 5538 bytes_to_units(mcaptab->zone_physmem_cap, buf, sizeof (buf));
5539 5539 output_prop(fp, PT_PHYSICAL, buf, B_TRUE);
5540 5540 }
5541 5541
5542 5542 if (showswap == Z_OK) {
5543 5543 (void) snprintf(buf, sizeof (buf), "%llu", maxswap);
5544 5544 bytes_to_units(buf, buf, sizeof (buf));
5545 5545 output_prop(fp, PT_SWAP, buf, B_TRUE);
5546 5546 }
5547 5547
5548 5548 if (showlocked == Z_OK) {
5549 5549 (void) snprintf(buf, sizeof (buf), "%llu", maxlocked);
5550 5550 bytes_to_units(buf, buf, sizeof (buf));
5551 5551 output_prop(fp, PT_LOCKED, buf, B_TRUE);
5552 5552 }
5553 5553 }
5554 5554
5555 5555 static void
5556 5556 info_mcap(zone_dochandle_t handle, FILE *fp)
5557 5557 {
5558 5558 int res1, res2, res3;
5559 5559 uint64_t swap_limit;
5560 5560 uint64_t locked_limit;
5561 5561 struct zone_mcaptab lookup;
5562 5562
5563 5563 bzero(&lookup, sizeof (lookup));
5564 5564 res1 = zonecfg_getmcapent(handle, &lookup);
5565 5565 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &swap_limit);
5566 5566 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
5567 5567 &locked_limit);
5568 5568
5569 5569 if (res1 == Z_OK || res2 == Z_OK || res3 == Z_OK)
5570 5570 output_mcap(fp, &lookup, res2, swap_limit, res3, locked_limit);
5571 5571 }
5572 5572
5573 5573 static void
5574 5574 output_auth(FILE *fp, struct zone_admintab *admintab)
5575 5575 {
5576 5576 (void) fprintf(fp, "%s:\n", rt_to_str(RT_ADMIN));
5577 5577 output_prop(fp, PT_USER, admintab->zone_admin_user, B_TRUE);
5578 5578 output_prop(fp, PT_AUTHS, admintab->zone_admin_auths, B_TRUE);
5579 5579 }
5580 5580
5581 5581 static void
5582 5582 output_secflags(FILE *fp, struct zone_secflagstab *sftab)
5583 5583 {
5584 5584 (void) fprintf(fp, "%s:\n", rt_to_str(RT_SECFLAGS));
5585 5585 output_prop(fp, PT_DEFAULT, sftab->zone_secflags_default, B_TRUE);
5586 5586 output_prop(fp, PT_LOWER, sftab->zone_secflags_lower, B_TRUE);
5587 5587 output_prop(fp, PT_UPPER, sftab->zone_secflags_upper, B_TRUE);
5588 5588 }
5589 5589
5590 5590 static void
5591 5591 info_auth(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5592 5592 {
5593 5593 struct zone_admintab lookup, user;
5594 5594 boolean_t output = B_FALSE;
5595 5595 int err;
5596 5596
5597 5597 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
5598 5598 zone_perror(zone, err, B_TRUE);
5599 5599 return;
5600 5600 }
5601 5601 while (zonecfg_getadminent(handle, &lookup) == Z_OK) {
5602 5602 if (cmd->cmd_prop_nv_pairs == 0) {
5603 5603 output_auth(fp, &lookup);
5604 5604 continue;
5605 5605 }
5606 5606 if (fill_in_admintab(cmd, &user, B_TRUE) != Z_OK)
5607 5607 continue;
5608 5608 if (strlen(user.zone_admin_user) > 0 &&
5609 5609 strcmp(user.zone_admin_user, lookup.zone_admin_user) != 0)
5610 5610 continue; /* no match */
5611 5611 output_auth(fp, &lookup);
5612 5612 output = B_TRUE;
5613 5613 }
5614 5614 (void) zonecfg_endadminent(handle);
5615 5615 /*
5616 5616 * If a property n/v pair was specified, warn the user if there was
5617 5617 * nothing to output.
5618 5618 */
5619 5619 if (!output && cmd->cmd_prop_nv_pairs > 0)
5620 5620 (void) printf(gettext("No such %s resource.\n"),
5621 5621 rt_to_str(RT_ADMIN));
5622 5622 }
5623 5623
5624 5624 static void
5625 5625 info_secflags(zone_dochandle_t handle, FILE *fp)
5626 5626 {
5627 5627 struct zone_secflagstab sftab;
5628 5628
5629 5629 if (zonecfg_lookup_secflags(handle, &sftab) == Z_OK) {
5630 5630 output_secflags(fp, &sftab);
5631 5631 }
5632 5632 }
5633 5633
5634 5634 void
5635 5635 info_func(cmd_t *cmd)
5636 5636 {
5637 5637 FILE *fp = stdout;
5638 5638 boolean_t need_to_close = B_FALSE;
5639 5639 int type;
5640 5640 int res1, res2;
5641 5641 uint64_t swap_limit;
5642 5642 uint64_t locked_limit;
5643 5643
5644 5644 assert(cmd != NULL);
5645 5645
5646 5646 if (initialize(B_TRUE) != Z_OK)
5647 5647 return;
5648 5648
5649 5649 /* don't page error output */
5650 5650 if (interactive_mode) {
5651 5651 if ((fp = pager_open()) != NULL)
5652 5652 need_to_close = B_TRUE;
5653 5653 else
5654 5654 fp = stdout;
5655 5655
5656 5656 setbuf(fp, NULL);
5657 5657 }
5658 5658
5659 5659 if (!global_scope) {
5660 5660 switch (resource_scope) {
5661 5661 case RT_FS:
5662 5662 output_fs(fp, &in_progress_fstab);
5663 5663 break;
5664 5664 case RT_NET:
5665 5665 output_net(fp, &in_progress_nwiftab);
5666 5666 break;
5667 5667 case RT_DEVICE:
5668 5668 output_dev(fp, &in_progress_devtab);
5669 5669 break;
5670 5670 case RT_RCTL:
5671 5671 output_rctl(fp, &in_progress_rctltab);
5672 5672 break;
5673 5673 case RT_ATTR:
5674 5674 output_attr(fp, &in_progress_attrtab);
5675 5675 break;
5676 5676 case RT_DATASET:
5677 5677 output_ds(fp, &in_progress_dstab);
5678 5678 break;
5679 5679 case RT_DCPU:
5680 5680 output_pset(fp, &in_progress_psettab);
5681 5681 break;
5682 5682 case RT_PCAP:
5683 5683 output_pcap(fp);
5684 5684 break;
5685 5685 case RT_MCAP:
5686 5686 res1 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
5687 5687 &swap_limit);
5688 5688 res2 = zonecfg_get_aliased_rctl(handle,
5689 5689 ALIAS_MAXLOCKEDMEM, &locked_limit);
5690 5690 output_mcap(fp, &in_progress_mcaptab, res1, swap_limit,
5691 5691 res2, locked_limit);
5692 5692 break;
5693 5693 case RT_ADMIN:
5694 5694 output_auth(fp, &in_progress_admintab);
5695 5695 break;
5696 5696 case RT_SECFLAGS:
5697 5697 output_secflags(fp, &in_progress_secflagstab);
5698 5698 break;
5699 5699 }
5700 5700 goto cleanup;
5701 5701 }
5702 5702
5703 5703 type = cmd->cmd_res_type;
5704 5704
5705 5705 if (gz_invalid_rt_property(type)) {
5706 5706 zerr(gettext("%s is not a valid property for the global zone."),
5707 5707 rt_to_str(type));
5708 5708 goto cleanup;
5709 5709 }
5710 5710
5711 5711 if (gz_invalid_resource(type)) {
5712 5712 zerr(gettext("%s is not a valid resource for the global zone."),
5713 5713 rt_to_str(type));
5714 5714 goto cleanup;
5715 5715 }
5716 5716
5717 5717 switch (cmd->cmd_res_type) {
5718 5718 case RT_UNKNOWN:
5719 5719 info_zonename(handle, fp);
5720 5720 if (!global_zone) {
5721 5721 info_zonepath(handle, fp);
5722 5722 info_brand(handle, fp);
5723 5723 info_autoboot(handle, fp);
5724 5724 info_bootargs(handle, fp);
5725 5725 }
5726 5726 info_pool(handle, fp);
5727 5727 if (!global_zone) {
5728 5728 info_limitpriv(handle, fp);
5729 5729 info_sched(handle, fp);
5730 5730 info_iptype(handle, fp);
5731 5731 info_hostid(handle, fp);
5732 5732 info_fs_allowed(handle, fp);
5733 5733 }
5734 5734 info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5735 5735 info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5736 5736 info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5737 5737 info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5738 5738 info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5739 5739 info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5740 5740 info_aliased_rctl(handle, fp, ALIAS_SHARES);
5741 5741 if (!global_zone) {
5742 5742 info_fs(handle, fp, cmd);
5743 5743 info_net(handle, fp, cmd);
5744 5744 info_dev(handle, fp, cmd);
5745 5745 }
5746 5746 info_pset(handle, fp);
5747 5747 info_pcap(fp);
5748 5748 info_mcap(handle, fp);
5749 5749 if (!global_zone) {
5750 5750 info_attr(handle, fp, cmd);
5751 5751 info_ds(handle, fp, cmd);
5752 5752 info_auth(handle, fp, cmd);
5753 5753 }
5754 5754 info_rctl(handle, fp, cmd);
5755 5755 info_secflags(handle, fp);
5756 5756 break;
5757 5757 case RT_ZONENAME:
5758 5758 info_zonename(handle, fp);
5759 5759 break;
5760 5760 case RT_ZONEPATH:
5761 5761 info_zonepath(handle, fp);
5762 5762 break;
5763 5763 case RT_BRAND:
5764 5764 info_brand(handle, fp);
5765 5765 break;
5766 5766 case RT_AUTOBOOT:
5767 5767 info_autoboot(handle, fp);
5768 5768 break;
5769 5769 case RT_POOL:
5770 5770 info_pool(handle, fp);
5771 5771 break;
5772 5772 case RT_LIMITPRIV:
5773 5773 info_limitpriv(handle, fp);
5774 5774 break;
5775 5775 case RT_BOOTARGS:
5776 5776 info_bootargs(handle, fp);
5777 5777 break;
5778 5778 case RT_SCHED:
5779 5779 info_sched(handle, fp);
5780 5780 break;
5781 5781 case RT_IPTYPE:
5782 5782 info_iptype(handle, fp);
5783 5783 break;
5784 5784 case RT_MAXLWPS:
5785 5785 info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5786 5786 break;
5787 5787 case RT_MAXPROCS:
5788 5788 info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5789 5789 break;
5790 5790 case RT_MAXSHMMEM:
5791 5791 info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5792 5792 break;
5793 5793 case RT_MAXSHMIDS:
5794 5794 info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5795 5795 break;
5796 5796 case RT_MAXMSGIDS:
5797 5797 info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5798 5798 break;
5799 5799 case RT_MAXSEMIDS:
5800 5800 info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5801 5801 break;
5802 5802 case RT_SHARES:
5803 5803 info_aliased_rctl(handle, fp, ALIAS_SHARES);
5804 5804 break;
5805 5805 case RT_FS:
5806 5806 info_fs(handle, fp, cmd);
5807 5807 break;
5808 5808 case RT_NET:
5809 5809 info_net(handle, fp, cmd);
5810 5810 break;
5811 5811 case RT_DEVICE:
5812 5812 info_dev(handle, fp, cmd);
5813 5813 break;
5814 5814 case RT_RCTL:
5815 5815 info_rctl(handle, fp, cmd);
5816 5816 break;
5817 5817 case RT_ATTR:
5818 5818 info_attr(handle, fp, cmd);
5819 5819 break;
5820 5820 case RT_DATASET:
5821 5821 info_ds(handle, fp, cmd);
5822 5822 break;
5823 5823 case RT_DCPU:
5824 5824 info_pset(handle, fp);
5825 5825 break;
5826 5826 case RT_PCAP:
5827 5827 info_pcap(fp);
5828 5828 break;
5829 5829 case RT_MCAP:
5830 5830 info_mcap(handle, fp);
5831 5831 break;
5832 5832 case RT_HOSTID:
5833 5833 info_hostid(handle, fp);
5834 5834 break;
5835 5835 case RT_ADMIN:
5836 5836 info_auth(handle, fp, cmd);
5837 5837 break;
5838 5838 case RT_FS_ALLOWED:
5839 5839 info_fs_allowed(handle, fp);
5840 5840 break;
5841 5841 case RT_SECFLAGS:
5842 5842 info_secflags(handle, fp);
5843 5843 break;
5844 5844 default:
5845 5845 zone_perror(rt_to_str(cmd->cmd_res_type), Z_NO_RESOURCE_TYPE,
5846 5846 B_TRUE);
5847 5847 }
5848 5848
5849 5849 cleanup:
5850 5850 if (need_to_close)
5851 5851 (void) pager_close(fp);
5852 5852 }
5853 5853
5854 5854 /*
5855 5855 * Helper function for verify-- checks that a required string property
5856 5856 * exists.
5857 5857 */
5858 5858 static void
5859 5859 check_reqd_prop(char *attr, int rt, int pt, int *ret_val)
5860 5860 {
5861 5861 if (strlen(attr) == 0) {
5862 5862 zerr(gettext("%s: %s not specified"), rt_to_str(rt),
5863 5863 pt_to_str(pt));
5864 5864 saw_error = B_TRUE;
5865 5865 if (*ret_val == Z_OK)
5866 5866 *ret_val = Z_REQD_PROPERTY_MISSING;
5867 5867 }
5868 5868 }
5869 5869
5870 5870 static int
5871 5871 do_subproc(char *cmdbuf)
5872 5872 {
5873 5873 char inbuf[MAX_CMD_LEN];
5874 5874 FILE *file;
5875 5875 int status;
5876 5876
5877 5877 file = popen(cmdbuf, "r");
5878 5878 if (file == NULL) {
5879 5879 zerr(gettext("Could not launch: %s"), cmdbuf);
5880 5880 return (-1);
5881 5881 }
5882 5882
5883 5883 while (fgets(inbuf, sizeof (inbuf), file) != NULL)
5884 5884 fprintf(stderr, "%s", inbuf);
5885 5885 status = pclose(file);
5886 5886
5887 5887 if (WIFSIGNALED(status)) {
5888 5888 zerr(gettext("%s unexpectedly terminated due to signal %d"),
5889 5889 cmdbuf, WTERMSIG(status));
5890 5890 return (-1);
5891 5891 }
5892 5892 assert(WIFEXITED(status));
5893 5893 return (WEXITSTATUS(status));
5894 5894 }
5895 5895
5896 5896 static int
5897 5897 brand_verify(zone_dochandle_t handle)
5898 5898 {
5899 5899 char xml_file[32];
5900 5900 char cmdbuf[MAX_CMD_LEN];
5901 5901 brand_handle_t bh;
5902 5902 char brand[MAXNAMELEN];
5903 5903 int err;
5904 5904
5905 5905 if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
5906 5906 zerr("%s: %s\n", zone, gettext("could not get zone brand"));
5907 5907 return (Z_INVALID_DOCUMENT);
5908 5908 }
5909 5909 if ((bh = brand_open(brand)) == NULL) {
5910 5910 zerr("%s: %s\n", zone, gettext("unknown brand."));
5911 5911 return (Z_INVALID_DOCUMENT);
5912 5912 }
5913 5913
5914 5914 /*
5915 5915 * Fetch the verify command, if any, from the brand configuration
5916 5916 * and build the command line to execute it.
5917 5917 */
5918 5918 strcpy(cmdbuf, EXEC_PREFIX);
5919 5919 err = brand_get_verify_cfg(bh, cmdbuf + EXEC_LEN,
5920 5920 sizeof (cmdbuf) - (EXEC_LEN + (strlen(xml_file) + 1)));
5921 5921 brand_close(bh);
5922 5922 if (err != Z_OK) {
5923 5923 zerr("%s: %s\n", zone,
5924 5924 gettext("could not get brand verification command"));
5925 5925 return (Z_INVALID_DOCUMENT);
5926 5926 }
5927 5927
5928 5928 /*
5929 5929 * If the brand doesn't provide a verification routine, we just
5930 5930 * return success.
5931 5931 */
5932 5932 if (strlen(cmdbuf) == EXEC_LEN)
5933 5933 return (Z_OK);
5934 5934
5935 5935 /*
5936 5936 * Dump the current config information for this zone to a file.
5937 5937 */
5938 5938 strcpy(xml_file, "/tmp/zonecfg_verify.XXXXXX");
5939 5939 if (mkstemp(xml_file) == -1)
5940 5940 return (Z_TEMP_FILE);
5941 5941 if ((err = zonecfg_verify_save(handle, xml_file)) != Z_OK) {
5942 5942 (void) unlink(xml_file);
5943 5943 return (err);
5944 5944 }
5945 5945
5946 5946 /*
5947 5947 * Execute the verification command.
5948 5948 */
5949 5949 if ((strlcat(cmdbuf, " ", MAX_CMD_LEN) >= MAX_CMD_LEN) ||
5950 5950 (strlcat(cmdbuf, xml_file, MAX_CMD_LEN) >= MAX_CMD_LEN)) {
5951 5951 err = Z_BRAND_ERROR;
5952 5952 } else {
5953 5953 err = do_subproc(cmdbuf);
5954 5954 }
5955 5955
5956 5956 (void) unlink(xml_file);
5957 5957 return ((err == Z_OK) ? Z_OK : Z_BRAND_ERROR);
5958 5958 }
5959 5959
5960 5960 /*
5961 5961 * Track the network interfaces listed in zonecfg(1m) in a linked list
5962 5962 * so that we can later check that defrouter is specified for an exclusive IP
5963 5963 * zone if and only if at least one allowed-address has been specified.
5964 5964 */
5965 5965 static boolean_t
5966 5966 add_nwif(struct zone_nwiftab *nwif)
5967 5967 {
5968 5968 struct xif *tmp;
5969 5969
5970 5970 for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5971 5971 if (strcmp(tmp->xif_name, nwif->zone_nwif_physical) == 0) {
5972 5972 if (strlen(nwif->zone_nwif_allowed_address) > 0)
5973 5973 tmp->xif_has_address = B_TRUE;
5974 5974 if (strlen(nwif->zone_nwif_defrouter) > 0)
5975 5975 tmp->xif_has_defrouter = B_TRUE;
5976 5976 return (B_TRUE);
5977 5977 }
5978 5978 }
5979 5979
5980 5980 tmp = malloc(sizeof (*tmp));
5981 5981 if (tmp == NULL) {
5982 5982 zerr(gettext("memory allocation failed for %s"),
5983 5983 nwif->zone_nwif_physical);
5984 5984 return (B_FALSE);
5985 5985 }
5986 5986 strlcpy(tmp->xif_name, nwif->zone_nwif_physical,
5987 5987 sizeof (tmp->xif_name));
5988 5988 tmp->xif_has_defrouter = (strlen(nwif->zone_nwif_defrouter) > 0);
5989 5989 tmp->xif_has_address = (strlen(nwif->zone_nwif_allowed_address) > 0);
5990 5990 tmp->xif_next = xif;
5991 5991 xif = tmp;
5992 5992 return (B_TRUE);
5993 5993 }
5994 5994
5995 5995 boolean_t
5996 5996 verify_secflags(struct zone_secflagstab *tab)
5997 5997 {
5998 5998 secflagdelta_t def = {0};
5999 5999 secflagdelta_t upper = {0};
6000 6000 secflagdelta_t lower = {0};
6001 6001 boolean_t def_set = B_FALSE;
6002 6002 boolean_t upper_set = B_FALSE;
6003 6003 boolean_t lower_set = B_FALSE;
6004 6004 boolean_t ret = B_TRUE;
6005 6005
6006 6006 if (strlen(tab->zone_secflags_default) > 0) {
6007 6007 def_set = B_TRUE;
6008 6008 if (secflags_parse(NULL, tab->zone_secflags_default,
6009 6009 &def) == -1) {
6010 6010 zerr(gettext("default security flags '%s' are invalid"),
6011 6011 tab->zone_secflags_default);
6012 6012 ret = B_FALSE;
6013 6013 }
6014 6014 } else {
6015 6015 secflags_zero(&def.psd_assign);
6016 6016 def.psd_ass_active = B_TRUE;
6017 6017 }
6018 6018
6019 6019 if (strlen(tab->zone_secflags_upper) > 0) {
6020 6020 upper_set = B_TRUE;
6021 6021 if (secflags_parse(NULL, tab->zone_secflags_upper,
6022 6022 &upper) == -1) {
6023 6023 zerr(gettext("upper security flags '%s' are invalid"),
6024 6024 tab->zone_secflags_upper);
6025 6025 ret = B_FALSE;
6026 6026 }
6027 6027 } else {
6028 6028 secflags_fullset(&upper.psd_assign);
6029 6029 upper.psd_ass_active = B_TRUE;
6030 6030 }
6031 6031
6032 6032 if (strlen(tab->zone_secflags_lower) > 0) {
6033 6033 lower_set = B_TRUE;
6034 6034 if (secflags_parse(NULL, tab->zone_secflags_lower,
6035 6035 &lower) == -1) {
6036 6036 zerr(gettext("lower security flags '%s' are invalid"),
6037 6037 tab->zone_secflags_lower);
6038 6038 ret = B_FALSE;
6039 6039 }
6040 6040 } else {
6041 6041 secflags_zero(&lower.psd_assign);
6042 6042 lower.psd_ass_active = B_TRUE;
6043 6043 }
6044 6044
6045 6045 if (def_set && !def.psd_ass_active) {
6046 6046 zerr(gettext("only assignment of security flags is "
6047 6047 "allowed (default: %s)"), tab->zone_secflags_default);
6048 6048 }
6049 6049
6050 6050 if (lower_set && !lower.psd_ass_active) {
6051 6051 zerr(gettext("only assignment of security flags is "
6052 6052 "allowed (lower: %s)"), tab->zone_secflags_lower);
6053 6053 }
6054 6054
6055 6055 if (upper_set && !upper.psd_ass_active) {
6056 6056 zerr(gettext("only assignment of security flags is "
6057 6057 "allowed (upper: %s)"), tab->zone_secflags_upper);
6058 6058 }
6059 6059
6060 6060 if (def.psd_assign & ~upper.psd_assign) { /* In default but not upper */
6061 6061 zerr(gettext("default secflags must be within the "
6062 6062 "upper limit"));
6063 6063 ret = B_FALSE;
6064 6064 }
6065 6065 if (lower.psd_assign & ~def.psd_assign) { /* In lower but not default */
6066 6066 zerr(gettext("default secflags must be above the lower limit"));
6067 6067 ret = B_FALSE;
6068 6068 }
6069 6069 if (lower.psd_assign & ~upper.psd_assign) { /* In lower but not upper */
6070 6070 zerr(gettext("lower secflags must be within the upper limit"));
6071 6071 ret = B_FALSE;
6072 6072 }
6073 6073
6074 6074 return (ret);
6075 6075 }
6076 6076
6077 6077 /*
6078 6078 * See the DTD for which attributes are required for which resources.
6079 6079 *
6080 6080 * This function can be called by commit_func(), which needs to save things,
6081 6081 * in addition to the general call from parse_and_run(), which doesn't need
6082 6082 * things saved. Since the parameters are standardized, we distinguish by
6083 6083 * having commit_func() call here with cmd->cmd_arg set to "save" to indicate
6084 6084 * that a save is needed.
6085 6085 */
6086 6086 void
6087 6087 verify_func(cmd_t *cmd)
6088 6088 {
6089 6089 struct zone_nwiftab nwiftab;
6090 6090 struct zone_fstab fstab;
6091 6091 struct zone_attrtab attrtab;
6092 6092 struct zone_rctltab rctltab;
6093 6093 struct zone_dstab dstab;
6094 6094 struct zone_psettab psettab;
6095 6095 struct zone_admintab admintab;
6096 6096 struct zone_secflagstab secflagstab;
6097 6097 char zonepath[MAXPATHLEN];
6098 6098 char sched[MAXNAMELEN];
6099 6099 char brand[MAXNAMELEN];
6100 6100 char hostidp[HW_HOSTID_LEN];
6101 6101 char fsallowedp[ZONE_FS_ALLOWED_MAX];
6102 6102 priv_set_t *privs;
6103 6103 char *privname = NULL;
6104 6104 int err, ret_val = Z_OK, arg;
6105 6105 int pset_res;
6106 6106 boolean_t save = B_FALSE;
6107 6107 boolean_t arg_err = B_FALSE;
6108 6108 zone_iptype_t iptype;
6109 6109 boolean_t has_cpu_shares = B_FALSE;
6110 6110 boolean_t has_cpu_cap = B_FALSE;
6111 6111 struct xif *tmp;
6112 6112
6113 6113 optind = 0;
6114 6114 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6115 6115 switch (arg) {
6116 6116 case '?':
6117 6117 longer_usage(CMD_VERIFY);
6118 6118 arg_err = B_TRUE;
6119 6119 break;
6120 6120 default:
6121 6121 short_usage(CMD_VERIFY);
6122 6122 arg_err = B_TRUE;
6123 6123 break;
6124 6124 }
6125 6125 }
6126 6126 if (arg_err)
6127 6127 return;
6128 6128
6129 6129 if (optind > cmd->cmd_argc) {
6130 6130 short_usage(CMD_VERIFY);
6131 6131 return;
6132 6132 }
6133 6133
6134 6134 if (zone_is_read_only(CMD_VERIFY))
6135 6135 return;
6136 6136
6137 6137 assert(cmd != NULL);
6138 6138
6139 6139 if (cmd->cmd_argc > 0 && (strcmp(cmd->cmd_argv[0], "save") == 0))
6140 6140 save = B_TRUE;
6141 6141 if (initialize(B_TRUE) != Z_OK)
6142 6142 return;
6143 6143
6144 6144 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) != Z_OK &&
6145 6145 !global_zone) {
6146 6146 zerr(gettext("%s not specified"), pt_to_str(PT_ZONEPATH));
6147 6147 ret_val = Z_REQD_RESOURCE_MISSING;
6148 6148 saw_error = B_TRUE;
6149 6149 }
6150 6150 if (strlen(zonepath) == 0 && !global_zone) {
6151 6151 zerr(gettext("%s cannot be empty."), pt_to_str(PT_ZONEPATH));
6152 6152 ret_val = Z_REQD_RESOURCE_MISSING;
6153 6153 saw_error = B_TRUE;
6154 6154 }
6155 6155
6156 6156 if ((err = zonecfg_get_brand(handle, brand, sizeof (brand))) != Z_OK) {
6157 6157 zone_perror(zone, err, B_TRUE);
6158 6158 return;
6159 6159 }
6160 6160 if ((err = brand_verify(handle)) != Z_OK) {
6161 6161 zone_perror(zone, err, B_TRUE);
6162 6162 return;
6163 6163 }
6164 6164
6165 6165 if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
6166 6166 zerr("%s %s", gettext("cannot get"), pt_to_str(PT_IPTYPE));
6167 6167 ret_val = Z_REQD_RESOURCE_MISSING;
6168 6168 saw_error = B_TRUE;
6169 6169 }
6170 6170
6171 6171 if ((privs = priv_allocset()) == NULL) {
6172 6172 zerr(gettext("%s: priv_allocset failed"), zone);
6173 6173 return;
6174 6174 }
6175 6175 if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
6176 6176 zerr(gettext("%s: invalid privilege: %s"), zone, privname);
6177 6177 priv_freeset(privs);
6178 6178 free(privname);
6179 6179 return;
6180 6180 }
6181 6181 priv_freeset(privs);
6182 6182
6183 6183 if (zonecfg_get_hostid(handle, hostidp,
6184 6184 sizeof (hostidp)) == Z_INVALID_PROPERTY) {
6185 6185 zerr(gettext("%s: invalid hostid: %s"),
6186 6186 zone, hostidp);
6187 6187 return;
6188 6188 }
6189 6189
6190 6190 if (zonecfg_get_fs_allowed(handle, fsallowedp,
6191 6191 sizeof (fsallowedp)) == Z_INVALID_PROPERTY) {
6192 6192 zerr(gettext("%s: invalid fs-allowed: %s"),
6193 6193 zone, fsallowedp);
6194 6194 return;
6195 6195 }
6196 6196
6197 6197 if ((err = zonecfg_setfsent(handle)) != Z_OK) {
6198 6198 zone_perror(zone, err, B_TRUE);
6199 6199 return;
6200 6200 }
6201 6201 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
6202 6202 check_reqd_prop(fstab.zone_fs_dir, RT_FS, PT_DIR, &ret_val);
6203 6203 check_reqd_prop(fstab.zone_fs_special, RT_FS, PT_SPECIAL,
6204 6204 &ret_val);
6205 6205 check_reqd_prop(fstab.zone_fs_type, RT_FS, PT_TYPE, &ret_val);
6206 6206
6207 6207 zonecfg_free_fs_option_list(fstab.zone_fs_options);
6208 6208 }
6209 6209 (void) zonecfg_endfsent(handle);
6210 6210
6211 6211 if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
6212 6212 zone_perror(zone, err, B_TRUE);
6213 6213 return;
6214 6214 }
6215 6215 while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
6216 6216 /*
6217 6217 * physical is required in all cases.
6218 6218 * A shared IP requires an address,
6219 6219 * and may include a default router, while
6220 6220 * an exclusive IP must have neither an address
6221 6221 * nor a default router.
6222 6222 * The physical interface name must be valid in all cases.
6223 6223 */
6224 6224 check_reqd_prop(nwiftab.zone_nwif_physical, RT_NET,
6225 6225 PT_PHYSICAL, &ret_val);
6226 6226 if (validate_net_physical_syntax(nwiftab.zone_nwif_physical) !=
6227 6227 Z_OK) {
6228 6228 saw_error = B_TRUE;
6229 6229 if (ret_val == Z_OK)
6230 6230 ret_val = Z_INVAL;
6231 6231 }
6232 6232
6233 6233 switch (iptype) {
6234 6234 case ZS_SHARED:
6235 6235 check_reqd_prop(nwiftab.zone_nwif_address, RT_NET,
6236 6236 PT_ADDRESS, &ret_val);
6237 6237 if (strlen(nwiftab.zone_nwif_allowed_address) > 0) {
6238 6238 zerr(gettext("%s: %s cannot be specified "
6239 6239 "for a shared IP type"),
6240 6240 rt_to_str(RT_NET),
6241 6241 pt_to_str(PT_ALLOWED_ADDRESS));
6242 6242 saw_error = B_TRUE;
6243 6243 if (ret_val == Z_OK)
6244 6244 ret_val = Z_INVAL;
6245 6245 }
6246 6246 break;
6247 6247 case ZS_EXCLUSIVE:
6248 6248 if (strlen(nwiftab.zone_nwif_address) > 0) {
6249 6249 zerr(gettext("%s: %s cannot be specified "
6250 6250 "for an exclusive IP type"),
6251 6251 rt_to_str(RT_NET), pt_to_str(PT_ADDRESS));
6252 6252 saw_error = B_TRUE;
6253 6253 if (ret_val == Z_OK)
6254 6254 ret_val = Z_INVAL;
6255 6255 } else {
6256 6256 if (!add_nwif(&nwiftab)) {
6257 6257 saw_error = B_TRUE;
6258 6258 if (ret_val == Z_OK)
6259 6259 ret_val = Z_INVAL;
6260 6260 }
6261 6261 }
6262 6262 break;
6263 6263 }
6264 6264 }
6265 6265 for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
6266 6266 if (!tmp->xif_has_address && tmp->xif_has_defrouter) {
6267 6267 zerr(gettext("%s: %s for %s cannot be specified "
6268 6268 "without %s for an exclusive IP type"),
6269 6269 rt_to_str(RT_NET), pt_to_str(PT_DEFROUTER),
6270 6270 tmp->xif_name, pt_to_str(PT_ALLOWED_ADDRESS));
6271 6271 saw_error = B_TRUE;
6272 6272 ret_val = Z_INVAL;
6273 6273 }
6274 6274 }
6275 6275 free(xif);
6276 6276 xif = NULL;
6277 6277 (void) zonecfg_endnwifent(handle);
6278 6278
6279 6279 if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
6280 6280 zone_perror(zone, err, B_TRUE);
6281 6281 return;
6282 6282 }
6283 6283 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
6284 6284 check_reqd_prop(rctltab.zone_rctl_name, RT_RCTL, PT_NAME,
6285 6285 &ret_val);
6286 6286
6287 6287 if (strcmp(rctltab.zone_rctl_name, "zone.cpu-shares") == 0)
6288 6288 has_cpu_shares = B_TRUE;
6289 6289
6290 6290 if (strcmp(rctltab.zone_rctl_name, "zone.cpu-cap") == 0)
6291 6291 has_cpu_cap = B_TRUE;
6292 6292
6293 6293 if (rctltab.zone_rctl_valptr == NULL) {
6294 6294 zerr(gettext("%s: no %s specified"),
6295 6295 rt_to_str(RT_RCTL), pt_to_str(PT_VALUE));
6296 6296 saw_error = B_TRUE;
6297 6297 if (ret_val == Z_OK)
6298 6298 ret_val = Z_REQD_PROPERTY_MISSING;
6299 6299 } else {
6300 6300 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
6301 6301 }
6302 6302 }
6303 6303 (void) zonecfg_endrctlent(handle);
6304 6304
6305 6305 if ((pset_res = zonecfg_lookup_pset(handle, &psettab)) == Z_OK &&
6306 6306 has_cpu_shares) {
6307 6307 zerr(gettext("%s zone.cpu-shares and %s are incompatible."),
6308 6308 rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6309 6309 saw_error = B_TRUE;
6310 6310 if (ret_val == Z_OK)
6311 6311 ret_val = Z_INCOMPATIBLE;
6312 6312 }
6313 6313
6314 6314 if (has_cpu_shares && zonecfg_get_sched_class(handle, sched,
6315 6315 sizeof (sched)) == Z_OK && strlen(sched) > 0 &&
6316 6316 strcmp(sched, "FSS") != 0) {
6317 6317 zerr(gettext("WARNING: %s zone.cpu-shares and %s=%s are "
6318 6318 "incompatible"),
6319 6319 rt_to_str(RT_RCTL), rt_to_str(RT_SCHED), sched);
6320 6320 saw_error = B_TRUE;
6321 6321 if (ret_val == Z_OK)
6322 6322 ret_val = Z_INCOMPATIBLE;
6323 6323 }
6324 6324
6325 6325 if (pset_res == Z_OK && has_cpu_cap) {
6326 6326 zerr(gettext("%s zone.cpu-cap and the %s are incompatible."),
6327 6327 rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6328 6328 saw_error = B_TRUE;
6329 6329 if (ret_val == Z_OK)
6330 6330 ret_val = Z_INCOMPATIBLE;
6331 6331 }
6332 6332
6333 6333 if ((err = zonecfg_setattrent(handle)) != Z_OK) {
6334 6334 zone_perror(zone, err, B_TRUE);
6335 6335 return;
6336 6336 }
6337 6337 while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
6338 6338 check_reqd_prop(attrtab.zone_attr_name, RT_ATTR, PT_NAME,
6339 6339 &ret_val);
6340 6340 check_reqd_prop(attrtab.zone_attr_type, RT_ATTR, PT_TYPE,
6341 6341 &ret_val);
6342 6342 check_reqd_prop(attrtab.zone_attr_value, RT_ATTR, PT_VALUE,
6343 6343 &ret_val);
6344 6344 }
6345 6345 (void) zonecfg_endattrent(handle);
6346 6346
6347 6347 if ((err = zonecfg_setdsent(handle)) != Z_OK) {
6348 6348 zone_perror(zone, err, B_TRUE);
6349 6349 return;
6350 6350 }
6351 6351 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
6352 6352 if (strlen(dstab.zone_dataset_name) == 0) {
6353 6353 zerr("%s: %s %s", rt_to_str(RT_DATASET),
6354 6354 pt_to_str(PT_NAME), gettext("not specified"));
6355 6355 saw_error = B_TRUE;
6356 6356 if (ret_val == Z_OK)
6357 6357 ret_val = Z_REQD_PROPERTY_MISSING;
6358 6358 } else if (!zfs_name_valid(dstab.zone_dataset_name,
6359 6359 ZFS_TYPE_FILESYSTEM)) {
6360 6360 zerr("%s: %s %s", rt_to_str(RT_DATASET),
6361 6361 pt_to_str(PT_NAME), gettext("invalid"));
6362 6362 saw_error = B_TRUE;
6363 6363 if (ret_val == Z_OK)
6364 6364 ret_val = Z_BAD_PROPERTY;
6365 6365 }
6366 6366
6367 6367 }
6368 6368 (void) zonecfg_enddsent(handle);
6369 6369
6370 6370 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
6371 6371 zone_perror(zone, err, B_TRUE);
6372 6372 return;
6373 6373 }
6374 6374 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
6375 6375 check_reqd_prop(admintab.zone_admin_user, RT_ADMIN,
6376 6376 PT_USER, &ret_val);
6377 6377 check_reqd_prop(admintab.zone_admin_auths, RT_ADMIN,
6378 6378 PT_AUTHS, &ret_val);
6379 6379 if ((ret_val == Z_OK) && (getpwnam(admintab.zone_admin_user)
6380 6380 == NULL)) {
6381 6381 zerr(gettext("%s %s is not a valid username"),
6382 6382 pt_to_str(PT_USER),
6383 6383 admintab.zone_admin_user);
6384 6384 ret_val = Z_BAD_PROPERTY;
6385 6385 }
6386 6386 if ((ret_val == Z_OK) && (!zonecfg_valid_auths(
6387 6387 admintab.zone_admin_auths, zone))) {
6388 6388 ret_val = Z_BAD_PROPERTY;
6389 6389 }
6390 6390 }
6391 6391 (void) zonecfg_endadminent(handle);
6392 6392
6393 6393 if (zonecfg_getsecflagsent(handle, &secflagstab) == Z_OK) {
6394 6394 /*
6395 6395 * No properties are required, but any specified should be
6396 6396 * valid
6397 6397 */
6398 6398 if (verify_secflags(&secflagstab) != B_TRUE) {
6399 6399 /* Error is reported from verify_secflags */
6400 6400 ret_val = Z_BAD_PROPERTY;
6401 6401 }
6402 6402 }
|
↓ open down ↓ |
6402 lines elided |
↑ open up ↑ |
6403 6403
6404 6404 if (!global_scope) {
6405 6405 zerr(gettext("resource specification incomplete"));
6406 6406 saw_error = B_TRUE;
6407 6407 if (ret_val == Z_OK)
6408 6408 ret_val = Z_INSUFFICIENT_SPEC;
6409 6409 }
6410 6410
6411 6411 if (save) {
6412 6412 if (ret_val == Z_OK) {
6413 + /*
6414 + * If the zone doesn't yet have a debug ID, set one now.
6415 + */
6416 + if (zonecfg_get_did(handle) == -1)
6417 + zonecfg_set_did(handle);
6418 +
6413 6419 if ((ret_val = zonecfg_save(handle)) == Z_OK) {
6414 6420 need_to_commit = B_FALSE;
6415 6421 (void) strlcpy(revert_zone, zone,
6416 6422 sizeof (revert_zone));
6417 6423 }
6418 6424 } else {
6419 6425 zerr(gettext("Zone %s failed to verify"), zone);
6420 6426 }
6421 6427 }
6422 6428 if (ret_val != Z_OK)
6423 6429 zone_perror(zone, ret_val, B_TRUE);
6424 6430 }
6425 6431
6426 6432 void
6427 6433 cancel_func(cmd_t *cmd)
6428 6434 {
6429 6435 int arg;
6430 6436 boolean_t arg_err = B_FALSE;
6431 6437
6432 6438 assert(cmd != NULL);
6433 6439
6434 6440 optind = 0;
6435 6441 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6436 6442 switch (arg) {
6437 6443 case '?':
6438 6444 longer_usage(CMD_CANCEL);
6439 6445 arg_err = B_TRUE;
6440 6446 break;
6441 6447 default:
6442 6448 short_usage(CMD_CANCEL);
6443 6449 arg_err = B_TRUE;
6444 6450 break;
6445 6451 }
6446 6452 }
6447 6453 if (arg_err)
6448 6454 return;
6449 6455
6450 6456 if (optind != cmd->cmd_argc) {
6451 6457 short_usage(CMD_CANCEL);
6452 6458 return;
6453 6459 }
6454 6460
6455 6461 if (global_scope)
6456 6462 scope_usage(CMD_CANCEL);
6457 6463 global_scope = B_TRUE;
6458 6464 zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6459 6465 bzero(&in_progress_fstab, sizeof (in_progress_fstab));
6460 6466 bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
6461 6467 bzero(&in_progress_devtab, sizeof (in_progress_devtab));
6462 6468 zonecfg_free_rctl_value_list(in_progress_rctltab.zone_rctl_valptr);
6463 6469 bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
6464 6470 bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
6465 6471 bzero(&in_progress_dstab, sizeof (in_progress_dstab));
6466 6472 }
6467 6473
6468 6474 static int
6469 6475 validate_attr_name(char *name)
6470 6476 {
6471 6477 int i;
6472 6478
6473 6479 if (!isalnum(name[0])) {
6474 6480 zerr(gettext("Invalid %s %s %s: must start with an alpha-"
6475 6481 "numeric character."), rt_to_str(RT_ATTR),
6476 6482 pt_to_str(PT_NAME), name);
6477 6483 return (Z_INVAL);
6478 6484 }
6479 6485 for (i = 1; name[i]; i++)
6480 6486 if (!isalnum(name[i]) && name[i] != '-' && name[i] != '.') {
6481 6487 zerr(gettext("Invalid %s %s %s: can only contain "
6482 6488 "alpha-numeric characters, plus '-' and '.'."),
6483 6489 rt_to_str(RT_ATTR), pt_to_str(PT_NAME), name);
6484 6490 return (Z_INVAL);
6485 6491 }
6486 6492 return (Z_OK);
6487 6493 }
6488 6494
6489 6495 static int
6490 6496 validate_attr_type_val(struct zone_attrtab *attrtab)
6491 6497 {
6492 6498 boolean_t boolval;
6493 6499 int64_t intval;
6494 6500 char strval[MAXNAMELEN];
6495 6501 uint64_t uintval;
6496 6502
6497 6503 if (strcmp(attrtab->zone_attr_type, "boolean") == 0) {
6498 6504 if (zonecfg_get_attr_boolean(attrtab, &boolval) == Z_OK)
6499 6505 return (Z_OK);
6500 6506 zerr(gettext("invalid %s value for %s=%s"),
6501 6507 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "boolean");
6502 6508 return (Z_ERR);
6503 6509 }
6504 6510
6505 6511 if (strcmp(attrtab->zone_attr_type, "int") == 0) {
6506 6512 if (zonecfg_get_attr_int(attrtab, &intval) == Z_OK)
6507 6513 return (Z_OK);
6508 6514 zerr(gettext("invalid %s value for %s=%s"),
6509 6515 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "int");
6510 6516 return (Z_ERR);
6511 6517 }
6512 6518
6513 6519 if (strcmp(attrtab->zone_attr_type, "string") == 0) {
6514 6520 if (zonecfg_get_attr_string(attrtab, strval,
6515 6521 sizeof (strval)) == Z_OK)
6516 6522 return (Z_OK);
6517 6523 zerr(gettext("invalid %s value for %s=%s"),
6518 6524 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "string");
6519 6525 return (Z_ERR);
6520 6526 }
6521 6527
6522 6528 if (strcmp(attrtab->zone_attr_type, "uint") == 0) {
6523 6529 if (zonecfg_get_attr_uint(attrtab, &uintval) == Z_OK)
6524 6530 return (Z_OK);
6525 6531 zerr(gettext("invalid %s value for %s=%s"),
6526 6532 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "uint");
6527 6533 return (Z_ERR);
6528 6534 }
6529 6535
6530 6536 zerr(gettext("invalid %s %s '%s'"), rt_to_str(RT_ATTR),
6531 6537 pt_to_str(PT_TYPE), attrtab->zone_attr_type);
6532 6538 return (Z_ERR);
6533 6539 }
6534 6540
6535 6541 /*
6536 6542 * Helper function for end_func-- checks the existence of a given property
6537 6543 * and emits a message if not specified.
6538 6544 */
6539 6545 static int
6540 6546 end_check_reqd(char *attr, int pt, boolean_t *validation_failed)
6541 6547 {
6542 6548 if (strlen(attr) == 0) {
6543 6549 *validation_failed = B_TRUE;
6544 6550 zerr(gettext("%s not specified"), pt_to_str(pt));
6545 6551 return (Z_ERR);
6546 6552 }
6547 6553 return (Z_OK);
6548 6554 }
6549 6555
6550 6556 static void
6551 6557 net_exists_error(struct zone_nwiftab nwif)
6552 6558 {
6553 6559 if (strlen(nwif.zone_nwif_address) > 0) {
6554 6560 zerr(gettext("A %s resource with the %s '%s', "
6555 6561 "and %s '%s' already exists."),
6556 6562 rt_to_str(RT_NET),
6557 6563 pt_to_str(PT_PHYSICAL),
6558 6564 nwif.zone_nwif_physical,
6559 6565 pt_to_str(PT_ADDRESS),
6560 6566 in_progress_nwiftab.zone_nwif_address);
6561 6567 } else {
6562 6568 zerr(gettext("A %s resource with the %s '%s', "
6563 6569 "and %s '%s' already exists."),
6564 6570 rt_to_str(RT_NET),
6565 6571 pt_to_str(PT_PHYSICAL),
6566 6572 nwif.zone_nwif_physical,
6567 6573 pt_to_str(PT_ALLOWED_ADDRESS),
6568 6574 nwif.zone_nwif_allowed_address);
6569 6575 }
6570 6576 }
6571 6577
6572 6578 void
6573 6579 end_func(cmd_t *cmd)
6574 6580 {
6575 6581 boolean_t validation_failed = B_FALSE;
6576 6582 boolean_t arg_err = B_FALSE;
6577 6583 struct zone_fstab tmp_fstab;
6578 6584 struct zone_nwiftab tmp_nwiftab;
6579 6585 struct zone_devtab tmp_devtab;
6580 6586 struct zone_rctltab tmp_rctltab;
6581 6587 struct zone_attrtab tmp_attrtab;
6582 6588 struct zone_dstab tmp_dstab;
6583 6589 struct zone_admintab tmp_admintab;
6584 6590 int err, arg, res1, res2, res3;
6585 6591 uint64_t swap_limit;
6586 6592 uint64_t locked_limit;
6587 6593 uint64_t proc_cap;
6588 6594
6589 6595 assert(cmd != NULL);
6590 6596
6591 6597 optind = 0;
6592 6598 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6593 6599 switch (arg) {
6594 6600 case '?':
6595 6601 longer_usage(CMD_END);
6596 6602 arg_err = B_TRUE;
6597 6603 break;
6598 6604 default:
6599 6605 short_usage(CMD_END);
6600 6606 arg_err = B_TRUE;
6601 6607 break;
6602 6608 }
6603 6609 }
6604 6610 if (arg_err)
6605 6611 return;
6606 6612
6607 6613 if (optind != cmd->cmd_argc) {
6608 6614 short_usage(CMD_END);
6609 6615 return;
6610 6616 }
6611 6617
6612 6618 if (global_scope) {
6613 6619 scope_usage(CMD_END);
6614 6620 return;
6615 6621 }
6616 6622
6617 6623 assert(end_op == CMD_ADD || end_op == CMD_SELECT);
6618 6624
6619 6625 switch (resource_scope) {
6620 6626 case RT_FS:
6621 6627 /* First make sure everything was filled in. */
6622 6628 if (end_check_reqd(in_progress_fstab.zone_fs_dir,
6623 6629 PT_DIR, &validation_failed) == Z_OK) {
6624 6630 if (in_progress_fstab.zone_fs_dir[0] != '/') {
6625 6631 zerr(gettext("%s %s is not an absolute path."),
6626 6632 pt_to_str(PT_DIR),
6627 6633 in_progress_fstab.zone_fs_dir);
6628 6634 validation_failed = B_TRUE;
6629 6635 }
6630 6636 }
6631 6637
6632 6638 (void) end_check_reqd(in_progress_fstab.zone_fs_special,
6633 6639 PT_SPECIAL, &validation_failed);
6634 6640
6635 6641 if (in_progress_fstab.zone_fs_raw[0] != '\0' &&
6636 6642 in_progress_fstab.zone_fs_raw[0] != '/') {
6637 6643 zerr(gettext("%s %s is not an absolute path."),
6638 6644 pt_to_str(PT_RAW),
6639 6645 in_progress_fstab.zone_fs_raw);
6640 6646 validation_failed = B_TRUE;
6641 6647 }
6642 6648
6643 6649 (void) end_check_reqd(in_progress_fstab.zone_fs_type, PT_TYPE,
6644 6650 &validation_failed);
6645 6651
6646 6652 if (validation_failed) {
6647 6653 saw_error = B_TRUE;
6648 6654 return;
6649 6655 }
6650 6656
6651 6657 if (end_op == CMD_ADD) {
6652 6658 /* Make sure there isn't already one like this. */
6653 6659 bzero(&tmp_fstab, sizeof (tmp_fstab));
6654 6660 (void) strlcpy(tmp_fstab.zone_fs_dir,
6655 6661 in_progress_fstab.zone_fs_dir,
6656 6662 sizeof (tmp_fstab.zone_fs_dir));
6657 6663 err = zonecfg_lookup_filesystem(handle, &tmp_fstab);
6658 6664 zonecfg_free_fs_option_list(tmp_fstab.zone_fs_options);
6659 6665 if (err == Z_OK) {
6660 6666 zerr(gettext("A %s resource "
6661 6667 "with the %s '%s' already exists."),
6662 6668 rt_to_str(RT_FS), pt_to_str(PT_DIR),
6663 6669 in_progress_fstab.zone_fs_dir);
6664 6670 saw_error = B_TRUE;
6665 6671 return;
6666 6672 }
6667 6673 err = zonecfg_add_filesystem(handle,
6668 6674 &in_progress_fstab);
6669 6675 } else {
6670 6676 err = zonecfg_modify_filesystem(handle, &old_fstab,
6671 6677 &in_progress_fstab);
6672 6678 }
6673 6679 zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6674 6680 in_progress_fstab.zone_fs_options = NULL;
6675 6681 break;
6676 6682
6677 6683 case RT_NET:
6678 6684 /*
6679 6685 * First make sure everything was filled in.
6680 6686 * Since we don't know whether IP will be shared
6681 6687 * or exclusive here, some checks are deferred until
6682 6688 * the verify command.
6683 6689 */
6684 6690 (void) end_check_reqd(in_progress_nwiftab.zone_nwif_physical,
6685 6691 PT_PHYSICAL, &validation_failed);
6686 6692
6687 6693 if (validation_failed) {
6688 6694 saw_error = B_TRUE;
6689 6695 return;
6690 6696 }
6691 6697 if (end_op == CMD_ADD) {
6692 6698 /* Make sure there isn't already one like this. */
6693 6699 bzero(&tmp_nwiftab, sizeof (tmp_nwiftab));
6694 6700 (void) strlcpy(tmp_nwiftab.zone_nwif_physical,
6695 6701 in_progress_nwiftab.zone_nwif_physical,
6696 6702 sizeof (tmp_nwiftab.zone_nwif_physical));
6697 6703 (void) strlcpy(tmp_nwiftab.zone_nwif_address,
6698 6704 in_progress_nwiftab.zone_nwif_address,
6699 6705 sizeof (tmp_nwiftab.zone_nwif_address));
6700 6706 (void) strlcpy(tmp_nwiftab.zone_nwif_allowed_address,
6701 6707 in_progress_nwiftab.zone_nwif_allowed_address,
6702 6708 sizeof (tmp_nwiftab.zone_nwif_allowed_address));
6703 6709 (void) strlcpy(tmp_nwiftab.zone_nwif_defrouter,
6704 6710 in_progress_nwiftab.zone_nwif_defrouter,
6705 6711 sizeof (tmp_nwiftab.zone_nwif_defrouter));
6706 6712 if (zonecfg_lookup_nwif(handle, &tmp_nwiftab) == Z_OK) {
6707 6713 net_exists_error(in_progress_nwiftab);
6708 6714 saw_error = B_TRUE;
6709 6715 return;
6710 6716 }
6711 6717 err = zonecfg_add_nwif(handle, &in_progress_nwiftab);
6712 6718 } else {
6713 6719 err = zonecfg_modify_nwif(handle, &old_nwiftab,
6714 6720 &in_progress_nwiftab);
6715 6721 }
6716 6722 break;
6717 6723
6718 6724 case RT_DEVICE:
6719 6725 /* First make sure everything was filled in. */
6720 6726 (void) end_check_reqd(in_progress_devtab.zone_dev_match,
6721 6727 PT_MATCH, &validation_failed);
6722 6728
6723 6729 if (validation_failed) {
6724 6730 saw_error = B_TRUE;
6725 6731 return;
6726 6732 }
6727 6733
6728 6734 if (end_op == CMD_ADD) {
6729 6735 /* Make sure there isn't already one like this. */
6730 6736 (void) strlcpy(tmp_devtab.zone_dev_match,
6731 6737 in_progress_devtab.zone_dev_match,
6732 6738 sizeof (tmp_devtab.zone_dev_match));
6733 6739 if (zonecfg_lookup_dev(handle, &tmp_devtab) == Z_OK) {
6734 6740 zerr(gettext("A %s resource with the %s '%s' "
6735 6741 "already exists."), rt_to_str(RT_DEVICE),
6736 6742 pt_to_str(PT_MATCH),
6737 6743 in_progress_devtab.zone_dev_match);
6738 6744 saw_error = B_TRUE;
6739 6745 return;
6740 6746 }
6741 6747 err = zonecfg_add_dev(handle, &in_progress_devtab);
6742 6748 } else {
6743 6749 err = zonecfg_modify_dev(handle, &old_devtab,
6744 6750 &in_progress_devtab);
6745 6751 }
6746 6752 break;
6747 6753
6748 6754 case RT_RCTL:
6749 6755 /* First make sure everything was filled in. */
6750 6756 (void) end_check_reqd(in_progress_rctltab.zone_rctl_name,
6751 6757 PT_NAME, &validation_failed);
6752 6758
6753 6759 if (in_progress_rctltab.zone_rctl_valptr == NULL) {
6754 6760 zerr(gettext("no %s specified"), pt_to_str(PT_VALUE));
6755 6761 validation_failed = B_TRUE;
6756 6762 }
6757 6763
6758 6764 if (validation_failed) {
6759 6765 saw_error = B_TRUE;
6760 6766 return;
6761 6767 }
6762 6768
6763 6769 if (end_op == CMD_ADD) {
6764 6770 /* Make sure there isn't already one like this. */
6765 6771 (void) strlcpy(tmp_rctltab.zone_rctl_name,
6766 6772 in_progress_rctltab.zone_rctl_name,
6767 6773 sizeof (tmp_rctltab.zone_rctl_name));
6768 6774 tmp_rctltab.zone_rctl_valptr = NULL;
6769 6775 err = zonecfg_lookup_rctl(handle, &tmp_rctltab);
6770 6776 zonecfg_free_rctl_value_list(
6771 6777 tmp_rctltab.zone_rctl_valptr);
6772 6778 if (err == Z_OK) {
6773 6779 zerr(gettext("A %s resource "
6774 6780 "with the %s '%s' already exists."),
6775 6781 rt_to_str(RT_RCTL), pt_to_str(PT_NAME),
6776 6782 in_progress_rctltab.zone_rctl_name);
6777 6783 saw_error = B_TRUE;
6778 6784 return;
6779 6785 }
6780 6786 err = zonecfg_add_rctl(handle, &in_progress_rctltab);
6781 6787 } else {
6782 6788 err = zonecfg_modify_rctl(handle, &old_rctltab,
6783 6789 &in_progress_rctltab);
6784 6790 }
6785 6791 if (err == Z_OK) {
6786 6792 zonecfg_free_rctl_value_list(
6787 6793 in_progress_rctltab.zone_rctl_valptr);
6788 6794 in_progress_rctltab.zone_rctl_valptr = NULL;
6789 6795 }
6790 6796 break;
6791 6797
6792 6798 case RT_ATTR:
6793 6799 /* First make sure everything was filled in. */
6794 6800 (void) end_check_reqd(in_progress_attrtab.zone_attr_name,
6795 6801 PT_NAME, &validation_failed);
6796 6802 (void) end_check_reqd(in_progress_attrtab.zone_attr_type,
6797 6803 PT_TYPE, &validation_failed);
6798 6804 (void) end_check_reqd(in_progress_attrtab.zone_attr_value,
6799 6805 PT_VALUE, &validation_failed);
6800 6806
6801 6807 if (validate_attr_name(in_progress_attrtab.zone_attr_name) !=
6802 6808 Z_OK)
6803 6809 validation_failed = B_TRUE;
6804 6810
6805 6811 if (validate_attr_type_val(&in_progress_attrtab) != Z_OK)
6806 6812 validation_failed = B_TRUE;
6807 6813
6808 6814 if (validation_failed) {
6809 6815 saw_error = B_TRUE;
6810 6816 return;
6811 6817 }
6812 6818 if (end_op == CMD_ADD) {
6813 6819 /* Make sure there isn't already one like this. */
6814 6820 bzero(&tmp_attrtab, sizeof (tmp_attrtab));
6815 6821 (void) strlcpy(tmp_attrtab.zone_attr_name,
6816 6822 in_progress_attrtab.zone_attr_name,
6817 6823 sizeof (tmp_attrtab.zone_attr_name));
6818 6824 if (zonecfg_lookup_attr(handle, &tmp_attrtab) == Z_OK) {
6819 6825 zerr(gettext("An %s resource "
6820 6826 "with the %s '%s' already exists."),
6821 6827 rt_to_str(RT_ATTR), pt_to_str(PT_NAME),
6822 6828 in_progress_attrtab.zone_attr_name);
6823 6829 saw_error = B_TRUE;
6824 6830 return;
6825 6831 }
6826 6832 err = zonecfg_add_attr(handle, &in_progress_attrtab);
6827 6833 } else {
6828 6834 err = zonecfg_modify_attr(handle, &old_attrtab,
6829 6835 &in_progress_attrtab);
6830 6836 }
6831 6837 break;
6832 6838 case RT_DATASET:
6833 6839 /* First make sure everything was filled in. */
6834 6840 if (strlen(in_progress_dstab.zone_dataset_name) == 0) {
6835 6841 zerr("%s %s", pt_to_str(PT_NAME),
6836 6842 gettext("not specified"));
6837 6843 saw_error = B_TRUE;
6838 6844 validation_failed = B_TRUE;
6839 6845 }
6840 6846 if (validation_failed)
6841 6847 return;
6842 6848 if (end_op == CMD_ADD) {
6843 6849 /* Make sure there isn't already one like this. */
6844 6850 bzero(&tmp_dstab, sizeof (tmp_dstab));
6845 6851 (void) strlcpy(tmp_dstab.zone_dataset_name,
6846 6852 in_progress_dstab.zone_dataset_name,
6847 6853 sizeof (tmp_dstab.zone_dataset_name));
6848 6854 err = zonecfg_lookup_ds(handle, &tmp_dstab);
6849 6855 if (err == Z_OK) {
6850 6856 zerr(gettext("A %s resource "
6851 6857 "with the %s '%s' already exists."),
6852 6858 rt_to_str(RT_DATASET), pt_to_str(PT_NAME),
6853 6859 in_progress_dstab.zone_dataset_name);
6854 6860 saw_error = B_TRUE;
6855 6861 return;
6856 6862 }
6857 6863 err = zonecfg_add_ds(handle, &in_progress_dstab);
6858 6864 } else {
6859 6865 err = zonecfg_modify_ds(handle, &old_dstab,
6860 6866 &in_progress_dstab);
6861 6867 }
6862 6868 break;
6863 6869 case RT_DCPU:
6864 6870 /* Make sure everything was filled in. */
6865 6871 if (end_check_reqd(in_progress_psettab.zone_ncpu_min,
6866 6872 PT_NCPUS, &validation_failed) != Z_OK) {
6867 6873 saw_error = B_TRUE;
6868 6874 return;
6869 6875 }
6870 6876
6871 6877 if (end_op == CMD_ADD) {
6872 6878 err = zonecfg_add_pset(handle, &in_progress_psettab);
6873 6879 } else {
6874 6880 err = zonecfg_modify_pset(handle, &in_progress_psettab);
6875 6881 }
6876 6882 break;
6877 6883 case RT_PCAP:
6878 6884 /* Make sure everything was filled in. */
6879 6885 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &proc_cap)
6880 6886 != Z_OK) {
6881 6887 zerr(gettext("%s not specified"), pt_to_str(PT_NCPUS));
6882 6888 saw_error = B_TRUE;
6883 6889 validation_failed = B_TRUE;
6884 6890 return;
6885 6891 }
6886 6892 err = Z_OK;
6887 6893 break;
6888 6894 case RT_MCAP:
6889 6895 /* Make sure everything was filled in. */
6890 6896 res1 = strlen(in_progress_mcaptab.zone_physmem_cap) == 0 ?
6891 6897 Z_ERR : Z_OK;
6892 6898 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
6893 6899 &swap_limit);
6894 6900 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
6895 6901 &locked_limit);
6896 6902
6897 6903 if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
6898 6904 zerr(gettext("No property was specified. One of %s, "
6899 6905 "%s or %s is required."), pt_to_str(PT_PHYSICAL),
6900 6906 pt_to_str(PT_SWAP), pt_to_str(PT_LOCKED));
6901 6907 saw_error = B_TRUE;
6902 6908 return;
6903 6909 }
6904 6910
6905 6911 /* if phys & locked are both set, verify locked <= phys */
6906 6912 if (res1 == Z_OK && res3 == Z_OK) {
6907 6913 uint64_t phys_limit;
6908 6914 char *endp;
6909 6915
6910 6916 phys_limit = strtoull(
6911 6917 in_progress_mcaptab.zone_physmem_cap, &endp, 10);
6912 6918 if (phys_limit < locked_limit) {
6913 6919 zerr(gettext("The %s cap must be less than or "
6914 6920 "equal to the %s cap."),
6915 6921 pt_to_str(PT_LOCKED),
6916 6922 pt_to_str(PT_PHYSICAL));
6917 6923 saw_error = B_TRUE;
6918 6924 return;
6919 6925 }
6920 6926 }
6921 6927
6922 6928 err = Z_OK;
6923 6929 if (res1 == Z_OK) {
6924 6930 /*
6925 6931 * We could be ending from either an add operation
6926 6932 * or a select operation. Since all of the properties
6927 6933 * within this resource are optional, we always use
6928 6934 * modify on the mcap entry. zonecfg_modify_mcap()
6929 6935 * will handle both adding and modifying a memory cap.
6930 6936 */
6931 6937 err = zonecfg_modify_mcap(handle, &in_progress_mcaptab);
6932 6938 } else if (end_op == CMD_SELECT) {
6933 6939 /*
6934 6940 * If we're ending from a select and the physical
6935 6941 * memory cap is empty then the user could have cleared
6936 6942 * the physical cap value, so try to delete the entry.
6937 6943 */
6938 6944 (void) zonecfg_delete_mcap(handle);
6939 6945 }
6940 6946 break;
6941 6947 case RT_ADMIN:
6942 6948 /* First make sure everything was filled in. */
6943 6949 if (end_check_reqd(in_progress_admintab.zone_admin_user,
6944 6950 PT_USER, &validation_failed) == Z_OK) {
6945 6951 if (getpwnam(in_progress_admintab.zone_admin_user)
6946 6952 == NULL) {
6947 6953 zerr(gettext("%s %s is not a valid username"),
6948 6954 pt_to_str(PT_USER),
6949 6955 in_progress_admintab.zone_admin_user);
6950 6956 validation_failed = B_TRUE;
6951 6957 }
6952 6958 }
6953 6959
6954 6960 if (end_check_reqd(in_progress_admintab.zone_admin_auths,
6955 6961 PT_AUTHS, &validation_failed) == Z_OK) {
6956 6962 if (!zonecfg_valid_auths(
6957 6963 in_progress_admintab.zone_admin_auths,
6958 6964 zone)) {
6959 6965 validation_failed = B_TRUE;
6960 6966 }
6961 6967 }
6962 6968
6963 6969 if (validation_failed) {
6964 6970 saw_error = B_TRUE;
6965 6971 return;
6966 6972 }
6967 6973
6968 6974 if (end_op == CMD_ADD) {
6969 6975 /* Make sure there isn't already one like this. */
6970 6976 bzero(&tmp_admintab, sizeof (tmp_admintab));
6971 6977 (void) strlcpy(tmp_admintab.zone_admin_user,
6972 6978 in_progress_admintab.zone_admin_user,
6973 6979 sizeof (tmp_admintab.zone_admin_user));
6974 6980 err = zonecfg_lookup_admin(
6975 6981 handle, &tmp_admintab);
6976 6982 if (err == Z_OK) {
6977 6983 zerr(gettext("A %s resource "
6978 6984 "with the %s '%s' already exists."),
6979 6985 rt_to_str(RT_ADMIN),
6980 6986 pt_to_str(PT_USER),
6981 6987 in_progress_admintab.zone_admin_user);
6982 6988 saw_error = B_TRUE;
6983 6989 return;
6984 6990 }
6985 6991 err = zonecfg_add_admin(handle,
6986 6992 &in_progress_admintab, zone);
6987 6993 } else {
6988 6994 err = zonecfg_modify_admin(handle,
6989 6995 &old_admintab, &in_progress_admintab,
6990 6996 zone);
6991 6997 }
6992 6998 break;
6993 6999 case RT_SECFLAGS:
6994 7000 if (verify_secflags(&in_progress_secflagstab) != B_TRUE) {
6995 7001 saw_error = B_TRUE;
6996 7002 return;
6997 7003 }
6998 7004
6999 7005 if (end_op == CMD_ADD) {
7000 7006 err = zonecfg_add_secflags(handle,
7001 7007 &in_progress_secflagstab);
7002 7008 } else {
7003 7009 err = zonecfg_modify_secflags(handle,
7004 7010 &old_secflagstab, &in_progress_secflagstab);
7005 7011 }
7006 7012 break;
7007 7013 default:
7008 7014 zone_perror(rt_to_str(resource_scope), Z_NO_RESOURCE_TYPE,
7009 7015 B_TRUE);
7010 7016 saw_error = B_TRUE;
7011 7017 return;
7012 7018 }
7013 7019
7014 7020 if (err != Z_OK) {
7015 7021 zone_perror(zone, err, B_TRUE);
7016 7022 } else {
7017 7023 need_to_commit = B_TRUE;
7018 7024 global_scope = B_TRUE;
7019 7025 end_op = -1;
7020 7026 }
7021 7027 }
7022 7028
7023 7029 void
7024 7030 commit_func(cmd_t *cmd)
7025 7031 {
7026 7032 int arg;
7027 7033 boolean_t arg_err = B_FALSE;
7028 7034
7029 7035 optind = 0;
7030 7036 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
7031 7037 switch (arg) {
7032 7038 case '?':
7033 7039 longer_usage(CMD_COMMIT);
7034 7040 arg_err = B_TRUE;
7035 7041 break;
7036 7042 default:
7037 7043 short_usage(CMD_COMMIT);
7038 7044 arg_err = B_TRUE;
7039 7045 break;
7040 7046 }
7041 7047 }
7042 7048 if (arg_err)
7043 7049 return;
7044 7050
7045 7051 if (optind != cmd->cmd_argc) {
7046 7052 short_usage(CMD_COMMIT);
7047 7053 return;
7048 7054 }
7049 7055
7050 7056 if (zone_is_read_only(CMD_COMMIT))
7051 7057 return;
7052 7058
7053 7059 assert(cmd != NULL);
7054 7060
7055 7061 cmd->cmd_argc = 1;
7056 7062 /*
7057 7063 * cmd_arg normally comes from a strdup() in the lexer, and the
7058 7064 * whole cmd structure and its (char *) attributes are freed at
7059 7065 * the completion of each command, so the strdup() below is needed
7060 7066 * to match this and prevent a core dump from trying to free()
7061 7067 * something that can't be.
7062 7068 */
7063 7069 if ((cmd->cmd_argv[0] = strdup("save")) == NULL) {
7064 7070 zone_perror(zone, Z_NOMEM, B_TRUE);
7065 7071 exit(Z_ERR);
7066 7072 }
7067 7073 cmd->cmd_argv[1] = NULL;
7068 7074 verify_func(cmd);
7069 7075 }
7070 7076
7071 7077 void
7072 7078 revert_func(cmd_t *cmd)
7073 7079 {
7074 7080 char line[128]; /* enough to ask a question */
7075 7081 boolean_t force = B_FALSE;
7076 7082 boolean_t arg_err = B_FALSE;
7077 7083 int err, arg, answer;
7078 7084
7079 7085 optind = 0;
7080 7086 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
7081 7087 switch (arg) {
7082 7088 case '?':
7083 7089 longer_usage(CMD_REVERT);
7084 7090 arg_err = B_TRUE;
7085 7091 break;
7086 7092 case 'F':
7087 7093 force = B_TRUE;
7088 7094 break;
7089 7095 default:
7090 7096 short_usage(CMD_REVERT);
7091 7097 arg_err = B_TRUE;
7092 7098 break;
7093 7099 }
7094 7100 }
7095 7101 if (arg_err)
7096 7102 return;
7097 7103
7098 7104 if (optind != cmd->cmd_argc) {
7099 7105 short_usage(CMD_REVERT);
7100 7106 return;
7101 7107 }
7102 7108
7103 7109 if (zone_is_read_only(CMD_REVERT))
7104 7110 return;
7105 7111
7106 7112 if (!global_scope) {
7107 7113 zerr(gettext("You can only use %s in the global scope.\nUse"
7108 7114 " '%s' to cancel changes to a resource specification."),
7109 7115 cmd_to_str(CMD_REVERT), cmd_to_str(CMD_CANCEL));
7110 7116 saw_error = B_TRUE;
7111 7117 return;
7112 7118 }
7113 7119
7114 7120 if (zonecfg_check_handle(handle) != Z_OK) {
7115 7121 zerr(gettext("No changes to revert."));
7116 7122 saw_error = B_TRUE;
7117 7123 return;
7118 7124 }
7119 7125
7120 7126 if (!force) {
7121 7127 (void) snprintf(line, sizeof (line),
7122 7128 gettext("Are you sure you want to revert"));
7123 7129 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
7124 7130 zerr(gettext("Input not from terminal and -F not "
7125 7131 "specified:\n%s command ignored, exiting."),
7126 7132 cmd_to_str(CMD_REVERT));
7127 7133 exit(Z_ERR);
7128 7134 }
7129 7135 if (answer != 1)
7130 7136 return;
7131 7137 }
7132 7138
7133 7139 /*
7134 7140 * Reset any pending admins that were
7135 7141 * removed from the previous zone
7136 7142 */
7137 7143 zonecfg_remove_userauths(handle, "", zone, B_FALSE);
7138 7144
7139 7145 /*
7140 7146 * Time for a new handle: finish the old one off first
7141 7147 * then get a new one properly to avoid leaks.
7142 7148 */
7143 7149 zonecfg_fini_handle(handle);
7144 7150 if ((handle = zonecfg_init_handle()) == NULL) {
7145 7151 zone_perror(execname, Z_NOMEM, B_TRUE);
7146 7152 exit(Z_ERR);
7147 7153 }
7148 7154
7149 7155 if ((err = zonecfg_get_handle(revert_zone, handle)) != Z_OK) {
7150 7156 saw_error = B_TRUE;
7151 7157 got_handle = B_FALSE;
7152 7158 if (err == Z_NO_ZONE)
7153 7159 zerr(gettext("%s: no such saved zone to revert to."),
7154 7160 revert_zone);
7155 7161 else
7156 7162 zone_perror(zone, err, B_TRUE);
7157 7163 }
7158 7164 (void) strlcpy(zone, revert_zone, sizeof (zone));
7159 7165 }
7160 7166
7161 7167 void
7162 7168 help_func(cmd_t *cmd)
7163 7169 {
7164 7170 int i;
7165 7171
7166 7172 assert(cmd != NULL);
7167 7173
7168 7174 if (cmd->cmd_argc == 0) {
7169 7175 usage(B_TRUE, global_scope ? HELP_SUBCMDS : HELP_RES_SCOPE);
7170 7176 return;
7171 7177 }
7172 7178 if (strcmp(cmd->cmd_argv[0], "usage") == 0) {
7173 7179 usage(B_TRUE, HELP_USAGE);
7174 7180 return;
7175 7181 }
7176 7182 if (strcmp(cmd->cmd_argv[0], "commands") == 0) {
7177 7183 usage(B_TRUE, HELP_SUBCMDS);
7178 7184 return;
7179 7185 }
7180 7186 if (strcmp(cmd->cmd_argv[0], "syntax") == 0) {
7181 7187 usage(B_TRUE, HELP_SYNTAX | HELP_RES_PROPS);
7182 7188 return;
7183 7189 }
7184 7190 if (strcmp(cmd->cmd_argv[0], "-?") == 0) {
7185 7191 longer_usage(CMD_HELP);
7186 7192 return;
7187 7193 }
7188 7194
7189 7195 for (i = 0; i <= CMD_MAX; i++) {
7190 7196 if (strcmp(cmd->cmd_argv[0], cmd_to_str(i)) == 0) {
7191 7197 longer_usage(i);
7192 7198 return;
7193 7199 }
7194 7200 }
7195 7201 /* We do not use zerr() here because we do not want its extra \n. */
7196 7202 (void) fprintf(stderr, gettext("Unknown help subject %s. "),
7197 7203 cmd->cmd_argv[0]);
7198 7204 usage(B_FALSE, HELP_META);
7199 7205 }
7200 7206
7201 7207 static int
7202 7208 string_to_yyin(char *string)
7203 7209 {
7204 7210 if ((yyin = tmpfile()) == NULL) {
7205 7211 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7206 7212 return (Z_ERR);
7207 7213 }
7208 7214 if (fwrite(string, strlen(string), 1, yyin) != 1) {
7209 7215 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7210 7216 return (Z_ERR);
7211 7217 }
7212 7218 if (fseek(yyin, 0, SEEK_SET) != 0) {
7213 7219 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
7214 7220 return (Z_ERR);
7215 7221 }
7216 7222 return (Z_OK);
7217 7223 }
7218 7224
7219 7225 /* This is the back-end helper function for read_input() below. */
7220 7226
7221 7227 static int
7222 7228 cleanup()
7223 7229 {
7224 7230 int answer;
7225 7231 cmd_t *cmd;
7226 7232
7227 7233 if (!interactive_mode && !cmd_file_mode) {
7228 7234 /*
7229 7235 * If we're not in interactive mode, and we're not in command
7230 7236 * file mode, then we must be in commands-from-the-command-line
7231 7237 * mode. As such, we can't loop back and ask for more input.
7232 7238 * It was OK to prompt for such things as whether or not to
7233 7239 * really delete a zone in the command handler called from
7234 7240 * yyparse() above, but "really quit?" makes no sense in this
7235 7241 * context. So disable prompting.
7236 7242 */
7237 7243 ok_to_prompt = B_FALSE;
7238 7244 }
7239 7245 if (!global_scope) {
7240 7246 if (!time_to_exit) {
7241 7247 /*
7242 7248 * Just print a simple error message in the -1 case,
7243 7249 * since exit_func() already handles that case, and
7244 7250 * EOF means we are finished anyway.
7245 7251 */
7246 7252 answer = ask_yesno(B_FALSE,
7247 7253 gettext("Resource incomplete; really quit"));
7248 7254 if (answer == -1) {
7249 7255 zerr(gettext("Resource incomplete."));
7250 7256 return (Z_ERR);
7251 7257 }
7252 7258 if (answer != 1) {
7253 7259 yyin = stdin;
7254 7260 return (Z_REPEAT);
7255 7261 }
7256 7262 } else {
7257 7263 saw_error = B_TRUE;
7258 7264 }
7259 7265 }
7260 7266 /*
7261 7267 * Make sure we tried something and that the handle checks
7262 7268 * out, or we would get a false error trying to commit.
7263 7269 */
7264 7270 if (need_to_commit && zonecfg_check_handle(handle) == Z_OK) {
7265 7271 if ((cmd = alloc_cmd()) == NULL) {
7266 7272 zone_perror(zone, Z_NOMEM, B_TRUE);
7267 7273 return (Z_ERR);
7268 7274 }
7269 7275 cmd->cmd_argc = 0;
7270 7276 cmd->cmd_argv[0] = NULL;
7271 7277 commit_func(cmd);
7272 7278 free_cmd(cmd);
7273 7279 /*
7274 7280 * need_to_commit will get set back to FALSE if the
7275 7281 * configuration is saved successfully.
7276 7282 */
7277 7283 if (need_to_commit) {
7278 7284 if (force_exit) {
7279 7285 zerr(gettext("Configuration not saved."));
7280 7286 return (Z_ERR);
7281 7287 }
7282 7288 answer = ask_yesno(B_FALSE,
7283 7289 gettext("Configuration not saved; really quit"));
7284 7290 if (answer == -1) {
7285 7291 zerr(gettext("Configuration not saved."));
7286 7292 return (Z_ERR);
7287 7293 }
7288 7294 if (answer != 1) {
7289 7295 time_to_exit = B_FALSE;
7290 7296 yyin = stdin;
7291 7297 return (Z_REPEAT);
7292 7298 }
7293 7299 }
7294 7300 }
7295 7301 return ((need_to_commit || saw_error) ? Z_ERR : Z_OK);
7296 7302 }
7297 7303
7298 7304 /*
7299 7305 * read_input() is the driver of this program. It is a wrapper around
7300 7306 * yyparse(), printing appropriate prompts when needed, checking for
7301 7307 * exit conditions and reacting appropriately [the latter in its cleanup()
7302 7308 * helper function].
7303 7309 *
7304 7310 * Like most zonecfg functions, it returns Z_OK or Z_ERR, *or* Z_REPEAT
7305 7311 * so do_interactive() knows that we are not really done (i.e, we asked
7306 7312 * the user if we should really quit and the user said no).
7307 7313 */
7308 7314 static int
7309 7315 read_input()
7310 7316 {
7311 7317 boolean_t yyin_is_a_tty = isatty(fileno(yyin));
7312 7318 /*
7313 7319 * The prompt is "e:z> " or "e:z:r> " where e is execname, z is zone
7314 7320 * and r is resource_scope: 5 is for the two ":"s + "> " + terminator.
7315 7321 */
7316 7322 char prompt[MAXPATHLEN + ZONENAME_MAX + MAX_RT_STRLEN + 5], *line;
7317 7323
7318 7324 /* yyin should have been set to the appropriate (FILE *) if not stdin */
7319 7325 newline_terminated = B_TRUE;
7320 7326 for (;;) {
7321 7327 if (yyin_is_a_tty) {
7322 7328 if (newline_terminated) {
7323 7329 if (global_scope)
7324 7330 (void) snprintf(prompt, sizeof (prompt),
7325 7331 "%s:%s> ", execname, zone);
7326 7332 else
7327 7333 (void) snprintf(prompt, sizeof (prompt),
7328 7334 "%s:%s:%s> ", execname, zone,
7329 7335 rt_to_str(resource_scope));
7330 7336 }
7331 7337 /*
7332 7338 * If the user hits ^C then we want to catch it and
7333 7339 * start over. If the user hits EOF then we want to
7334 7340 * bail out.
7335 7341 */
7336 7342 line = gl_get_line(gl, prompt, NULL, -1);
7337 7343 if (gl_return_status(gl) == GLR_SIGNAL) {
7338 7344 gl_abandon_line(gl);
7339 7345 continue;
7340 7346 }
7341 7347 if (line == NULL)
7342 7348 break;
7343 7349 (void) string_to_yyin(line);
7344 7350 while (!feof(yyin))
7345 7351 yyparse();
7346 7352 } else {
7347 7353 yyparse();
7348 7354 }
7349 7355 /* Bail out on an error in command file mode. */
7350 7356 if (saw_error && cmd_file_mode && !interactive_mode)
7351 7357 time_to_exit = B_TRUE;
7352 7358 if (time_to_exit || (!yyin_is_a_tty && feof(yyin)))
7353 7359 break;
7354 7360 }
7355 7361 return (cleanup());
7356 7362 }
7357 7363
7358 7364 /*
7359 7365 * This function is used in the zonecfg-interactive-mode scenario: it just
7360 7366 * calls read_input() until we are done.
7361 7367 */
7362 7368
7363 7369 static int
7364 7370 do_interactive(void)
7365 7371 {
7366 7372 int err;
7367 7373
7368 7374 interactive_mode = B_TRUE;
7369 7375 if (!read_only_mode) {
7370 7376 /*
7371 7377 * Try to set things up proactively in interactive mode, so
7372 7378 * that if the zone in question does not exist yet, we can
7373 7379 * provide the user with a clue.
7374 7380 */
7375 7381 (void) initialize(B_FALSE);
7376 7382 }
7377 7383 do {
7378 7384 err = read_input();
7379 7385 } while (err == Z_REPEAT);
7380 7386 return (err);
7381 7387 }
7382 7388
7383 7389 /*
7384 7390 * cmd_file is slightly more complicated, as it has to open the command file
7385 7391 * and set yyin appropriately. Once that is done, though, it just calls
7386 7392 * read_input(), and only once, since prompting is not possible.
7387 7393 */
7388 7394
7389 7395 static int
7390 7396 cmd_file(char *file)
7391 7397 {
7392 7398 FILE *infile;
7393 7399 int err;
7394 7400 struct stat statbuf;
7395 7401 boolean_t using_real_file = (strcmp(file, "-") != 0);
7396 7402
7397 7403 if (using_real_file) {
7398 7404 /*
7399 7405 * zerr() prints a line number in cmd_file_mode, which we do
7400 7406 * not want here, so temporarily unset it.
7401 7407 */
7402 7408 cmd_file_mode = B_FALSE;
7403 7409 if ((infile = fopen(file, "r")) == NULL) {
7404 7410 zerr(gettext("could not open file %s: %s"),
7405 7411 file, strerror(errno));
7406 7412 return (Z_ERR);
7407 7413 }
7408 7414 if ((err = fstat(fileno(infile), &statbuf)) != 0) {
7409 7415 zerr(gettext("could not stat file %s: %s"),
7410 7416 file, strerror(errno));
7411 7417 err = Z_ERR;
7412 7418 goto done;
7413 7419 }
7414 7420 if (!S_ISREG(statbuf.st_mode)) {
7415 7421 zerr(gettext("%s is not a regular file."), file);
7416 7422 err = Z_ERR;
7417 7423 goto done;
7418 7424 }
7419 7425 yyin = infile;
7420 7426 cmd_file_mode = B_TRUE;
7421 7427 ok_to_prompt = B_FALSE;
7422 7428 } else {
7423 7429 /*
7424 7430 * "-f -" is essentially the same as interactive mode,
7425 7431 * so treat it that way.
7426 7432 */
7427 7433 interactive_mode = B_TRUE;
7428 7434 }
7429 7435 /* Z_REPEAT is for interactive mode; treat it like Z_ERR here. */
7430 7436 if ((err = read_input()) == Z_REPEAT)
7431 7437 err = Z_ERR;
7432 7438 done:
7433 7439 if (using_real_file)
7434 7440 (void) fclose(infile);
7435 7441 return (err);
7436 7442 }
7437 7443
7438 7444 /*
7439 7445 * Since yacc is based on reading from a (FILE *) whereas what we get from
7440 7446 * the command line is in argv format, we need to convert when the user
7441 7447 * gives us commands directly from the command line. That is done here by
7442 7448 * concatenating the argv list into a space-separated string, writing it
7443 7449 * to a temp file, and rewinding the file so yyin can be set to it. Then
7444 7450 * we call read_input(), and only once, since prompting about whether to
7445 7451 * continue or quit would make no sense in this context.
7446 7452 */
7447 7453
7448 7454 static int
7449 7455 one_command_at_a_time(int argc, char *argv[])
7450 7456 {
7451 7457 char *command;
7452 7458 size_t len = 2; /* terminal \n\0 */
7453 7459 int i, err;
7454 7460
7455 7461 for (i = 0; i < argc; i++)
7456 7462 len += strlen(argv[i]) + 1;
7457 7463 if ((command = malloc(len)) == NULL) {
7458 7464 zone_perror(execname, Z_NOMEM, B_TRUE);
7459 7465 return (Z_ERR);
7460 7466 }
7461 7467 (void) strlcpy(command, argv[0], len);
7462 7468 for (i = 1; i < argc; i++) {
7463 7469 (void) strlcat(command, " ", len);
7464 7470 (void) strlcat(command, argv[i], len);
7465 7471 }
7466 7472 (void) strlcat(command, "\n", len);
7467 7473 err = string_to_yyin(command);
7468 7474 free(command);
7469 7475 if (err != Z_OK)
7470 7476 return (err);
7471 7477 while (!feof(yyin))
7472 7478 yyparse();
7473 7479 return (cleanup());
7474 7480 }
7475 7481
7476 7482 static char *
7477 7483 get_execbasename(char *execfullname)
7478 7484 {
7479 7485 char *last_slash, *execbasename;
7480 7486
7481 7487 /* guard against '/' at end of command invocation */
7482 7488 for (;;) {
7483 7489 last_slash = strrchr(execfullname, '/');
7484 7490 if (last_slash == NULL) {
7485 7491 execbasename = execfullname;
7486 7492 break;
7487 7493 } else {
7488 7494 execbasename = last_slash + 1;
7489 7495 if (*execbasename == '\0') {
7490 7496 *last_slash = '\0';
7491 7497 continue;
7492 7498 }
7493 7499 break;
7494 7500 }
7495 7501 }
7496 7502 return (execbasename);
7497 7503 }
7498 7504
7499 7505 int
7500 7506 main(int argc, char *argv[])
7501 7507 {
7502 7508 int err, arg;
7503 7509 struct stat st;
7504 7510
7505 7511 /* This must be before anything goes to stdout. */
7506 7512 setbuf(stdout, NULL);
7507 7513
7508 7514 saw_error = B_FALSE;
7509 7515 cmd_file_mode = B_FALSE;
7510 7516 execname = get_execbasename(argv[0]);
7511 7517
7512 7518 (void) setlocale(LC_ALL, "");
7513 7519 (void) textdomain(TEXT_DOMAIN);
7514 7520
7515 7521 if (getzoneid() != GLOBAL_ZONEID) {
7516 7522 zerr(gettext("%s can only be run from the global zone."),
7517 7523 execname);
7518 7524 exit(Z_ERR);
7519 7525 }
7520 7526
7521 7527 if (argc < 2) {
7522 7528 usage(B_FALSE, HELP_USAGE | HELP_SUBCMDS);
7523 7529 exit(Z_USAGE);
7524 7530 }
7525 7531 if (strcmp(argv[1], cmd_to_str(CMD_HELP)) == 0) {
7526 7532 (void) one_command_at_a_time(argc - 1, &(argv[1]));
7527 7533 exit(Z_OK);
7528 7534 }
7529 7535
7530 7536 while ((arg = getopt(argc, argv, "?f:R:z:")) != EOF) {
7531 7537 switch (arg) {
7532 7538 case '?':
7533 7539 if (optopt == '?')
7534 7540 usage(B_TRUE, HELP_USAGE | HELP_SUBCMDS);
7535 7541 else
7536 7542 usage(B_FALSE, HELP_USAGE);
7537 7543 exit(Z_USAGE);
7538 7544 /* NOTREACHED */
7539 7545 case 'f':
7540 7546 cmd_file_name = optarg;
7541 7547 cmd_file_mode = B_TRUE;
7542 7548 break;
7543 7549 case 'R':
7544 7550 if (*optarg != '/') {
7545 7551 zerr(gettext("root path must be absolute: %s"),
7546 7552 optarg);
7547 7553 exit(Z_USAGE);
7548 7554 }
7549 7555 if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
7550 7556 zerr(gettext(
7551 7557 "root path must be a directory: %s"),
7552 7558 optarg);
7553 7559 exit(Z_USAGE);
7554 7560 }
7555 7561 zonecfg_set_root(optarg);
7556 7562 break;
7557 7563 case 'z':
7558 7564 if (strcmp(optarg, GLOBAL_ZONENAME) == 0) {
7559 7565 global_zone = B_TRUE;
7560 7566 } else if (zonecfg_validate_zonename(optarg) != Z_OK) {
7561 7567 zone_perror(optarg, Z_BOGUS_ZONE_NAME, B_TRUE);
7562 7568 usage(B_FALSE, HELP_SYNTAX);
7563 7569 exit(Z_USAGE);
7564 7570 }
7565 7571 (void) strlcpy(zone, optarg, sizeof (zone));
7566 7572 (void) strlcpy(revert_zone, optarg, sizeof (zone));
7567 7573 break;
7568 7574 default:
7569 7575 usage(B_FALSE, HELP_USAGE);
7570 7576 exit(Z_USAGE);
7571 7577 }
7572 7578 }
7573 7579
7574 7580 if (optind > argc || strcmp(zone, "") == 0) {
7575 7581 usage(B_FALSE, HELP_USAGE);
7576 7582 exit(Z_USAGE);
7577 7583 }
7578 7584
7579 7585 if ((err = zonecfg_access(zone, W_OK)) == Z_OK) {
7580 7586 read_only_mode = B_FALSE;
7581 7587 } else if (err == Z_ACCES) {
7582 7588 read_only_mode = B_TRUE;
7583 7589 /* skip this message in one-off from command line mode */
7584 7590 if (optind == argc)
7585 7591 (void) fprintf(stderr, gettext("WARNING: you do not "
7586 7592 "have write access to this zone's configuration "
7587 7593 "file;\ngoing into read-only mode.\n"));
7588 7594 } else {
7589 7595 fprintf(stderr, "%s: Could not access zone configuration "
7590 7596 "store: %s\n", execname, zonecfg_strerror(err));
7591 7597 exit(Z_ERR);
7592 7598 }
7593 7599
7594 7600 if ((handle = zonecfg_init_handle()) == NULL) {
7595 7601 zone_perror(execname, Z_NOMEM, B_TRUE);
7596 7602 exit(Z_ERR);
7597 7603 }
7598 7604
7599 7605 /*
7600 7606 * This may get set back to FALSE again in cmd_file() if cmd_file_name
7601 7607 * is a "real" file as opposed to "-" (i.e. meaning use stdin).
7602 7608 */
7603 7609 if (isatty(STDIN_FILENO))
7604 7610 ok_to_prompt = B_TRUE;
7605 7611 if ((gl = new_GetLine(MAX_LINE_LEN, MAX_CMD_HIST)) == NULL)
7606 7612 exit(Z_ERR);
7607 7613 if (gl_customize_completion(gl, NULL, cmd_cpl_fn) != 0)
7608 7614 exit(Z_ERR);
7609 7615 (void) sigset(SIGINT, SIG_IGN);
7610 7616 if (optind == argc) {
7611 7617 if (!cmd_file_mode)
7612 7618 err = do_interactive();
7613 7619 else
7614 7620 err = cmd_file(cmd_file_name);
7615 7621 } else {
7616 7622 err = one_command_at_a_time(argc - optind, &(argv[optind]));
7617 7623 }
7618 7624 zonecfg_fini_handle(handle);
7619 7625 if (brand != NULL)
7620 7626 brand_close(brand);
7621 7627 (void) del_GetLine(gl);
7622 7628 return (err);
7623 7629 }
|
↓ open down ↓ |
1201 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX