Print this page
7029 want per-process exploit mitigation features (secflags)
7030 want basic address space layout randomization (aslr)
7031 noexec_user_stack should be a secflag
7032 want a means to forbid mappings around NULL.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/zonecfg/zonecfg.c
+++ new/usr/src/cmd/zonecfg/zonecfg.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 25 * Copyright 2014 Gary Mills
26 26 */
27 27
28 28 /*
29 29 * zonecfg is a lex/yacc based command interpreter used to manage zone
30 30 * configurations. The lexer (see zonecfg_lex.l) builds up tokens, which
31 31 * the grammar (see zonecfg_grammar.y) builds up into commands, some of
32 32 * which takes resources and/or properties as arguments. See the block
33 33 * comments near the end of zonecfg_grammar.y for how the data structures
34 34 * which keep track of these resources and properties are built up.
35 35 *
36 36 * The resource/property data structures are inserted into a command
37 37 * structure (see zonecfg.h), which also keeps track of command names,
38 38 * miscellaneous arguments, and function handlers. The grammar selects
39 39 * the appropriate function handler, each of which takes a pointer to a
40 40 * command structure as its sole argument, and invokes it. The grammar
41 41 * itself is "entered" (a la the Matrix) by yyparse(), which is called
42 42 * from read_input(), our main driving function. That in turn is called
43 43 * by one of do_interactive(), cmd_file() or one_command_at_a_time(), each
44 44 * of which is called from main() depending on how the program was invoked.
45 45 *
|
↓ open down ↓ |
45 lines elided |
↑ open up ↑ |
46 46 * The rest of this module consists of the various function handlers and
47 47 * their helper functions. Some of these functions, particularly the
48 48 * X_to_str() functions, which maps command, resource and property numbers
49 49 * to strings, are used quite liberally, as doing so results in a better
50 50 * program w/rt I18N, reducing the need for translation notes.
51 51 */
52 52
53 53 #include <sys/mntent.h>
54 54 #include <sys/varargs.h>
55 55 #include <sys/sysmacros.h>
56 +#include <sys/secflags.h>
56 57
57 58 #include <errno.h>
58 59 #include <fcntl.h>
59 60 #include <strings.h>
60 61 #include <unistd.h>
61 62 #include <ctype.h>
62 63 #include <stdlib.h>
63 64 #include <assert.h>
64 65 #include <sys/stat.h>
65 66 #include <zone.h>
66 67 #include <arpa/inet.h>
67 68 #include <netdb.h>
68 69 #include <locale.h>
69 70 #include <libintl.h>
70 71 #include <alloca.h>
71 72 #include <signal.h>
72 73 #include <wait.h>
73 74 #include <libtecla.h>
74 75 #include <libzfs.h>
75 76 #include <sys/brand.h>
76 77 #include <libbrand.h>
77 78 #include <sys/systeminfo.h>
78 79 #include <libdladm.h>
79 80 #include <libinetutil.h>
80 81 #include <pwd.h>
81 82 #include <inet/ip.h>
82 83
83 84 #include <libzonecfg.h>
84 85 #include "zonecfg.h"
85 86
86 87 #if !defined(TEXT_DOMAIN) /* should be defined by cc -D */
87 88 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */
88 89 #endif
89 90
90 91 #define PAGER "/usr/bin/more"
91 92 #define EXEC_PREFIX "exec "
92 93 #define EXEC_LEN (strlen(EXEC_PREFIX))
93 94
94 95 struct help {
95 96 uint_t cmd_num;
96 97 char *cmd_name;
97 98 uint_t flags;
98 99 char *short_usage;
99 100 };
100 101
101 102 extern int yyparse(void);
102 103 extern int lex_lineno;
103 104
104 105 #define MAX_LINE_LEN 1024
105 106 #define MAX_CMD_HIST 1024
106 107 #define MAX_CMD_LEN 1024
107 108
108 109 #define ONE_MB 1048576
109 110
110 111 /*
111 112 * Each SHELP_ should be a simple string.
112 113 */
113 114
114 115 #define SHELP_ADD "add <resource-type>\n\t(global scope)\n" \
115 116 "add <property-name> <property-value>\n\t(resource scope)"
116 117 #define SHELP_CANCEL "cancel"
117 118 #define SHELP_CLEAR "clear <property-name>"
118 119 #define SHELP_COMMIT "commit"
119 120 #define SHELP_CREATE "create [-F] [ -a <path> | -b | -t <template> ]"
120 121 #define SHELP_DELETE "delete [-F]"
121 122 #define SHELP_END "end"
122 123 #define SHELP_EXIT "exit [-F]"
123 124 #define SHELP_EXPORT "export [-f output-file]"
124 125 #define SHELP_HELP "help [commands] [syntax] [usage] [<command-name>]"
125 126 #define SHELP_INFO "info [<resource-type> [property-name=property-value]*]"
126 127 #define SHELP_REMOVE "remove [-F] <resource-type> " \
127 128 "[ <property-name>=<property-value> ]*\n" \
128 129 "\t(global scope)\n" \
129 130 "remove <property-name> <property-value>\n" \
130 131 "\t(resource scope)"
131 132 #define SHELP_REVERT "revert [-F]"
132 133 #define SHELP_SELECT "select <resource-type> { <property-name>=" \
133 134 "<property-value> }"
134 135 #define SHELP_SET "set <property-name>=<property-value>"
135 136 #define SHELP_VERIFY "verify"
136 137
137 138 static struct help helptab[] = {
138 139 { CMD_ADD, "add", HELP_RES_PROPS, SHELP_ADD, },
139 140 { CMD_CANCEL, "cancel", 0, SHELP_CANCEL, },
140 141 { CMD_CLEAR, "clear", HELP_PROPS, SHELP_CLEAR, },
141 142 { CMD_COMMIT, "commit", 0, SHELP_COMMIT, },
142 143 { CMD_CREATE, "create", 0, SHELP_CREATE, },
143 144 { CMD_DELETE, "delete", 0, SHELP_DELETE, },
144 145 { CMD_END, "end", 0, SHELP_END, },
145 146 { CMD_EXIT, "exit", 0, SHELP_EXIT, },
146 147 { CMD_EXPORT, "export", 0, SHELP_EXPORT, },
147 148 { CMD_HELP, "help", 0, SHELP_HELP },
148 149 { CMD_INFO, "info", HELP_RES_PROPS, SHELP_INFO, },
149 150 { CMD_REMOVE, "remove", HELP_RES_PROPS, SHELP_REMOVE, },
150 151 { CMD_REVERT, "revert", 0, SHELP_REVERT, },
151 152 { CMD_SELECT, "select", HELP_RES_PROPS, SHELP_SELECT, },
152 153 { CMD_SET, "set", HELP_PROPS, SHELP_SET, },
153 154 { CMD_VERIFY, "verify", 0, SHELP_VERIFY, },
154 155 { 0 },
155 156 };
156 157
157 158 #define MAX_RT_STRLEN 16
158 159
159 160 /* These *must* match the order of the RT_ define's from zonecfg.h */
160 161 char *res_types[] = {
161 162 "unknown",
162 163 "zonename",
163 164 "zonepath",
164 165 "autoboot",
165 166 "pool",
166 167 "fs",
167 168 "net",
168 169 "device",
169 170 "rctl",
170 171 "attr",
171 172 "dataset",
172 173 "limitpriv",
173 174 "bootargs",
174 175 "brand",
175 176 "dedicated-cpu",
176 177 "capped-memory",
177 178 ALIAS_MAXLWPS,
178 179 ALIAS_MAXSHMMEM,
179 180 ALIAS_MAXSHMIDS,
|
↓ open down ↓ |
114 lines elided |
↑ open up ↑ |
180 181 ALIAS_MAXMSGIDS,
181 182 ALIAS_MAXSEMIDS,
182 183 ALIAS_SHARES,
183 184 "scheduling-class",
184 185 "ip-type",
185 186 "capped-cpu",
186 187 "hostid",
187 188 "admin",
188 189 "fs-allowed",
189 190 ALIAS_MAXPROCS,
191 + "security-flags",
190 192 NULL
191 193 };
192 194
193 195 /* These *must* match the order of the PT_ define's from zonecfg.h */
194 196 char *prop_types[] = {
195 197 "unknown",
196 198 "zonename",
197 199 "zonepath",
198 200 "autoboot",
199 201 "pool",
200 202 "dir",
201 203 "special",
202 204 "type",
203 205 "options",
204 206 "address",
205 207 "physical",
206 208 "name",
207 209 "value",
208 210 "match",
209 211 "priv",
210 212 "limit",
211 213 "action",
212 214 "raw",
213 215 "limitpriv",
214 216 "bootargs",
215 217 "brand",
216 218 "ncpus",
217 219 "importance",
218 220 "swap",
219 221 "locked",
220 222 ALIAS_SHARES,
221 223 ALIAS_MAXLWPS,
222 224 ALIAS_MAXSHMMEM,
223 225 ALIAS_MAXSHMIDS,
224 226 ALIAS_MAXMSGIDS,
225 227 ALIAS_MAXSEMIDS,
226 228 ALIAS_MAXLOCKEDMEM,
|
↓ open down ↓ |
27 lines elided |
↑ open up ↑ |
227 229 ALIAS_MAXSWAP,
228 230 "scheduling-class",
229 231 "ip-type",
230 232 "defrouter",
231 233 "hostid",
232 234 "user",
233 235 "auths",
234 236 "fs-allowed",
235 237 ALIAS_MAXPROCS,
236 238 "allowed-address",
239 + "default",
240 + "lower",
241 + "upper",
237 242 NULL
238 243 };
239 244
240 245 /* These *must* match the order of the PROP_VAL_ define's from zonecfg.h */
241 246 static char *prop_val_types[] = {
242 247 "simple",
243 248 "complex",
244 249 "list",
245 250 };
246 251
247 252 /*
248 253 * The various _cmds[] lists below are for command tab-completion.
249 254 */
250 255
251 256 /*
252 257 * remove has a space afterwards because it has qualifiers; the other commands
253 258 * that have qualifiers (add, select, etc.) don't need a space here because
254 259 * they have their own _cmds[] lists below.
255 260 */
256 261 static const char *global_scope_cmds[] = {
257 262 "add",
258 263 "clear",
259 264 "commit",
260 265 "create",
261 266 "delete",
262 267 "exit",
263 268 "export",
264 269 "help",
265 270 "info",
266 271 "remove ",
267 272 "revert",
268 273 "select",
269 274 "set",
270 275 "verify",
271 276 NULL
272 277 };
273 278
274 279 static const char *add_cmds[] = {
|
↓ open down ↓ |
28 lines elided |
↑ open up ↑ |
275 280 "add fs",
276 281 "add net",
277 282 "add device",
278 283 "add rctl",
279 284 "add attr",
280 285 "add dataset",
281 286 "add dedicated-cpu",
282 287 "add capped-cpu",
283 288 "add capped-memory",
284 289 "add admin",
290 + "add security-flags",
285 291 NULL
286 292 };
287 293
288 294 static const char *clear_cmds[] = {
289 295 "clear autoboot",
290 296 "clear pool",
291 297 "clear limitpriv",
292 298 "clear bootargs",
293 299 "clear scheduling-class",
294 300 "clear ip-type",
295 301 "clear " ALIAS_MAXLWPS,
296 302 "clear " ALIAS_MAXSHMMEM,
297 303 "clear " ALIAS_MAXSHMIDS,
298 304 "clear " ALIAS_MAXMSGIDS,
299 305 "clear " ALIAS_MAXSEMIDS,
300 306 "clear " ALIAS_SHARES,
301 307 "clear " ALIAS_MAXPROCS,
302 308 NULL
303 309 };
304 310
305 311 static const char *remove_cmds[] = {
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
306 312 "remove fs ",
307 313 "remove net ",
308 314 "remove device ",
309 315 "remove rctl ",
310 316 "remove attr ",
311 317 "remove dataset ",
312 318 "remove dedicated-cpu ",
313 319 "remove capped-cpu ",
314 320 "remove capped-memory ",
315 321 "remove admin ",
322 + "remove security-flags",
316 323 NULL
317 324 };
318 325
319 326 static const char *select_cmds[] = {
320 327 "select fs ",
321 328 "select net ",
322 329 "select device ",
323 330 "select rctl ",
324 331 "select attr ",
325 332 "select dataset ",
326 333 "select dedicated-cpu",
327 334 "select capped-cpu",
328 335 "select capped-memory",
329 336 "select admin",
337 + "select security-flags",
330 338 NULL
331 339 };
332 340
333 341 static const char *set_cmds[] = {
334 342 "set zonename=",
335 343 "set zonepath=",
336 344 "set brand=",
337 345 "set autoboot=",
338 346 "set pool=",
339 347 "set limitpriv=",
340 348 "set bootargs=",
341 349 "set scheduling-class=",
342 350 "set ip-type=",
343 351 "set " ALIAS_MAXLWPS "=",
344 352 "set " ALIAS_MAXSHMMEM "=",
345 353 "set " ALIAS_MAXSHMIDS "=",
346 354 "set " ALIAS_MAXMSGIDS "=",
347 355 "set " ALIAS_MAXSEMIDS "=",
348 356 "set " ALIAS_SHARES "=",
349 357 "set hostid=",
350 358 "set fs-allowed=",
351 359 "set " ALIAS_MAXPROCS "=",
352 360 NULL
353 361 };
354 362
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
355 363 static const char *info_cmds[] = {
356 364 "info fs ",
357 365 "info net ",
358 366 "info device ",
359 367 "info rctl ",
360 368 "info attr ",
361 369 "info dataset ",
362 370 "info capped-memory",
363 371 "info dedicated-cpu",
364 372 "info capped-cpu",
373 + "info security-flags",
365 374 "info zonename",
366 375 "info zonepath",
367 376 "info autoboot",
368 377 "info pool",
369 378 "info limitpriv",
370 379 "info bootargs",
371 380 "info brand",
372 381 "info scheduling-class",
373 382 "info ip-type",
374 383 "info max-lwps",
375 384 "info max-shm-memory",
376 385 "info max-shm-ids",
377 386 "info max-msg-ids",
378 387 "info max-sem-ids",
379 388 "info cpu-shares",
380 389 "info hostid",
381 390 "info admin",
382 391 "info fs-allowed",
383 392 "info max-processes",
384 393 NULL
385 394 };
386 395
387 396 static const char *fs_res_scope_cmds[] = {
388 397 "add options ",
389 398 "cancel",
390 399 "end",
391 400 "exit",
392 401 "help",
393 402 "info",
394 403 "remove options ",
395 404 "set dir=",
396 405 "set raw=",
397 406 "set special=",
398 407 "set type=",
399 408 "clear raw",
400 409 NULL
401 410 };
402 411
403 412 static const char *net_res_scope_cmds[] = {
404 413 "cancel",
405 414 "end",
406 415 "exit",
407 416 "help",
408 417 "info",
409 418 "set address=",
410 419 "set physical=",
411 420 "set defrouter=",
412 421 NULL
413 422 };
414 423
415 424 static const char *device_res_scope_cmds[] = {
416 425 "cancel",
417 426 "end",
418 427 "exit",
419 428 "help",
420 429 "info",
421 430 "set match=",
422 431 NULL
423 432 };
424 433
425 434 static const char *attr_res_scope_cmds[] = {
426 435 "cancel",
427 436 "end",
428 437 "exit",
429 438 "help",
430 439 "info",
431 440 "set name=",
432 441 "set type=",
433 442 "set value=",
434 443 NULL
435 444 };
436 445
437 446 static const char *rctl_res_scope_cmds[] = {
438 447 "add value ",
439 448 "cancel",
440 449 "end",
441 450 "exit",
442 451 "help",
443 452 "info",
444 453 "remove value ",
445 454 "set name=",
446 455 NULL
447 456 };
448 457
449 458 static const char *dataset_res_scope_cmds[] = {
450 459 "cancel",
451 460 "end",
452 461 "exit",
453 462 "help",
454 463 "info",
455 464 "set name=",
456 465 NULL
457 466 };
458 467
459 468 static const char *pset_res_scope_cmds[] = {
460 469 "cancel",
461 470 "end",
462 471 "exit",
463 472 "help",
464 473 "info",
465 474 "set ncpus=",
466 475 "set importance=",
467 476 "clear importance",
468 477 NULL
469 478 };
470 479
471 480 static const char *pcap_res_scope_cmds[] = {
472 481 "cancel",
473 482 "end",
474 483 "exit",
475 484 "help",
476 485 "info",
477 486 "set ncpus=",
478 487 NULL
479 488 };
480 489
481 490 static const char *mcap_res_scope_cmds[] = {
482 491 "cancel",
483 492 "end",
484 493 "exit",
485 494 "help",
486 495 "info",
487 496 "set physical=",
488 497 "set swap=",
489 498 "set locked=",
490 499 "clear physical",
491 500 "clear swap",
492 501 "clear locked",
493 502 NULL
494 503 };
495 504
496 505 static const char *admin_res_scope_cmds[] = {
|
↓ open down ↓ |
122 lines elided |
↑ open up ↑ |
497 506 "cancel",
498 507 "end",
499 508 "exit",
500 509 "help",
501 510 "info",
502 511 "set user=",
503 512 "set auths=",
504 513 NULL
505 514 };
506 515
516 +static const char *secflags_res_scope_cmds[] = {
517 + "cancel",
518 + "end",
519 + "exit",
520 + "set default=",
521 + "set lower=",
522 + "set upper=",
523 + NULL
524 +};
525 +
507 526 struct xif {
508 527 struct xif *xif_next;
509 528 char xif_name[LIFNAMSIZ];
510 529 boolean_t xif_has_address;
511 530 boolean_t xif_has_defrouter;
512 531 };
513 532
514 533 /* Global variables */
515 534
516 535 /* list of network interfaces specified for exclusive IP zone */
517 536 struct xif *xif;
518 537
519 538 /* set early in main(), never modified thereafter, used all over the place */
520 539 static char *execname;
521 540
522 541 /* set in main(), used all over the place */
523 542 static zone_dochandle_t handle;
524 543
525 544 /* used all over the place */
526 545 static char zone[ZONENAME_MAX];
527 546 static char revert_zone[ZONENAME_MAX];
528 547
529 548 /* global brand operations */
530 549 static brand_handle_t brand;
531 550
532 551 /* set in modifying functions, checked in read_input() */
533 552 static boolean_t need_to_commit = B_FALSE;
534 553 boolean_t saw_error;
535 554
536 555 /* set in yacc parser, checked in read_input() */
537 556 boolean_t newline_terminated;
538 557
539 558 /* set in main(), checked in lex error handler */
540 559 boolean_t cmd_file_mode;
541 560
542 561 /* set in exit_func(), checked in read_input() */
543 562 static boolean_t time_to_exit = B_FALSE, force_exit = B_FALSE;
544 563
545 564 /* used in short_usage() and zerr() */
546 565 static char *cmd_file_name = NULL;
547 566
548 567 /* checked in read_input() and other places */
549 568 static boolean_t ok_to_prompt = B_FALSE;
550 569
551 570 /* set and checked in initialize() */
552 571 static boolean_t got_handle = B_FALSE;
553 572
554 573 /* initialized in do_interactive(), checked in initialize() */
555 574 static boolean_t interactive_mode;
556 575
557 576 /* set if configuring the global zone */
558 577 static boolean_t global_zone = B_FALSE;
559 578
560 579 /* set in main(), checked in multiple places */
561 580 static boolean_t read_only_mode;
562 581
563 582 /* scope is outer/global or inner/resource */
564 583 static boolean_t global_scope = B_TRUE;
565 584 static int resource_scope; /* should be in the RT_ list from zonecfg.h */
566 585 static int end_op = -1; /* operation on end is either add or modify */
567 586
568 587 int num_prop_vals; /* for grammar */
569 588
570 589 /*
571 590 * These are for keeping track of resources as they are specified as part of
572 591 * the multi-step process. They should be initialized by add_resource() or
573 592 * select_func() and filled in by add_property() or set_func().
|
↓ open down ↓ |
57 lines elided |
↑ open up ↑ |
574 593 */
575 594 static struct zone_fstab old_fstab, in_progress_fstab;
576 595 static struct zone_nwiftab old_nwiftab, in_progress_nwiftab;
577 596 static struct zone_devtab old_devtab, in_progress_devtab;
578 597 static struct zone_rctltab old_rctltab, in_progress_rctltab;
579 598 static struct zone_attrtab old_attrtab, in_progress_attrtab;
580 599 static struct zone_dstab old_dstab, in_progress_dstab;
581 600 static struct zone_psettab old_psettab, in_progress_psettab;
582 601 static struct zone_mcaptab old_mcaptab, in_progress_mcaptab;
583 602 static struct zone_admintab old_admintab, in_progress_admintab;
603 +static struct zone_secflagstab old_secflagstab, in_progress_secflagstab;
584 604
585 605 static GetLine *gl; /* The gl_get_line() resource object */
586 606
587 607 static void bytes_to_units(char *str, char *buf, int bufsize);
588 608
589 609 /* Functions begin here */
590 610
591 611 static boolean_t
592 612 initial_match(const char *line1, const char *line2, int word_end)
593 613 {
594 614 if (word_end <= 0)
595 615 return (B_TRUE);
596 616 return (strncmp(line1, line2, word_end) == 0);
597 617 }
598 618
599 619 static int
600 620 add_stuff(WordCompletion *cpl, const char *line1, const char **list,
601 621 int word_end)
602 622 {
603 623 int i, err;
604 624
605 625 for (i = 0; list[i] != NULL; i++) {
606 626 if (initial_match(line1, list[i], word_end)) {
607 627 err = cpl_add_completion(cpl, line1, 0, word_end,
608 628 list[i] + word_end, "", "");
609 629 if (err != 0)
610 630 return (err);
611 631 }
612 632 }
613 633 return (0);
614 634 }
615 635
616 636 static
617 637 /* ARGSUSED */
618 638 CPL_MATCH_FN(cmd_cpl_fn)
619 639 {
620 640 if (global_scope) {
621 641 /*
622 642 * The MAX/MIN tests below are to make sure we have at least
623 643 * enough characters to distinguish from other prefixes (MAX)
624 644 * but only check MIN(what we have, what we're checking).
625 645 */
626 646 if (strncmp(line, "add ", MAX(MIN(word_end, 4), 1)) == 0)
627 647 return (add_stuff(cpl, line, add_cmds, word_end));
628 648 if (strncmp(line, "clear ", MAX(MIN(word_end, 6), 2)) == 0)
629 649 return (add_stuff(cpl, line, clear_cmds, word_end));
630 650 if (strncmp(line, "select ", MAX(MIN(word_end, 7), 3)) == 0)
631 651 return (add_stuff(cpl, line, select_cmds, word_end));
632 652 if (strncmp(line, "set ", MAX(MIN(word_end, 4), 3)) == 0)
633 653 return (add_stuff(cpl, line, set_cmds, word_end));
634 654 if (strncmp(line, "remove ", MAX(MIN(word_end, 7), 1)) == 0)
635 655 return (add_stuff(cpl, line, remove_cmds, word_end));
636 656 if (strncmp(line, "info ", MAX(MIN(word_end, 5), 1)) == 0)
637 657 return (add_stuff(cpl, line, info_cmds, word_end));
638 658 return (add_stuff(cpl, line, global_scope_cmds, word_end));
639 659 }
640 660 switch (resource_scope) {
641 661 case RT_FS:
642 662 return (add_stuff(cpl, line, fs_res_scope_cmds, word_end));
643 663 case RT_NET:
644 664 return (add_stuff(cpl, line, net_res_scope_cmds, word_end));
645 665 case RT_DEVICE:
646 666 return (add_stuff(cpl, line, device_res_scope_cmds, word_end));
647 667 case RT_RCTL:
648 668 return (add_stuff(cpl, line, rctl_res_scope_cmds, word_end));
649 669 case RT_ATTR:
650 670 return (add_stuff(cpl, line, attr_res_scope_cmds, word_end));
|
↓ open down ↓ |
57 lines elided |
↑ open up ↑ |
651 671 case RT_DATASET:
652 672 return (add_stuff(cpl, line, dataset_res_scope_cmds, word_end));
653 673 case RT_DCPU:
654 674 return (add_stuff(cpl, line, pset_res_scope_cmds, word_end));
655 675 case RT_PCAP:
656 676 return (add_stuff(cpl, line, pcap_res_scope_cmds, word_end));
657 677 case RT_MCAP:
658 678 return (add_stuff(cpl, line, mcap_res_scope_cmds, word_end));
659 679 case RT_ADMIN:
660 680 return (add_stuff(cpl, line, admin_res_scope_cmds, word_end));
681 + case RT_SECFLAGS:
682 + return (add_stuff(cpl, line, secflags_res_scope_cmds,
683 + word_end));
684 +
661 685 }
662 686 return (0);
663 687 }
664 688
665 689 /*
666 690 * For the main CMD_func() functions below, several of them call getopt()
667 691 * then check optind against argc to make sure an extra parameter was not
668 692 * passed in. The reason this is not caught in the grammar is that the
669 693 * grammar just checks for a miscellaneous TOKEN, which is *expected* to
670 694 * be "-F" (for example), but could be anything. So (for example) this
671 695 * check will prevent "create bogus".
672 696 */
673 697
674 698 cmd_t *
675 699 alloc_cmd(void)
676 700 {
677 701 return (calloc(1, sizeof (cmd_t)));
678 702 }
679 703
680 704 void
681 705 free_cmd(cmd_t *cmd)
682 706 {
683 707 int i;
684 708
685 709 for (i = 0; i < MAX_EQ_PROP_PAIRS; i++)
686 710 if (cmd->cmd_property_ptr[i] != NULL) {
687 711 property_value_ptr_t pp = cmd->cmd_property_ptr[i];
688 712
689 713 switch (pp->pv_type) {
690 714 case PROP_VAL_SIMPLE:
691 715 free(pp->pv_simple);
692 716 break;
693 717 case PROP_VAL_COMPLEX:
694 718 free_complex(pp->pv_complex);
695 719 break;
696 720 case PROP_VAL_LIST:
697 721 free_list(pp->pv_list);
698 722 break;
699 723 }
700 724 }
701 725 for (i = 0; i < cmd->cmd_argc; i++)
702 726 free(cmd->cmd_argv[i]);
703 727 free(cmd);
704 728 }
705 729
706 730 complex_property_ptr_t
707 731 alloc_complex(void)
708 732 {
709 733 return (calloc(1, sizeof (complex_property_t)));
710 734 }
711 735
712 736 void
713 737 free_complex(complex_property_ptr_t complex)
714 738 {
715 739 if (complex == NULL)
716 740 return;
717 741 free_complex(complex->cp_next);
718 742 if (complex->cp_value != NULL)
719 743 free(complex->cp_value);
720 744 free(complex);
721 745 }
722 746
723 747 list_property_ptr_t
724 748 alloc_list(void)
725 749 {
726 750 return (calloc(1, sizeof (list_property_t)));
727 751 }
728 752
729 753 void
730 754 free_list(list_property_ptr_t list)
731 755 {
732 756 if (list == NULL)
733 757 return;
734 758 if (list->lp_simple != NULL)
735 759 free(list->lp_simple);
736 760 free_complex(list->lp_complex);
737 761 free_list(list->lp_next);
738 762 free(list);
739 763 }
740 764
741 765 void
742 766 free_outer_list(list_property_ptr_t list)
743 767 {
744 768 if (list == NULL)
745 769 return;
746 770 free_outer_list(list->lp_next);
747 771 free(list);
748 772 }
749 773
750 774 static struct zone_rctlvaltab *
751 775 alloc_rctlvaltab(void)
752 776 {
753 777 return (calloc(1, sizeof (struct zone_rctlvaltab)));
754 778 }
755 779
756 780 static char *
757 781 rt_to_str(int res_type)
758 782 {
759 783 assert(res_type >= RT_MIN && res_type <= RT_MAX);
760 784 return (res_types[res_type]);
761 785 }
762 786
763 787 static char *
764 788 pt_to_str(int prop_type)
765 789 {
766 790 assert(prop_type >= PT_MIN && prop_type <= PT_MAX);
767 791 return (prop_types[prop_type]);
768 792 }
769 793
770 794 static char *
771 795 pvt_to_str(int pv_type)
772 796 {
773 797 assert(pv_type >= PROP_VAL_MIN && pv_type <= PROP_VAL_MAX);
774 798 return (prop_val_types[pv_type]);
775 799 }
776 800
777 801 static char *
778 802 cmd_to_str(int cmd_num)
779 803 {
780 804 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
781 805 return (helptab[cmd_num].cmd_name);
782 806 }
783 807
784 808 /* PRINTFLIKE1 */
785 809 static void
786 810 zerr(const char *fmt, ...)
787 811 {
788 812 va_list alist;
789 813 static int last_lineno;
790 814
791 815 /* lex_lineno has already been incremented in the lexer; compensate */
792 816 if (cmd_file_mode && lex_lineno > last_lineno) {
793 817 if (strcmp(cmd_file_name, "-") == 0)
794 818 (void) fprintf(stderr, gettext("On line %d:\n"),
795 819 lex_lineno - 1);
796 820 else
797 821 (void) fprintf(stderr, gettext("On line %d of %s:\n"),
798 822 lex_lineno - 1, cmd_file_name);
799 823 last_lineno = lex_lineno;
800 824 }
801 825 va_start(alist, fmt);
802 826 (void) vfprintf(stderr, fmt, alist);
803 827 (void) fprintf(stderr, "\n");
804 828 va_end(alist);
805 829 }
806 830
807 831 /*
808 832 * This is a separate function rather than a set of define's because of the
809 833 * gettext() wrapping.
810 834 */
811 835
812 836 /*
813 837 * TRANSLATION_NOTE
814 838 * Each string below should have \t follow \n whenever needed; the
815 839 * initial \t and the terminal \n will be provided by the calling function.
816 840 */
817 841
818 842 static char *
819 843 long_help(int cmd_num)
820 844 {
821 845 static char line[1024]; /* arbitrary large amount */
822 846
823 847 assert(cmd_num >= CMD_MIN && cmd_num <= CMD_MAX);
824 848 switch (cmd_num) {
825 849 case CMD_HELP:
826 850 return (gettext("Prints help message."));
827 851 case CMD_CREATE:
828 852 (void) snprintf(line, sizeof (line),
829 853 gettext("Creates a configuration for the "
830 854 "specified zone. %s should be\n\tused to "
831 855 "begin configuring a new zone. If overwriting an "
832 856 "existing\n\tconfiguration, the -F flag can be "
833 857 "used to force the action. If\n\t-t template is "
834 858 "given, creates a configuration identical to the\n"
835 859 "\tspecified template, except that the zone name "
836 860 "is changed from\n\ttemplate to zonename. '%s -a' "
837 861 "creates a configuration from a\n\tdetached "
838 862 "zonepath. '%s -b' results in a blank "
839 863 "configuration.\n\t'%s' with no arguments applies "
840 864 "the Sun default settings."),
841 865 cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE),
842 866 cmd_to_str(CMD_CREATE), cmd_to_str(CMD_CREATE));
843 867 return (line);
844 868 case CMD_EXIT:
845 869 return (gettext("Exits the program. The -F flag can "
846 870 "be used to force the action."));
847 871 case CMD_EXPORT:
848 872 return (gettext("Prints configuration to standard "
849 873 "output, or to output-file if\n\tspecified, in "
850 874 "a form suitable for use in a command-file."));
851 875 case CMD_ADD:
852 876 return (gettext("Add specified resource to "
853 877 "configuration."));
854 878 case CMD_DELETE:
855 879 return (gettext("Deletes the specified zone. The -F "
856 880 "flag can be used to force the\n\taction."));
857 881 case CMD_REMOVE:
858 882 return (gettext("Remove specified resource from "
859 883 "configuration. The -F flag can be used\n\tto "
860 884 "force the action."));
861 885 case CMD_SELECT:
862 886 (void) snprintf(line, sizeof (line),
863 887 gettext("Selects a resource to modify. "
864 888 "Resource modification is completed\n\twith the "
865 889 "command \"%s\". The property name/value pairs "
866 890 "must uniquely\n\tidentify a resource. Note that "
867 891 "the curly braces ('{', '}') mean one\n\tor more "
868 892 "of whatever is between them."),
869 893 cmd_to_str(CMD_END));
870 894 return (line);
871 895 case CMD_SET:
872 896 return (gettext("Sets property values."));
873 897 case CMD_CLEAR:
874 898 return (gettext("Clears property values."));
875 899 case CMD_INFO:
876 900 return (gettext("Displays information about the "
877 901 "current configuration. If resource\n\ttype is "
878 902 "specified, displays only information about "
879 903 "resources of\n\tthe relevant type. If resource "
880 904 "id is specified, displays only\n\tinformation "
881 905 "about that resource."));
882 906 case CMD_VERIFY:
883 907 return (gettext("Verifies current configuration "
884 908 "for correctness (some resource types\n\thave "
885 909 "required properties)."));
886 910 case CMD_COMMIT:
887 911 (void) snprintf(line, sizeof (line),
888 912 gettext("Commits current configuration. "
889 913 "Configuration must be committed to\n\tbe used by "
890 914 "%s. Until the configuration is committed, "
891 915 "changes \n\tcan be removed with the %s "
892 916 "command. This operation is\n\tattempted "
893 917 "automatically upon completion of a %s "
894 918 "session."), "zoneadm", cmd_to_str(CMD_REVERT),
895 919 "zonecfg");
896 920 return (line);
897 921 case CMD_REVERT:
898 922 return (gettext("Reverts configuration back to the "
899 923 "last committed state. The -F flag\n\tcan be "
900 924 "used to force the action."));
901 925 case CMD_CANCEL:
902 926 return (gettext("Cancels resource/property "
903 927 "specification."));
904 928 case CMD_END:
905 929 return (gettext("Ends resource/property "
906 930 "specification."));
907 931 }
908 932 /* NOTREACHED */
909 933 return (NULL);
910 934 }
911 935
912 936 /*
913 937 * Return the input filename appended to each component of the path
914 938 * or the filename itself if it is absolute.
915 939 * Parameters: path string, file name, output string.
916 940 */
917 941 /* Copied almost verbatim from libtnfctl/prb_findexec.c */
918 942 static const char *
919 943 exec_cat(const char *s1, const char *s2, char *si)
920 944 {
921 945 char *s;
922 946 /* Number of remaining characters in s */
923 947 int cnt = PATH_MAX + 1;
924 948
925 949 s = si;
926 950 while (*s1 && *s1 != ':') { /* Copy first component of path to si */
927 951 if (cnt > 0) {
928 952 *s++ = *s1++;
929 953 cnt--;
930 954 } else {
931 955 s1++;
932 956 }
933 957 }
934 958 if (si != s && cnt > 0) { /* Add slash if s2 is not absolute */
935 959 *s++ = '/';
936 960 cnt--;
937 961 }
938 962 while (*s2 && cnt > 0) { /* Copy s2 to si */
939 963 *s++ = *s2++;
940 964 cnt--;
941 965 }
942 966 *s = '\0'; /* Terminate the output string */
943 967 return (*s1 ? ++s1 : NULL); /* Return next path component or NULL */
944 968 }
945 969
946 970 /* Determine that a name exists in PATH */
947 971 /* Copied with changes from libtnfctl/prb_findexec.c */
948 972 static int
949 973 path_find(const char *name)
950 974 {
951 975 const char *pathstr;
952 976 char fname[PATH_MAX + 2];
953 977 const char *cp;
954 978 struct stat stat_buf;
955 979
956 980 if ((pathstr = getenv("PATH")) == NULL) {
957 981 if (geteuid() == 0 || getuid() == 0)
958 982 pathstr = "/usr/sbin:/usr/bin";
959 983 else
960 984 pathstr = "/usr/bin:";
961 985 }
962 986 cp = strchr(name, '/') ? (const char *) "" : pathstr;
963 987
964 988 do {
965 989 cp = exec_cat(cp, name, fname);
|
↓ open down ↓ |
295 lines elided |
↑ open up ↑ |
966 990 if (stat(fname, &stat_buf) != -1) {
967 991 /* successful find of the file */
968 992 return (0);
969 993 }
970 994 } while (cp != NULL);
971 995
972 996 return (-1);
973 997 }
974 998
975 999 static FILE *
976 -pager_open(void) {
1000 +pager_open(void)
1001 +{
977 1002 FILE *newfp;
978 1003 char *pager, *space;
979 1004
980 1005 pager = getenv("PAGER");
981 1006 if (pager == NULL || *pager == '\0')
982 1007 pager = PAGER;
983 1008
984 1009 space = strchr(pager, ' ');
985 1010 if (space)
986 1011 *space = '\0';
987 1012 if (path_find(pager) == 0) {
988 1013 if (space)
989 1014 *space = ' ';
990 1015 if ((newfp = popen(pager, "w")) == NULL)
991 1016 zerr(gettext("PAGER open failed (%s)."),
|
↓ open down ↓ |
5 lines elided |
↑ open up ↑ |
992 1017 strerror(errno));
993 1018 return (newfp);
994 1019 } else {
995 1020 zerr(gettext("PAGER %s does not exist (%s)."),
996 1021 pager, strerror(errno));
997 1022 }
998 1023 return (NULL);
999 1024 }
1000 1025
1001 1026 static void
1002 -pager_close(FILE *fp) {
1027 +pager_close(FILE *fp)
1028 +{
1003 1029 int status;
1004 1030
1005 1031 status = pclose(fp);
1006 1032 if (status == -1)
1007 1033 zerr(gettext("PAGER close failed (%s)."),
1008 1034 strerror(errno));
1009 1035 }
1010 1036
1011 1037 /*
1012 1038 * Called with verbose TRUE when help is explicitly requested, FALSE for
1013 1039 * unexpected errors.
1014 1040 */
1015 1041
1016 1042 void
1017 1043 usage(boolean_t verbose, uint_t flags)
1018 1044 {
1019 1045 FILE *fp = verbose ? stdout : stderr;
1020 1046 FILE *newfp;
1021 1047 boolean_t need_to_close = B_FALSE;
1022 1048 int i;
1023 1049
1024 1050 /* don't page error output */
1025 1051 if (verbose && interactive_mode) {
1026 1052 if ((newfp = pager_open()) != NULL) {
1027 1053 need_to_close = B_TRUE;
1028 1054 fp = newfp;
1029 1055 }
1030 1056 }
1031 1057
1032 1058 if (flags & HELP_META) {
1033 1059 (void) fprintf(fp, gettext("More help is available for the "
1034 1060 "following:\n"));
1035 1061 (void) fprintf(fp, "\n\tcommands ('%s commands')\n",
1036 1062 cmd_to_str(CMD_HELP));
1037 1063 (void) fprintf(fp, "\tsyntax ('%s syntax')\n",
1038 1064 cmd_to_str(CMD_HELP));
1039 1065 (void) fprintf(fp, "\tusage ('%s usage')\n\n",
1040 1066 cmd_to_str(CMD_HELP));
1041 1067 (void) fprintf(fp, gettext("You may also obtain help on any "
1042 1068 "command by typing '%s <command-name>.'\n"),
1043 1069 cmd_to_str(CMD_HELP));
1044 1070 }
1045 1071 if (flags & HELP_RES_SCOPE) {
1046 1072 switch (resource_scope) {
1047 1073 case RT_FS:
1048 1074 (void) fprintf(fp, gettext("The '%s' resource scope is "
1049 1075 "used to configure a file-system.\n"),
1050 1076 rt_to_str(resource_scope));
1051 1077 (void) fprintf(fp, gettext("Valid commands:\n"));
1052 1078 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1053 1079 pt_to_str(PT_DIR), gettext("<path>"));
1054 1080 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1055 1081 pt_to_str(PT_SPECIAL), gettext("<path>"));
1056 1082 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1057 1083 pt_to_str(PT_RAW), gettext("<raw-device>"));
1058 1084 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1059 1085 pt_to_str(PT_TYPE), gettext("<file-system type>"));
1060 1086 (void) fprintf(fp, "\t%s %s %s\n", cmd_to_str(CMD_ADD),
1061 1087 pt_to_str(PT_OPTIONS),
1062 1088 gettext("<file-system options>"));
1063 1089 (void) fprintf(fp, "\t%s %s %s\n",
1064 1090 cmd_to_str(CMD_REMOVE), pt_to_str(PT_OPTIONS),
1065 1091 gettext("<file-system options>"));
1066 1092 (void) fprintf(fp, gettext("Consult the file-system "
1067 1093 "specific manual page, such as mount_ufs(1M), "
1068 1094 "for\ndetails about file-system options. Note "
1069 1095 "that any file-system options with an\nembedded "
1070 1096 "'=' character must be enclosed in double quotes, "
1071 1097 /*CSTYLED*/
1072 1098 "such as \"%s=5\".\n"), MNTOPT_RETRY);
1073 1099 break;
1074 1100 case RT_NET:
1075 1101 (void) fprintf(fp, gettext("The '%s' resource scope is "
1076 1102 "used to configure a network interface.\n"),
1077 1103 rt_to_str(resource_scope));
1078 1104 (void) fprintf(fp, gettext("Valid commands:\n"));
1079 1105 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1080 1106 pt_to_str(PT_ADDRESS), gettext("<IP-address>"));
1081 1107 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1082 1108 pt_to_str(PT_ALLOWED_ADDRESS),
1083 1109 gettext("<IP-address>"));
1084 1110 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1085 1111 pt_to_str(PT_PHYSICAL), gettext("<interface>"));
1086 1112 (void) fprintf(fp, gettext("See ifconfig(1M) for "
1087 1113 "details of the <interface> string.\n"));
1088 1114 (void) fprintf(fp, gettext("%s %s is valid "
1089 1115 "if the %s property is set to %s, otherwise it "
1090 1116 "must not be set.\n"),
1091 1117 cmd_to_str(CMD_SET), pt_to_str(PT_ADDRESS),
1092 1118 pt_to_str(PT_IPTYPE), gettext("shared"));
1093 1119 (void) fprintf(fp, gettext("%s %s is valid "
1094 1120 "if the %s property is set to %s, otherwise it "
1095 1121 "must not be set.\n"),
1096 1122 cmd_to_str(CMD_SET), pt_to_str(PT_ALLOWED_ADDRESS),
1097 1123 pt_to_str(PT_IPTYPE), gettext("exclusive"));
1098 1124 (void) fprintf(fp, gettext("\t%s %s=%s\n%s %s "
1099 1125 "is valid if the %s or %s property is set, "
1100 1126 "otherwise it must not be set\n"),
1101 1127 cmd_to_str(CMD_SET),
1102 1128 pt_to_str(PT_DEFROUTER), gettext("<IP-address>"),
1103 1129 cmd_to_str(CMD_SET), pt_to_str(PT_DEFROUTER),
1104 1130 gettext(pt_to_str(PT_ADDRESS)),
1105 1131 gettext(pt_to_str(PT_ALLOWED_ADDRESS)));
1106 1132 break;
1107 1133 case RT_DEVICE:
1108 1134 (void) fprintf(fp, gettext("The '%s' resource scope is "
1109 1135 "used to configure a device node.\n"),
1110 1136 rt_to_str(resource_scope));
1111 1137 (void) fprintf(fp, gettext("Valid commands:\n"));
1112 1138 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1113 1139 pt_to_str(PT_MATCH), gettext("<device-path>"));
1114 1140 break;
1115 1141 case RT_RCTL:
1116 1142 (void) fprintf(fp, gettext("The '%s' resource scope is "
1117 1143 "used to configure a resource control.\n"),
1118 1144 rt_to_str(resource_scope));
1119 1145 (void) fprintf(fp, gettext("Valid commands:\n"));
1120 1146 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1121 1147 pt_to_str(PT_NAME), gettext("<string>"));
1122 1148 (void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1123 1149 cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
1124 1150 pt_to_str(PT_PRIV), gettext("<priv-value>"),
1125 1151 pt_to_str(PT_LIMIT), gettext("<number>"),
1126 1152 pt_to_str(PT_ACTION), gettext("<action-value>"));
1127 1153 (void) fprintf(fp, "\t%s %s (%s=%s,%s=%s,%s=%s)\n",
1128 1154 cmd_to_str(CMD_REMOVE), pt_to_str(PT_VALUE),
1129 1155 pt_to_str(PT_PRIV), gettext("<priv-value>"),
1130 1156 pt_to_str(PT_LIMIT), gettext("<number>"),
1131 1157 pt_to_str(PT_ACTION), gettext("<action-value>"));
1132 1158 (void) fprintf(fp, "%s\n\t%s := privileged\n"
1133 1159 "\t%s := none | deny\n", gettext("Where"),
1134 1160 gettext("<priv-value>"), gettext("<action-value>"));
1135 1161 break;
1136 1162 case RT_ATTR:
1137 1163 (void) fprintf(fp, gettext("The '%s' resource scope is "
1138 1164 "used to configure a generic attribute.\n"),
1139 1165 rt_to_str(resource_scope));
1140 1166 (void) fprintf(fp, gettext("Valid commands:\n"));
1141 1167 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1142 1168 pt_to_str(PT_NAME), gettext("<name>"));
1143 1169 (void) fprintf(fp, "\t%s %s=boolean\n",
1144 1170 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1145 1171 (void) fprintf(fp, "\t%s %s=true | false\n",
1146 1172 cmd_to_str(CMD_SET), pt_to_str(PT_VALUE));
1147 1173 (void) fprintf(fp, gettext("or\n"));
1148 1174 (void) fprintf(fp, "\t%s %s=int\n", cmd_to_str(CMD_SET),
1149 1175 pt_to_str(PT_TYPE));
1150 1176 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1151 1177 pt_to_str(PT_VALUE), gettext("<integer>"));
1152 1178 (void) fprintf(fp, gettext("or\n"));
1153 1179 (void) fprintf(fp, "\t%s %s=string\n",
1154 1180 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1155 1181 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1156 1182 pt_to_str(PT_VALUE), gettext("<string>"));
1157 1183 (void) fprintf(fp, gettext("or\n"));
1158 1184 (void) fprintf(fp, "\t%s %s=uint\n",
1159 1185 cmd_to_str(CMD_SET), pt_to_str(PT_TYPE));
1160 1186 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1161 1187 pt_to_str(PT_VALUE), gettext("<unsigned integer>"));
1162 1188 break;
1163 1189 case RT_DATASET:
1164 1190 (void) fprintf(fp, gettext("The '%s' resource scope is "
1165 1191 "used to export ZFS datasets.\n"),
1166 1192 rt_to_str(resource_scope));
1167 1193 (void) fprintf(fp, gettext("Valid commands:\n"));
1168 1194 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1169 1195 pt_to_str(PT_NAME), gettext("<name>"));
1170 1196 break;
1171 1197 case RT_DCPU:
1172 1198 (void) fprintf(fp, gettext("The '%s' resource scope "
1173 1199 "configures the 'pools' facility to dedicate\na "
1174 1200 "subset of the system's processors to this zone "
1175 1201 "while it is running.\n"),
1176 1202 rt_to_str(resource_scope));
1177 1203 (void) fprintf(fp, gettext("Valid commands:\n"));
1178 1204 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1179 1205 pt_to_str(PT_NCPUS),
1180 1206 gettext("<unsigned integer | range>"));
1181 1207 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1182 1208 pt_to_str(PT_IMPORTANCE),
1183 1209 gettext("<unsigned integer>"));
1184 1210 break;
1185 1211 case RT_PCAP:
1186 1212 (void) fprintf(fp, gettext("The '%s' resource scope is "
1187 1213 "used to set an upper limit (a cap) on the\n"
1188 1214 "percentage of CPU that can be used by this zone. "
1189 1215 "A '%s' value of 1\ncorresponds to one cpu. The "
1190 1216 "value can be set higher than 1, up to the total\n"
1191 1217 "number of CPUs on the system. The value can "
1192 1218 "also be less than 1,\nrepresenting a fraction of "
1193 1219 "a cpu.\n"),
1194 1220 rt_to_str(resource_scope), pt_to_str(PT_NCPUS));
1195 1221 (void) fprintf(fp, gettext("Valid commands:\n"));
1196 1222 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1197 1223 pt_to_str(PT_NCPUS), gettext("<unsigned decimal>"));
1198 1224 break;
1199 1225 case RT_MCAP:
1200 1226 (void) fprintf(fp, gettext("The '%s' resource scope is "
1201 1227 "used to set an upper limit (a cap) on the\n"
1202 1228 "amount of physical memory, swap space and locked "
1203 1229 "memory that can be used by\nthis zone.\n"),
1204 1230 rt_to_str(resource_scope));
1205 1231 (void) fprintf(fp, gettext("Valid commands:\n"));
1206 1232 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1207 1233 pt_to_str(PT_PHYSICAL),
1208 1234 gettext("<qualified unsigned decimal>"));
1209 1235 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1210 1236 pt_to_str(PT_SWAP),
1211 1237 gettext("<qualified unsigned decimal>"));
1212 1238 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1213 1239 pt_to_str(PT_LOCKED),
1214 1240 gettext("<qualified unsigned decimal>"));
1215 1241 break;
1216 1242 case RT_ADMIN:
1217 1243 (void) fprintf(fp, gettext("The '%s' resource scope is "
1218 1244 "used to delegate specific zone management\n"
1219 1245 "rights to users and roles. These rights are "
|
↓ open down ↓ |
207 lines elided |
↑ open up ↑ |
1220 1246 "only applicable to this zone.\n"),
1221 1247 rt_to_str(resource_scope));
1222 1248 (void) fprintf(fp, gettext("Valid commands:\n"));
1223 1249 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1224 1250 pt_to_str(PT_USER),
1225 1251 gettext("<single user or role name>"));
1226 1252 (void) fprintf(fp, "\t%s %s=%s\n", cmd_to_str(CMD_SET),
1227 1253 pt_to_str(PT_AUTHS),
1228 1254 gettext("<comma separated list>"));
1229 1255 break;
1256 + case RT_SECFLAGS:
1257 + (void) fprintf(fp, gettext("The '%s' resource scope is "
1258 + "used to specify the default security-flags\n"
1259 + "of this zone, and their upper and lower bound.\n"),
1260 + rt_to_str(resource_scope));
1261 + (void) fprintf(fp, "\t%s %s=%s\n",
1262 + cmd_to_str(CMD_SET), pt_to_str(PT_DEFAULT),
1263 + gettext("<security flags>"));
1264 + (void) fprintf(fp, "\t%s %s=%s\n",
1265 + cmd_to_str(CMD_SET), pt_to_str(PT_LOWER),
1266 + gettext("<security flags>"));
1267 + (void) fprintf(fp, "\t%s %s=%s\n",
1268 + cmd_to_str(CMD_SET), pt_to_str(PT_UPPER),
1269 + gettext("<security flags>"));
1270 + break;
1230 1271 }
1231 1272 (void) fprintf(fp, gettext("And from any resource scope, you "
1232 1273 "can:\n"));
1233 1274 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_END),
1234 1275 gettext("(to conclude this operation)"));
1235 1276 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_CANCEL),
1236 1277 gettext("(to cancel this operation)"));
1237 1278 (void) fprintf(fp, "\t%s\t%s\n", cmd_to_str(CMD_EXIT),
1238 1279 gettext("(to exit the zonecfg utility)"));
1239 1280 }
1240 1281 if (flags & HELP_USAGE) {
1241 1282 (void) fprintf(fp, "%s:\t%s %s\n", gettext("usage"),
1242 1283 execname, cmd_to_str(CMD_HELP));
1243 1284 (void) fprintf(fp, "\t%s -z <zone>\t\t\t(%s)\n",
1244 1285 execname, gettext("interactive"));
1245 1286 (void) fprintf(fp, "\t%s -z <zone> <command>\n", execname);
1246 1287 (void) fprintf(fp, "\t%s -z <zone> -f <command-file>\n",
1247 1288 execname);
1248 1289 }
1249 1290 if (flags & HELP_SUBCMDS) {
1250 1291 (void) fprintf(fp, "%s:\n\n", gettext("Commands"));
1251 1292 for (i = 0; i <= CMD_MAX; i++) {
1252 1293 (void) fprintf(fp, "%s\n", helptab[i].short_usage);
1253 1294 if (verbose)
1254 1295 (void) fprintf(fp, "\t%s\n\n", long_help(i));
1255 1296 }
1256 1297 }
1257 1298 if (flags & HELP_SYNTAX) {
1258 1299 if (!verbose)
1259 1300 (void) fprintf(fp, "\n");
1260 1301 (void) fprintf(fp, "<zone> := [A-Za-z0-9][A-Za-z0-9_.-]*\n");
1261 1302 (void) fprintf(fp, gettext("\t(except the reserved words "
1262 1303 "'%s' and anything starting with '%s')\n"), "global",
1263 1304 "SUNW");
1264 1305 (void) fprintf(fp,
1265 1306 gettext("\tName must be less than %d characters.\n"),
1266 1307 ZONENAME_MAX);
1267 1308 if (verbose)
1268 1309 (void) fprintf(fp, "\n");
1269 1310 }
1270 1311 if (flags & HELP_NETADDR) {
1271 1312 (void) fprintf(fp, gettext("\n<net-addr> :="));
1272 1313 (void) fprintf(fp,
1273 1314 gettext("\t<IPv4-address>[/<IPv4-prefix-length>] |\n"));
1274 1315 (void) fprintf(fp,
1275 1316 gettext("\t\t<IPv6-address>/<IPv6-prefix-length> |\n"));
1276 1317 (void) fprintf(fp,
1277 1318 gettext("\t\t<hostname>[/<IPv4-prefix-length>]\n"));
1278 1319 (void) fprintf(fp, gettext("See inet(3SOCKET) for IPv4 and "
1279 1320 "IPv6 address syntax.\n"));
1280 1321 (void) fprintf(fp, gettext("<IPv4-prefix-length> := [0-32]\n"));
1281 1322 (void) fprintf(fp,
1282 1323 gettext("<IPv6-prefix-length> := [0-128]\n"));
1283 1324 (void) fprintf(fp,
|
↓ open down ↓ |
44 lines elided |
↑ open up ↑ |
1284 1325 gettext("<hostname> := [A-Za-z0-9][A-Za-z0-9-.]*\n"));
1285 1326 }
1286 1327 if (flags & HELP_RESOURCES) {
1287 1328 (void) fprintf(fp, "<%s> := %s | %s | %s | %s | %s |\n\t"
1288 1329 "%s | %s | %s | %s | %s\n\n",
1289 1330 gettext("resource type"), rt_to_str(RT_FS),
1290 1331 rt_to_str(RT_NET), rt_to_str(RT_DEVICE),
1291 1332 rt_to_str(RT_RCTL), rt_to_str(RT_ATTR),
1292 1333 rt_to_str(RT_DATASET), rt_to_str(RT_DCPU),
1293 1334 rt_to_str(RT_PCAP), rt_to_str(RT_MCAP),
1294 - rt_to_str(RT_ADMIN));
1335 + rt_to_str(RT_ADMIN), rt_to_str(RT_SECFLAGS));
1295 1336 }
1296 1337 if (flags & HELP_PROPS) {
1297 1338 (void) fprintf(fp, gettext("For resource type ... there are "
1298 1339 "property types ...:\n"));
1299 1340 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1300 1341 pt_to_str(PT_ZONENAME));
1301 1342 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1302 1343 pt_to_str(PT_ZONEPATH));
1303 1344 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1304 1345 pt_to_str(PT_BRAND));
1305 1346 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1306 1347 pt_to_str(PT_AUTOBOOT));
1307 1348 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1308 1349 pt_to_str(PT_BOOTARGS));
1309 1350 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1310 1351 pt_to_str(PT_POOL));
1311 1352 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1312 1353 pt_to_str(PT_LIMITPRIV));
1313 1354 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1314 1355 pt_to_str(PT_SCHED));
1315 1356 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1316 1357 pt_to_str(PT_IPTYPE));
1317 1358 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1318 1359 pt_to_str(PT_HOSTID));
1319 1360 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1320 1361 pt_to_str(PT_FS_ALLOWED));
1321 1362 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1322 1363 pt_to_str(PT_MAXLWPS));
1323 1364 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1324 1365 pt_to_str(PT_MAXPROCS));
1325 1366 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1326 1367 pt_to_str(PT_MAXSHMMEM));
1327 1368 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1328 1369 pt_to_str(PT_MAXSHMIDS));
1329 1370 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1330 1371 pt_to_str(PT_MAXMSGIDS));
1331 1372 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1332 1373 pt_to_str(PT_MAXSEMIDS));
1333 1374 (void) fprintf(fp, "\t%s\t%s\n", gettext("(global)"),
1334 1375 pt_to_str(PT_SHARES));
1335 1376 (void) fprintf(fp, "\t%s\t\t%s, %s, %s, %s, %s\n",
1336 1377 rt_to_str(RT_FS), pt_to_str(PT_DIR),
1337 1378 pt_to_str(PT_SPECIAL), pt_to_str(PT_RAW),
1338 1379 pt_to_str(PT_TYPE), pt_to_str(PT_OPTIONS));
1339 1380 (void) fprintf(fp, "\t%s\t\t%s, %s, %s|%s\n", rt_to_str(RT_NET),
1340 1381 pt_to_str(PT_ADDRESS), pt_to_str(PT_ALLOWED_ADDRESS),
1341 1382 pt_to_str(PT_PHYSICAL), pt_to_str(PT_DEFROUTER));
1342 1383 (void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DEVICE),
1343 1384 pt_to_str(PT_MATCH));
1344 1385 (void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_RCTL),
1345 1386 pt_to_str(PT_NAME), pt_to_str(PT_VALUE));
1346 1387 (void) fprintf(fp, "\t%s\t\t%s, %s, %s\n", rt_to_str(RT_ATTR),
1347 1388 pt_to_str(PT_NAME), pt_to_str(PT_TYPE),
1348 1389 pt_to_str(PT_VALUE));
1349 1390 (void) fprintf(fp, "\t%s\t\t%s\n", rt_to_str(RT_DATASET),
|
↓ open down ↓ |
45 lines elided |
↑ open up ↑ |
1350 1391 pt_to_str(PT_NAME));
1351 1392 (void) fprintf(fp, "\t%s\t%s, %s\n", rt_to_str(RT_DCPU),
1352 1393 pt_to_str(PT_NCPUS), pt_to_str(PT_IMPORTANCE));
1353 1394 (void) fprintf(fp, "\t%s\t%s\n", rt_to_str(RT_PCAP),
1354 1395 pt_to_str(PT_NCPUS));
1355 1396 (void) fprintf(fp, "\t%s\t%s, %s, %s\n", rt_to_str(RT_MCAP),
1356 1397 pt_to_str(PT_PHYSICAL), pt_to_str(PT_SWAP),
1357 1398 pt_to_str(PT_LOCKED));
1358 1399 (void) fprintf(fp, "\t%s\t\t%s, %s\n", rt_to_str(RT_ADMIN),
1359 1400 pt_to_str(PT_USER), pt_to_str(PT_AUTHS));
1401 + (void) fprintf(fp, "\t%s\t\t%s, %s, %s\n",
1402 + rt_to_str(RT_SECFLAGS), pt_to_str(PT_DEFAULT),
1403 + pt_to_str(PT_LOWER), pt_to_str(PT_UPPER));
1360 1404 }
1361 1405 if (need_to_close)
1362 1406 (void) pager_close(fp);
1363 1407 }
1364 1408
1365 1409 static void
1366 1410 zone_perror(char *prefix, int err, boolean_t set_saw)
1367 1411 {
1368 1412 zerr("%s: %s", prefix, zonecfg_strerror(err));
1369 1413 if (set_saw)
1370 1414 saw_error = B_TRUE;
1371 1415 }
1372 1416
1373 1417 /*
1374 1418 * zone_perror() expects a single string, but for remove and select
1375 1419 * we have both the command and the resource type, so this wrapper
1376 1420 * function serves the same purpose in a slightly different way.
1377 1421 */
1378 1422
1379 1423 static void
1380 1424 z_cmd_rt_perror(int cmd_num, int res_num, int err, boolean_t set_saw)
1381 1425 {
1382 1426 zerr("%s %s: %s", cmd_to_str(cmd_num), rt_to_str(res_num),
1383 1427 zonecfg_strerror(err));
1384 1428 if (set_saw)
1385 1429 saw_error = B_TRUE;
1386 1430 }
1387 1431
1388 1432 /* returns Z_OK if successful, Z_foo from <libzonecfg.h> otherwise */
1389 1433 static int
1390 1434 initialize(boolean_t handle_expected)
1391 1435 {
1392 1436 int err;
1393 1437 char brandname[MAXNAMELEN];
1394 1438
1395 1439 if (zonecfg_check_handle(handle) != Z_OK) {
1396 1440 if ((err = zonecfg_get_handle(zone, handle)) == Z_OK) {
1397 1441 got_handle = B_TRUE;
1398 1442 if (zonecfg_get_brand(handle, brandname,
1399 1443 sizeof (brandname)) != Z_OK) {
1400 1444 zerr("Zone %s is inconsistent: missing "
1401 1445 "brand attribute", zone);
1402 1446 exit(Z_ERR);
1403 1447 }
1404 1448 if ((brand = brand_open(brandname)) == NULL) {
1405 1449 zerr("Zone %s uses non-existent brand \"%s\"."
1406 1450 " Unable to continue", zone, brandname);
1407 1451 exit(Z_ERR);
1408 1452 }
1409 1453 /*
1410 1454 * If the user_attr file is newer than
1411 1455 * the zone config file, the admins
1412 1456 * may need to be updated since the
1413 1457 * RBAC files are authoritative for
1414 1458 * authorization checks.
1415 1459 */
1416 1460 err = zonecfg_update_userauths(handle, zone);
1417 1461 if (err == Z_OK) {
1418 1462 zerr(gettext("The administrative rights "
1419 1463 "were updated to match "
1420 1464 "the current RBAC configuration.\n"
1421 1465 "Use \"info admin\" and \"revert\" to "
1422 1466 "compare with the previous settings."));
1423 1467 need_to_commit = B_TRUE;
1424 1468 } else if (err != Z_NO_ENTRY) {
1425 1469 zerr(gettext("failed to update "
1426 1470 "admin rights."));
1427 1471 exit(Z_ERR);
1428 1472 } else if (need_to_commit) {
1429 1473 zerr(gettext("admin rights were updated "
1430 1474 "to match RBAC configuration."));
1431 1475 }
1432 1476
1433 1477 } else if (global_zone && err == Z_NO_ZONE && !got_handle &&
1434 1478 !read_only_mode) {
1435 1479 /*
1436 1480 * We implicitly create the global zone config if it
1437 1481 * doesn't exist.
1438 1482 */
1439 1483 zone_dochandle_t tmphandle;
1440 1484
1441 1485 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1442 1486 zone_perror(execname, Z_NOMEM, B_TRUE);
1443 1487 exit(Z_ERR);
1444 1488 }
1445 1489
1446 1490 err = zonecfg_get_template_handle("SUNWblank", zone,
1447 1491 tmphandle);
1448 1492
1449 1493 if (err != Z_OK) {
1450 1494 zonecfg_fini_handle(tmphandle);
1451 1495 zone_perror("SUNWblank", err, B_TRUE);
1452 1496 return (err);
1453 1497 }
1454 1498
1455 1499 need_to_commit = B_TRUE;
1456 1500 zonecfg_fini_handle(handle);
1457 1501 handle = tmphandle;
1458 1502 got_handle = B_TRUE;
1459 1503
1460 1504 } else {
1461 1505 zone_perror(zone, err, handle_expected || got_handle);
1462 1506 if (err == Z_NO_ZONE && !got_handle &&
1463 1507 interactive_mode && !read_only_mode)
1464 1508 (void) printf(gettext("Use '%s' to begin "
1465 1509 "configuring a new zone.\n"),
1466 1510 cmd_to_str(CMD_CREATE));
1467 1511 return (err);
1468 1512 }
1469 1513 }
1470 1514 return (Z_OK);
1471 1515 }
1472 1516
1473 1517 static boolean_t
1474 1518 state_atleast(zone_state_t state)
1475 1519 {
1476 1520 zone_state_t state_num;
1477 1521 int err;
1478 1522
1479 1523 if ((err = zone_get_state(zone, &state_num)) != Z_OK) {
1480 1524 /* all states are greater than "non-existent" */
1481 1525 if (err == Z_NO_ZONE)
1482 1526 return (B_FALSE);
1483 1527 zerr(gettext("Unexpectedly failed to determine state "
1484 1528 "of zone %s: %s"), zone, zonecfg_strerror(err));
1485 1529 exit(Z_ERR);
1486 1530 }
1487 1531 return (state_num >= state);
1488 1532 }
1489 1533
1490 1534 /*
1491 1535 * short_usage() is for bad syntax: getopt() issues, too many arguments, etc.
1492 1536 */
1493 1537
1494 1538 void
1495 1539 short_usage(int command)
1496 1540 {
1497 1541 /* lex_lineno has already been incremented in the lexer; compensate */
1498 1542 if (cmd_file_mode) {
1499 1543 if (strcmp(cmd_file_name, "-") == 0)
1500 1544 (void) fprintf(stderr,
1501 1545 gettext("syntax error on line %d\n"),
1502 1546 lex_lineno - 1);
1503 1547 else
1504 1548 (void) fprintf(stderr,
1505 1549 gettext("syntax error on line %d of %s\n"),
1506 1550 lex_lineno - 1, cmd_file_name);
1507 1551 }
1508 1552 (void) fprintf(stderr, "%s:\n%s\n", gettext("usage"),
1509 1553 helptab[command].short_usage);
1510 1554 saw_error = B_TRUE;
1511 1555 }
1512 1556
1513 1557 /*
1514 1558 * long_usage() is for bad semantics: e.g., wrong property type for a given
1515 1559 * resource type. It is also used by longer_usage() below.
1516 1560 */
1517 1561
1518 1562 void
1519 1563 long_usage(uint_t cmd_num, boolean_t set_saw)
1520 1564 {
1521 1565 (void) fprintf(set_saw ? stderr : stdout, "%s:\n%s\n", gettext("usage"),
1522 1566 helptab[cmd_num].short_usage);
1523 1567 (void) fprintf(set_saw ? stderr : stdout, "\t%s\n", long_help(cmd_num));
1524 1568 if (set_saw)
1525 1569 saw_error = B_TRUE;
1526 1570 }
1527 1571
1528 1572 /*
1529 1573 * longer_usage() is for 'help foo' and 'foo -?': call long_usage() and also
1530 1574 * any extra usage() flags as appropriate for whatever command.
1531 1575 */
1532 1576
1533 1577 void
1534 1578 longer_usage(uint_t cmd_num)
1535 1579 {
1536 1580 long_usage(cmd_num, B_FALSE);
1537 1581 if (helptab[cmd_num].flags != 0) {
1538 1582 (void) printf("\n");
1539 1583 usage(B_TRUE, helptab[cmd_num].flags);
1540 1584 }
1541 1585 }
1542 1586
1543 1587 /*
1544 1588 * scope_usage() is simply used when a command is called from the wrong scope.
1545 1589 */
1546 1590
1547 1591 static void
1548 1592 scope_usage(uint_t cmd_num)
1549 1593 {
1550 1594 zerr(gettext("The %s command only makes sense in the %s scope."),
1551 1595 cmd_to_str(cmd_num),
1552 1596 global_scope ? gettext("resource") : gettext("global"));
1553 1597 saw_error = B_TRUE;
1554 1598 }
1555 1599
1556 1600 /*
1557 1601 * On input, B_TRUE => yes, B_FALSE => no.
1558 1602 * On return, B_TRUE => 1, B_FALSE => no, could not ask => -1.
1559 1603 */
1560 1604
1561 1605 static int
1562 1606 ask_yesno(boolean_t default_answer, const char *question)
1563 1607 {
1564 1608 char line[64]; /* should be enough to answer yes or no */
1565 1609
1566 1610 if (!ok_to_prompt) {
1567 1611 saw_error = B_TRUE;
1568 1612 return (-1);
1569 1613 }
1570 1614 for (;;) {
1571 1615 if (printf("%s (%s)? ", question,
1572 1616 default_answer ? "[y]/n" : "y/[n]") < 0)
1573 1617 return (-1);
1574 1618 if (fgets(line, sizeof (line), stdin) == NULL)
1575 1619 return (-1);
1576 1620
1577 1621 if (line[0] == '\n')
1578 1622 return (default_answer ? 1 : 0);
1579 1623 if (tolower(line[0]) == 'y')
1580 1624 return (1);
1581 1625 if (tolower(line[0]) == 'n')
1582 1626 return (0);
1583 1627 }
1584 1628 }
1585 1629
1586 1630 /*
1587 1631 * Prints warning if zone already exists.
1588 1632 * In interactive mode, prompts if we should continue anyway and returns Z_OK
1589 1633 * if so, Z_ERR if not. In non-interactive mode, exits with Z_ERR.
1590 1634 *
1591 1635 * Note that if a zone exists and its state is >= INSTALLED, an error message
1592 1636 * will be printed and this function will return Z_ERR regardless of mode.
1593 1637 */
1594 1638
1595 1639 static int
1596 1640 check_if_zone_already_exists(boolean_t force)
1597 1641 {
1598 1642 char line[ZONENAME_MAX + 128]; /* enough to ask a question */
1599 1643 zone_dochandle_t tmphandle;
1600 1644 int res, answer;
1601 1645
1602 1646 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1603 1647 zone_perror(execname, Z_NOMEM, B_TRUE);
1604 1648 exit(Z_ERR);
1605 1649 }
1606 1650 res = zonecfg_get_handle(zone, tmphandle);
1607 1651 zonecfg_fini_handle(tmphandle);
1608 1652 if (res != Z_OK)
1609 1653 return (Z_OK);
1610 1654
1611 1655 if (state_atleast(ZONE_STATE_INSTALLED)) {
1612 1656 zerr(gettext("Zone %s already installed; %s not allowed."),
1613 1657 zone, cmd_to_str(CMD_CREATE));
1614 1658 return (Z_ERR);
1615 1659 }
1616 1660
1617 1661 if (force) {
1618 1662 (void) printf(gettext("Zone %s already exists; overwriting.\n"),
1619 1663 zone);
1620 1664 return (Z_OK);
1621 1665 }
1622 1666 (void) snprintf(line, sizeof (line),
1623 1667 gettext("Zone %s already exists; %s anyway"), zone,
1624 1668 cmd_to_str(CMD_CREATE));
1625 1669 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
1626 1670 zerr(gettext("Zone exists, input not from terminal and -F not "
1627 1671 "specified:\n%s command ignored, exiting."),
1628 1672 cmd_to_str(CMD_CREATE));
1629 1673 exit(Z_ERR);
1630 1674 }
1631 1675 return (answer == 1 ? Z_OK : Z_ERR);
1632 1676 }
1633 1677
1634 1678 static boolean_t
1635 1679 zone_is_read_only(int cmd_num)
1636 1680 {
1637 1681 if (strncmp(zone, "SUNW", 4) == 0) {
1638 1682 zerr(gettext("%s: zones beginning with SUNW are read-only."),
1639 1683 zone);
1640 1684 saw_error = B_TRUE;
1641 1685 return (B_TRUE);
1642 1686 }
1643 1687 if (read_only_mode) {
1644 1688 zerr(gettext("%s: cannot %s in read-only mode."), zone,
1645 1689 cmd_to_str(cmd_num));
1646 1690 saw_error = B_TRUE;
1647 1691 return (B_TRUE);
1648 1692 }
1649 1693 return (B_FALSE);
1650 1694 }
1651 1695
1652 1696 /*
1653 1697 * Create a new configuration.
1654 1698 */
1655 1699 void
1656 1700 create_func(cmd_t *cmd)
1657 1701 {
1658 1702 int err, arg;
1659 1703 char zone_template[ZONENAME_MAX];
1660 1704 char attach_path[MAXPATHLEN];
1661 1705 zone_dochandle_t tmphandle;
1662 1706 boolean_t force = B_FALSE;
1663 1707 boolean_t attach = B_FALSE;
1664 1708 boolean_t arg_err = B_FALSE;
1665 1709
1666 1710 assert(cmd != NULL);
1667 1711
1668 1712 /* This is the default if no arguments are given. */
1669 1713 (void) strlcpy(zone_template, "SUNWdefault", sizeof (zone_template));
1670 1714
1671 1715 optind = 0;
1672 1716 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?a:bFt:"))
1673 1717 != EOF) {
1674 1718 switch (arg) {
1675 1719 case '?':
1676 1720 if (optopt == '?')
1677 1721 longer_usage(CMD_CREATE);
1678 1722 else
1679 1723 short_usage(CMD_CREATE);
1680 1724 arg_err = B_TRUE;
1681 1725 break;
1682 1726 case 'a':
1683 1727 (void) strlcpy(attach_path, optarg,
1684 1728 sizeof (attach_path));
1685 1729 attach = B_TRUE;
1686 1730 break;
1687 1731 case 'b':
1688 1732 (void) strlcpy(zone_template, "SUNWblank",
1689 1733 sizeof (zone_template));
1690 1734 break;
1691 1735 case 'F':
1692 1736 force = B_TRUE;
1693 1737 break;
1694 1738 case 't':
1695 1739 (void) strlcpy(zone_template, optarg,
1696 1740 sizeof (zone_template));
1697 1741 break;
1698 1742 default:
1699 1743 short_usage(CMD_CREATE);
1700 1744 arg_err = B_TRUE;
1701 1745 break;
1702 1746 }
1703 1747 }
1704 1748 if (arg_err)
1705 1749 return;
1706 1750
1707 1751 if (optind != cmd->cmd_argc) {
1708 1752 short_usage(CMD_CREATE);
1709 1753 return;
1710 1754 }
1711 1755
1712 1756 if (zone_is_read_only(CMD_CREATE))
1713 1757 return;
1714 1758
1715 1759 if (check_if_zone_already_exists(force) != Z_OK)
1716 1760 return;
1717 1761
1718 1762 /*
1719 1763 * Get a temporary handle first. If that fails, the old handle
1720 1764 * will not be lost. Then finish whichever one we don't need,
1721 1765 * to avoid leaks. Then get the handle for zone_template, and
1722 1766 * set the name to zone: this "copy, rename" method is how
1723 1767 * create -[b|t] works.
1724 1768 */
1725 1769 if ((tmphandle = zonecfg_init_handle()) == NULL) {
1726 1770 zone_perror(execname, Z_NOMEM, B_TRUE);
1727 1771 exit(Z_ERR);
1728 1772 }
1729 1773
1730 1774 if (attach)
1731 1775 err = zonecfg_get_attach_handle(attach_path, ZONE_DETACHED,
1732 1776 zone, B_FALSE, tmphandle);
1733 1777 else
1734 1778 err = zonecfg_get_template_handle(zone_template, zone,
1735 1779 tmphandle);
1736 1780
1737 1781 if (err != Z_OK) {
1738 1782 zonecfg_fini_handle(tmphandle);
1739 1783 if (attach && err == Z_NO_ZONE)
1740 1784 (void) fprintf(stderr, gettext("invalid path to "
1741 1785 "detached zone\n"));
1742 1786 else if (attach && err == Z_INVALID_DOCUMENT)
1743 1787 (void) fprintf(stderr, gettext("Cannot attach to an "
1744 1788 "earlier release of the operating system\n"));
1745 1789 else
1746 1790 zone_perror(zone_template, err, B_TRUE);
1747 1791 return;
1748 1792 }
1749 1793
1750 1794 need_to_commit = B_TRUE;
1751 1795 zonecfg_fini_handle(handle);
1752 1796 handle = tmphandle;
1753 1797 got_handle = B_TRUE;
1754 1798 }
1755 1799
1756 1800 /*
1757 1801 * This malloc()'s memory, which must be freed by the caller.
1758 1802 */
1759 1803 static char *
1760 1804 quoteit(char *instr)
1761 1805 {
1762 1806 char *outstr;
1763 1807 size_t outstrsize = strlen(instr) + 3; /* 2 quotes + '\0' */
1764 1808
1765 1809 if ((outstr = malloc(outstrsize)) == NULL) {
1766 1810 zone_perror(zone, Z_NOMEM, B_FALSE);
1767 1811 exit(Z_ERR);
1768 1812 }
1769 1813 if (strchr(instr, ' ') == NULL) {
1770 1814 (void) strlcpy(outstr, instr, outstrsize);
1771 1815 return (outstr);
1772 1816 }
1773 1817 (void) snprintf(outstr, outstrsize, "\"%s\"", instr);
1774 1818 return (outstr);
1775 1819 }
1776 1820
1777 1821 static void
1778 1822 export_prop(FILE *of, int prop_num, char *prop_id)
1779 1823 {
1780 1824 char *quote_str;
1781 1825
1782 1826 if (strlen(prop_id) == 0)
1783 1827 return;
1784 1828 quote_str = quoteit(prop_id);
1785 1829 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1786 1830 pt_to_str(prop_num), quote_str);
1787 1831 free(quote_str);
1788 1832 }
1789 1833
1790 1834 void
1791 1835 export_func(cmd_t *cmd)
1792 1836 {
|
↓ open down ↓ |
423 lines elided |
↑ open up ↑ |
1793 1837 struct zone_nwiftab nwiftab;
1794 1838 struct zone_fstab fstab;
1795 1839 struct zone_devtab devtab;
1796 1840 struct zone_attrtab attrtab;
1797 1841 struct zone_rctltab rctltab;
1798 1842 struct zone_dstab dstab;
1799 1843 struct zone_psettab psettab;
1800 1844 struct zone_mcaptab mcaptab;
1801 1845 struct zone_rctlvaltab *valptr;
1802 1846 struct zone_admintab admintab;
1847 + struct zone_secflagstab secflagstab;
1803 1848 int err, arg;
1804 1849 char zonepath[MAXPATHLEN], outfile[MAXPATHLEN], pool[MAXNAMELEN];
1805 1850 char bootargs[BOOTARGS_MAX];
1806 1851 char sched[MAXNAMELEN];
1807 1852 char brand[MAXNAMELEN];
1808 1853 char hostidp[HW_HOSTID_LEN];
1809 1854 char fsallowedp[ZONE_FS_ALLOWED_MAX];
1810 1855 char *limitpriv;
1811 1856 FILE *of;
1812 1857 boolean_t autoboot;
1813 1858 zone_iptype_t iptype;
1814 1859 boolean_t need_to_close = B_FALSE;
1815 1860 boolean_t arg_err = B_FALSE;
1816 1861
1817 1862 assert(cmd != NULL);
1818 1863
1819 1864 outfile[0] = '\0';
1820 1865 optind = 0;
1821 1866 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?f:")) != EOF) {
1822 1867 switch (arg) {
1823 1868 case '?':
1824 1869 if (optopt == '?')
1825 1870 longer_usage(CMD_EXPORT);
1826 1871 else
1827 1872 short_usage(CMD_EXPORT);
1828 1873 arg_err = B_TRUE;
1829 1874 break;
1830 1875 case 'f':
1831 1876 (void) strlcpy(outfile, optarg, sizeof (outfile));
1832 1877 break;
1833 1878 default:
1834 1879 short_usage(CMD_EXPORT);
1835 1880 arg_err = B_TRUE;
1836 1881 break;
1837 1882 }
1838 1883 }
1839 1884 if (arg_err)
1840 1885 return;
1841 1886
1842 1887 if (optind != cmd->cmd_argc) {
1843 1888 short_usage(CMD_EXPORT);
1844 1889 return;
1845 1890 }
1846 1891 if (strlen(outfile) == 0) {
1847 1892 of = stdout;
1848 1893 } else {
1849 1894 if ((of = fopen(outfile, "w")) == NULL) {
1850 1895 zerr(gettext("opening file %s: %s"),
1851 1896 outfile, strerror(errno));
1852 1897 goto done;
1853 1898 }
1854 1899 setbuf(of, NULL);
1855 1900 need_to_close = B_TRUE;
1856 1901 }
1857 1902
1858 1903 if ((err = initialize(B_TRUE)) != Z_OK)
1859 1904 goto done;
1860 1905
1861 1906 (void) fprintf(of, "%s -b\n", cmd_to_str(CMD_CREATE));
1862 1907
1863 1908 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK &&
1864 1909 strlen(zonepath) > 0)
1865 1910 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1866 1911 pt_to_str(PT_ZONEPATH), zonepath);
1867 1912
1868 1913 if ((zone_get_brand(zone, brand, sizeof (brand)) == Z_OK) &&
1869 1914 (strcmp(brand, NATIVE_BRAND_NAME) != 0))
1870 1915 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1871 1916 pt_to_str(PT_BRAND), brand);
1872 1917
1873 1918 if (zonecfg_get_autoboot(handle, &autoboot) == Z_OK)
1874 1919 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1875 1920 pt_to_str(PT_AUTOBOOT), autoboot ? "true" : "false");
1876 1921
1877 1922 if (zonecfg_get_bootargs(handle, bootargs, sizeof (bootargs)) == Z_OK &&
1878 1923 strlen(bootargs) > 0) {
1879 1924 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1880 1925 pt_to_str(PT_BOOTARGS), bootargs);
1881 1926 }
1882 1927
1883 1928 if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
1884 1929 strlen(pool) > 0)
1885 1930 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1886 1931 pt_to_str(PT_POOL), pool);
1887 1932
1888 1933 if (zonecfg_get_limitpriv(handle, &limitpriv) == Z_OK &&
1889 1934 strlen(limitpriv) > 0) {
1890 1935 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1891 1936 pt_to_str(PT_LIMITPRIV), limitpriv);
1892 1937 free(limitpriv);
1893 1938 }
1894 1939
1895 1940 if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
1896 1941 strlen(sched) > 0)
1897 1942 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1898 1943 pt_to_str(PT_SCHED), sched);
1899 1944
1900 1945 if (zonecfg_get_iptype(handle, &iptype) == Z_OK) {
1901 1946 switch (iptype) {
1902 1947 case ZS_SHARED:
1903 1948 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1904 1949 pt_to_str(PT_IPTYPE), "shared");
1905 1950 break;
1906 1951 case ZS_EXCLUSIVE:
1907 1952 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1908 1953 pt_to_str(PT_IPTYPE), "exclusive");
1909 1954 break;
1910 1955 }
1911 1956 }
1912 1957
1913 1958 if (zonecfg_get_hostid(handle, hostidp, sizeof (hostidp)) == Z_OK) {
1914 1959 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1915 1960 pt_to_str(PT_HOSTID), hostidp);
1916 1961 }
1917 1962
1918 1963 if (zonecfg_get_fs_allowed(handle, fsallowedp,
1919 1964 sizeof (fsallowedp)) == Z_OK) {
1920 1965 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1921 1966 pt_to_str(PT_FS_ALLOWED), fsallowedp);
1922 1967 }
1923 1968
1924 1969 if ((err = zonecfg_setfsent(handle)) != Z_OK) {
1925 1970 zone_perror(zone, err, B_FALSE);
1926 1971 goto done;
1927 1972 }
1928 1973 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1929 1974 zone_fsopt_t *optptr;
1930 1975
1931 1976 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1932 1977 rt_to_str(RT_FS));
1933 1978 export_prop(of, PT_DIR, fstab.zone_fs_dir);
1934 1979 export_prop(of, PT_SPECIAL, fstab.zone_fs_special);
1935 1980 export_prop(of, PT_RAW, fstab.zone_fs_raw);
1936 1981 export_prop(of, PT_TYPE, fstab.zone_fs_type);
1937 1982 for (optptr = fstab.zone_fs_options; optptr != NULL;
1938 1983 optptr = optptr->zone_fsopt_next) {
1939 1984 /*
1940 1985 * Simple property values with embedded equal signs
1941 1986 * need to be quoted to prevent the lexer from
1942 1987 * mis-parsing them as complex name=value pairs.
1943 1988 */
1944 1989 if (strchr(optptr->zone_fsopt_opt, '='))
1945 1990 (void) fprintf(of, "%s %s \"%s\"\n",
1946 1991 cmd_to_str(CMD_ADD),
1947 1992 pt_to_str(PT_OPTIONS),
1948 1993 optptr->zone_fsopt_opt);
1949 1994 else
1950 1995 (void) fprintf(of, "%s %s %s\n",
1951 1996 cmd_to_str(CMD_ADD),
1952 1997 pt_to_str(PT_OPTIONS),
1953 1998 optptr->zone_fsopt_opt);
1954 1999 }
1955 2000 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1956 2001 zonecfg_free_fs_option_list(fstab.zone_fs_options);
1957 2002 }
1958 2003 (void) zonecfg_endfsent(handle);
1959 2004
1960 2005 if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
1961 2006 zone_perror(zone, err, B_FALSE);
1962 2007 goto done;
1963 2008 }
1964 2009 while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
1965 2010 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1966 2011 rt_to_str(RT_NET));
1967 2012 export_prop(of, PT_ADDRESS, nwiftab.zone_nwif_address);
1968 2013 export_prop(of, PT_ALLOWED_ADDRESS,
1969 2014 nwiftab.zone_nwif_allowed_address);
1970 2015 export_prop(of, PT_PHYSICAL, nwiftab.zone_nwif_physical);
1971 2016 export_prop(of, PT_DEFROUTER, nwiftab.zone_nwif_defrouter);
1972 2017 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1973 2018 }
1974 2019 (void) zonecfg_endnwifent(handle);
1975 2020
1976 2021 if ((err = zonecfg_setdevent(handle)) != Z_OK) {
1977 2022 zone_perror(zone, err, B_FALSE);
1978 2023 goto done;
1979 2024 }
1980 2025 while (zonecfg_getdevent(handle, &devtab) == Z_OK) {
1981 2026 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1982 2027 rt_to_str(RT_DEVICE));
1983 2028 export_prop(of, PT_MATCH, devtab.zone_dev_match);
1984 2029 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1985 2030 }
1986 2031 (void) zonecfg_enddevent(handle);
1987 2032
1988 2033 if (zonecfg_getmcapent(handle, &mcaptab) == Z_OK) {
1989 2034 char buf[128];
1990 2035
1991 2036 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
1992 2037 rt_to_str(RT_MCAP));
1993 2038 bytes_to_units(mcaptab.zone_physmem_cap, buf, sizeof (buf));
1994 2039 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
1995 2040 pt_to_str(PT_PHYSICAL), buf);
1996 2041 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
1997 2042 }
1998 2043
1999 2044 if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
2000 2045 zone_perror(zone, err, B_FALSE);
2001 2046 goto done;
2002 2047 }
2003 2048 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
2004 2049 (void) fprintf(of, "%s rctl\n", cmd_to_str(CMD_ADD));
2005 2050 export_prop(of, PT_NAME, rctltab.zone_rctl_name);
2006 2051 for (valptr = rctltab.zone_rctl_valptr; valptr != NULL;
2007 2052 valptr = valptr->zone_rctlval_next) {
2008 2053 fprintf(of, "%s %s (%s=%s,%s=%s,%s=%s)\n",
2009 2054 cmd_to_str(CMD_ADD), pt_to_str(PT_VALUE),
2010 2055 pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
2011 2056 pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
2012 2057 pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
2013 2058 }
2014 2059 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2015 2060 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
2016 2061 }
2017 2062 (void) zonecfg_endrctlent(handle);
2018 2063
2019 2064 if ((err = zonecfg_setattrent(handle)) != Z_OK) {
2020 2065 zone_perror(zone, err, B_FALSE);
2021 2066 goto done;
2022 2067 }
2023 2068 while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
2024 2069 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2025 2070 rt_to_str(RT_ATTR));
2026 2071 export_prop(of, PT_NAME, attrtab.zone_attr_name);
2027 2072 export_prop(of, PT_TYPE, attrtab.zone_attr_type);
2028 2073 export_prop(of, PT_VALUE, attrtab.zone_attr_value);
2029 2074 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2030 2075 }
2031 2076 (void) zonecfg_endattrent(handle);
2032 2077
2033 2078 if ((err = zonecfg_setdsent(handle)) != Z_OK) {
2034 2079 zone_perror(zone, err, B_FALSE);
2035 2080 goto done;
2036 2081 }
2037 2082 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
2038 2083 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2039 2084 rt_to_str(RT_DATASET));
2040 2085 export_prop(of, PT_NAME, dstab.zone_dataset_name);
2041 2086 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2042 2087 }
2043 2088 (void) zonecfg_enddsent(handle);
2044 2089
2045 2090 if (zonecfg_getpsetent(handle, &psettab) == Z_OK) {
2046 2091 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2047 2092 rt_to_str(RT_DCPU));
2048 2093 if (strcmp(psettab.zone_ncpu_min, psettab.zone_ncpu_max) == 0)
2049 2094 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2050 2095 pt_to_str(PT_NCPUS), psettab.zone_ncpu_max);
2051 2096 else
2052 2097 (void) fprintf(of, "%s %s=%s-%s\n", cmd_to_str(CMD_SET),
2053 2098 pt_to_str(PT_NCPUS), psettab.zone_ncpu_min,
2054 2099 psettab.zone_ncpu_max);
2055 2100 if (psettab.zone_importance[0] != '\0')
2056 2101 (void) fprintf(of, "%s %s=%s\n", cmd_to_str(CMD_SET),
2057 2102 pt_to_str(PT_IMPORTANCE), psettab.zone_importance);
2058 2103 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2059 2104 }
2060 2105
2061 2106 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
|
↓ open down ↓ |
249 lines elided |
↑ open up ↑ |
2062 2107 zone_perror(zone, err, B_FALSE);
2063 2108 goto done;
2064 2109 }
2065 2110 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
2066 2111 (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2067 2112 rt_to_str(RT_ADMIN));
2068 2113 export_prop(of, PT_USER, admintab.zone_admin_user);
2069 2114 export_prop(of, PT_AUTHS, admintab.zone_admin_auths);
2070 2115 (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2071 2116 }
2117 +
2072 2118 (void) zonecfg_endadminent(handle);
2073 2119
2120 + if ((err = zonecfg_getsecflagsent(handle, &secflagstab)) != Z_OK) {
2121 + zone_perror(zone, err, B_FALSE);
2122 + goto done;
2123 + }
2124 +
2125 + (void) fprintf(of, "%s %s\n", cmd_to_str(CMD_ADD),
2126 + rt_to_str(RT_SECFLAGS));
2127 + export_prop(of, PT_DEFAULT, secflagstab.zone_secflags_default);
2128 + export_prop(of, PT_LOWER, secflagstab.zone_secflags_lower);
2129 + export_prop(of, PT_UPPER, secflagstab.zone_secflags_upper);
2130 + (void) fprintf(of, "%s\n", cmd_to_str(CMD_END));
2131 +
2074 2132 /*
2075 2133 * There is nothing to export for pcap since this resource is just
2076 2134 * a container for an rctl alias.
2077 2135 */
2078 2136
2079 2137 done:
2080 2138 if (need_to_close)
2081 2139 (void) fclose(of);
2082 2140 }
2083 2141
2084 2142 void
2085 2143 exit_func(cmd_t *cmd)
2086 2144 {
2087 2145 int arg, answer;
2088 2146 boolean_t arg_err = B_FALSE;
2089 2147
2090 2148 optind = 0;
2091 2149 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2092 2150 switch (arg) {
2093 2151 case '?':
2094 2152 longer_usage(CMD_EXIT);
2095 2153 arg_err = B_TRUE;
2096 2154 break;
2097 2155 case 'F':
2098 2156 force_exit = B_TRUE;
2099 2157 break;
2100 2158 default:
2101 2159 short_usage(CMD_EXIT);
2102 2160 arg_err = B_TRUE;
2103 2161 break;
2104 2162 }
2105 2163 }
2106 2164 if (arg_err)
2107 2165 return;
2108 2166
2109 2167 if (optind < cmd->cmd_argc) {
2110 2168 short_usage(CMD_EXIT);
2111 2169 return;
2112 2170 }
2113 2171
2114 2172 if (global_scope || force_exit) {
2115 2173 time_to_exit = B_TRUE;
2116 2174 return;
2117 2175 }
2118 2176
2119 2177 answer = ask_yesno(B_FALSE, "Resource incomplete; really quit");
2120 2178 if (answer == -1) {
2121 2179 zerr(gettext("Resource incomplete, input "
2122 2180 "not from terminal and -F not specified:\n%s command "
2123 2181 "ignored, but exiting anyway."), cmd_to_str(CMD_EXIT));
2124 2182 exit(Z_ERR);
2125 2183 } else if (answer == 1) {
2126 2184 time_to_exit = B_TRUE;
2127 2185 }
2128 2186 /* (answer == 0) => just return */
2129 2187 }
2130 2188
2131 2189 static int
2132 2190 validate_zonepath_syntax(char *path)
2133 2191 {
2134 2192 if (path[0] != '/') {
2135 2193 zerr(gettext("%s is not an absolute path."), path);
2136 2194 return (Z_ERR);
2137 2195 }
2138 2196 /* If path is all slashes, then fail */
2139 2197 if (strspn(path, "/") == strlen(path)) {
2140 2198 zerr(gettext("/ is not allowed as a %s."),
2141 2199 pt_to_str(PT_ZONEPATH));
2142 2200 return (Z_ERR);
|
↓ open down ↓ |
59 lines elided |
↑ open up ↑ |
2143 2201 }
2144 2202 return (Z_OK);
2145 2203 }
2146 2204
2147 2205 static void
2148 2206 add_resource(cmd_t *cmd)
2149 2207 {
2150 2208 int type;
2151 2209 struct zone_psettab tmp_psettab;
2152 2210 struct zone_mcaptab tmp_mcaptab;
2211 + struct zone_secflagstab tmp_secflagstab;
2153 2212 uint64_t tmp;
2154 2213 uint64_t tmp_mcap;
2155 2214 char pool[MAXNAMELEN];
2156 2215
2157 2216 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
2158 2217 long_usage(CMD_ADD, B_TRUE);
2159 2218 goto bad;
2160 2219 }
2161 2220
2162 2221 switch (type) {
2163 2222 case RT_FS:
2164 2223 bzero(&in_progress_fstab, sizeof (in_progress_fstab));
2165 2224 return;
2166 2225 case RT_NET:
2167 2226 bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
2168 2227 return;
2169 2228 case RT_DEVICE:
2170 2229 bzero(&in_progress_devtab, sizeof (in_progress_devtab));
2171 2230 return;
2172 2231 case RT_RCTL:
2173 2232 if (global_zone)
2174 2233 zerr(gettext("WARNING: Setting a global zone resource "
2175 2234 "control too low could deny\nservice "
2176 2235 "to even the root user; "
2177 2236 "this could render the system impossible\n"
2178 2237 "to administer. Please use caution."));
2179 2238 bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
2180 2239 return;
2181 2240 case RT_ATTR:
2182 2241 bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
2183 2242 return;
2184 2243 case RT_DATASET:
2185 2244 bzero(&in_progress_dstab, sizeof (in_progress_dstab));
2186 2245 return;
2187 2246 case RT_DCPU:
2188 2247 /* Make sure there isn't already a cpu-set or cpu-cap entry. */
2189 2248 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2190 2249 zerr(gettext("The %s resource already exists."),
2191 2250 rt_to_str(RT_DCPU));
2192 2251 goto bad;
2193 2252 }
2194 2253 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) !=
2195 2254 Z_NO_ENTRY) {
2196 2255 zerr(gettext("The %s resource already exists."),
2197 2256 rt_to_str(RT_PCAP));
2198 2257 goto bad;
2199 2258 }
2200 2259
2201 2260 /* Make sure the pool property isn't set. */
2202 2261 if (zonecfg_get_pool(handle, pool, sizeof (pool)) == Z_OK &&
2203 2262 strlen(pool) > 0) {
2204 2263 zerr(gettext("The %s property is already set. "
2205 2264 "A persistent pool is incompatible with\nthe %s "
2206 2265 "resource."),
2207 2266 pt_to_str(PT_POOL), rt_to_str(RT_DCPU));
2208 2267 goto bad;
2209 2268 }
2210 2269
2211 2270 bzero(&in_progress_psettab, sizeof (in_progress_psettab));
2212 2271 return;
2213 2272 case RT_PCAP:
2214 2273 /*
2215 2274 * Make sure there isn't already a cpu-set or incompatible
2216 2275 * cpu-cap rctls.
2217 2276 */
2218 2277 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
2219 2278 zerr(gettext("The %s resource already exists."),
2220 2279 rt_to_str(RT_DCPU));
2221 2280 goto bad;
2222 2281 }
2223 2282
2224 2283 switch (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp)) {
2225 2284 case Z_ALIAS_DISALLOW:
2226 2285 zone_perror(rt_to_str(RT_PCAP), Z_ALIAS_DISALLOW,
2227 2286 B_FALSE);
2228 2287 goto bad;
2229 2288
2230 2289 case Z_OK:
2231 2290 zerr(gettext("The %s resource already exists."),
2232 2291 rt_to_str(RT_PCAP));
2233 2292 goto bad;
2234 2293
2235 2294 default:
2236 2295 break;
2237 2296 }
2238 2297 return;
2239 2298 case RT_MCAP:
2240 2299 /*
2241 2300 * Make sure there isn't already a mem-cap entry or max-swap
2242 2301 * or max-locked rctl.
2243 2302 */
2244 2303 if (zonecfg_lookup_mcap(handle, &tmp_mcaptab) == Z_OK ||
2245 2304 zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp_mcap)
2246 2305 == Z_OK ||
2247 2306 zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
2248 2307 &tmp_mcap) == Z_OK) {
2249 2308 zerr(gettext("The %s resource or a related resource "
2250 2309 "control already exists."), rt_to_str(RT_MCAP));
2251 2310 goto bad;
2252 2311 }
2253 2312 if (global_zone)
|
↓ open down ↓ |
91 lines elided |
↑ open up ↑ |
2254 2313 zerr(gettext("WARNING: Setting a global zone memory "
2255 2314 "cap too low could deny\nservice "
2256 2315 "to even the root user; "
2257 2316 "this could render the system impossible\n"
2258 2317 "to administer. Please use caution."));
2259 2318 bzero(&in_progress_mcaptab, sizeof (in_progress_mcaptab));
2260 2319 return;
2261 2320 case RT_ADMIN:
2262 2321 bzero(&in_progress_admintab, sizeof (in_progress_admintab));
2263 2322 return;
2323 + case RT_SECFLAGS:
2324 + /* Make sure we haven't already set this */
2325 + if (zonecfg_lookup_secflags(handle, &tmp_secflagstab) == Z_OK)
2326 + zerr(gettext("The %s resource already exists."),
2327 + rt_to_str(RT_SECFLAGS));
2328 + bzero(&in_progress_secflagstab,
2329 + sizeof (in_progress_secflagstab));
2330 + return;
2264 2331 default:
2265 2332 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
2266 2333 long_usage(CMD_ADD, B_TRUE);
2267 2334 usage(B_FALSE, HELP_RESOURCES);
2268 2335 }
2269 2336 bad:
2270 2337 global_scope = B_TRUE;
2271 2338 end_op = -1;
2272 2339 }
2273 2340
2274 2341 static void
2275 2342 do_complex_rctl_val(complex_property_ptr_t cp)
2276 2343 {
2277 2344 struct zone_rctlvaltab *rctlvaltab;
2278 2345 complex_property_ptr_t cx;
2279 2346 boolean_t seen_priv = B_FALSE, seen_limit = B_FALSE,
2280 2347 seen_action = B_FALSE;
2281 2348 rctlblk_t *rctlblk;
2282 2349 int err;
2283 2350
2284 2351 if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
2285 2352 zone_perror(zone, Z_NOMEM, B_TRUE);
2286 2353 exit(Z_ERR);
2287 2354 }
2288 2355 for (cx = cp; cx != NULL; cx = cx->cp_next) {
2289 2356 switch (cx->cp_type) {
2290 2357 case PT_PRIV:
2291 2358 if (seen_priv) {
2292 2359 zerr(gettext("%s already specified"),
2293 2360 pt_to_str(PT_PRIV));
2294 2361 goto bad;
2295 2362 }
2296 2363 (void) strlcpy(rctlvaltab->zone_rctlval_priv,
2297 2364 cx->cp_value,
2298 2365 sizeof (rctlvaltab->zone_rctlval_priv));
2299 2366 seen_priv = B_TRUE;
2300 2367 break;
2301 2368 case PT_LIMIT:
2302 2369 if (seen_limit) {
2303 2370 zerr(gettext("%s already specified"),
2304 2371 pt_to_str(PT_LIMIT));
2305 2372 goto bad;
2306 2373 }
2307 2374 (void) strlcpy(rctlvaltab->zone_rctlval_limit,
2308 2375 cx->cp_value,
2309 2376 sizeof (rctlvaltab->zone_rctlval_limit));
2310 2377 seen_limit = B_TRUE;
2311 2378 break;
2312 2379 case PT_ACTION:
2313 2380 if (seen_action) {
2314 2381 zerr(gettext("%s already specified"),
2315 2382 pt_to_str(PT_ACTION));
2316 2383 goto bad;
2317 2384 }
2318 2385 (void) strlcpy(rctlvaltab->zone_rctlval_action,
2319 2386 cx->cp_value,
2320 2387 sizeof (rctlvaltab->zone_rctlval_action));
2321 2388 seen_action = B_TRUE;
2322 2389 break;
2323 2390 default:
2324 2391 zone_perror(pt_to_str(PT_VALUE),
2325 2392 Z_NO_PROPERTY_TYPE, B_TRUE);
2326 2393 long_usage(CMD_ADD, B_TRUE);
2327 2394 usage(B_FALSE, HELP_PROPS);
2328 2395 zonecfg_free_rctl_value_list(rctlvaltab);
2329 2396 return;
2330 2397 }
2331 2398 }
2332 2399 if (!seen_priv)
2333 2400 zerr(gettext("%s not specified"), pt_to_str(PT_PRIV));
2334 2401 if (!seen_limit)
2335 2402 zerr(gettext("%s not specified"), pt_to_str(PT_LIMIT));
2336 2403 if (!seen_action)
2337 2404 zerr(gettext("%s not specified"), pt_to_str(PT_ACTION));
2338 2405 if (!seen_priv || !seen_limit || !seen_action)
2339 2406 goto bad;
2340 2407 rctlvaltab->zone_rctlval_next = NULL;
2341 2408 rctlblk = alloca(rctlblk_size());
2342 2409 /*
2343 2410 * Make sure the rctl value looks roughly correct; we won't know if
2344 2411 * it's truly OK until we verify the configuration on the target
2345 2412 * system.
2346 2413 */
2347 2414 if (zonecfg_construct_rctlblk(rctlvaltab, rctlblk) != Z_OK ||
2348 2415 !zonecfg_valid_rctlblk(rctlblk)) {
2349 2416 zerr(gettext("Invalid %s %s specification"), rt_to_str(RT_RCTL),
2350 2417 pt_to_str(PT_VALUE));
2351 2418 goto bad;
2352 2419 }
2353 2420 err = zonecfg_add_rctl_value(&in_progress_rctltab, rctlvaltab);
2354 2421 if (err != Z_OK)
2355 2422 zone_perror(pt_to_str(PT_VALUE), err, B_TRUE);
2356 2423 return;
2357 2424
2358 2425 bad:
2359 2426 zonecfg_free_rctl_value_list(rctlvaltab);
2360 2427 }
2361 2428
2362 2429 static void
2363 2430 add_property(cmd_t *cmd)
2364 2431 {
2365 2432 char *prop_id;
2366 2433 int err, res_type, prop_type;
2367 2434 property_value_ptr_t pp;
2368 2435 list_property_ptr_t l;
2369 2436
2370 2437 res_type = resource_scope;
2371 2438 prop_type = cmd->cmd_prop_name[0];
2372 2439 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
2373 2440 long_usage(CMD_ADD, B_TRUE);
2374 2441 return;
2375 2442 }
2376 2443
2377 2444 if (cmd->cmd_prop_nv_pairs != 1) {
2378 2445 long_usage(CMD_ADD, B_TRUE);
2379 2446 return;
2380 2447 }
2381 2448
2382 2449 if (initialize(B_TRUE) != Z_OK)
2383 2450 return;
2384 2451
2385 2452 switch (res_type) {
2386 2453 case RT_FS:
2387 2454 if (prop_type != PT_OPTIONS) {
2388 2455 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2389 2456 B_TRUE);
2390 2457 long_usage(CMD_ADD, B_TRUE);
2391 2458 usage(B_FALSE, HELP_PROPS);
2392 2459 return;
2393 2460 }
2394 2461 pp = cmd->cmd_property_ptr[0];
2395 2462 if (pp->pv_type != PROP_VAL_SIMPLE &&
2396 2463 pp->pv_type != PROP_VAL_LIST) {
2397 2464 zerr(gettext("A %s or %s value was expected here."),
2398 2465 pvt_to_str(PROP_VAL_SIMPLE),
2399 2466 pvt_to_str(PROP_VAL_LIST));
2400 2467 saw_error = B_TRUE;
2401 2468 return;
2402 2469 }
2403 2470 if (pp->pv_type == PROP_VAL_SIMPLE) {
2404 2471 if (pp->pv_simple == NULL) {
2405 2472 long_usage(CMD_ADD, B_TRUE);
2406 2473 return;
2407 2474 }
2408 2475 prop_id = pp->pv_simple;
2409 2476 err = zonecfg_add_fs_option(&in_progress_fstab,
2410 2477 prop_id);
2411 2478 if (err != Z_OK)
2412 2479 zone_perror(pt_to_str(prop_type), err, B_TRUE);
2413 2480 } else {
2414 2481 list_property_ptr_t list;
2415 2482
2416 2483 for (list = pp->pv_list; list != NULL;
2417 2484 list = list->lp_next) {
2418 2485 prop_id = list->lp_simple;
2419 2486 if (prop_id == NULL)
2420 2487 break;
2421 2488 err = zonecfg_add_fs_option(
2422 2489 &in_progress_fstab, prop_id);
2423 2490 if (err != Z_OK)
2424 2491 zone_perror(pt_to_str(prop_type), err,
2425 2492 B_TRUE);
2426 2493 }
2427 2494 }
2428 2495 return;
2429 2496 case RT_RCTL:
2430 2497 if (prop_type != PT_VALUE) {
2431 2498 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
2432 2499 B_TRUE);
2433 2500 long_usage(CMD_ADD, B_TRUE);
2434 2501 usage(B_FALSE, HELP_PROPS);
2435 2502 return;
2436 2503 }
2437 2504 pp = cmd->cmd_property_ptr[0];
2438 2505 if (pp->pv_type != PROP_VAL_COMPLEX &&
2439 2506 pp->pv_type != PROP_VAL_LIST) {
2440 2507 zerr(gettext("A %s or %s value was expected here."),
2441 2508 pvt_to_str(PROP_VAL_COMPLEX),
2442 2509 pvt_to_str(PROP_VAL_LIST));
2443 2510 saw_error = B_TRUE;
2444 2511 return;
2445 2512 }
2446 2513 if (pp->pv_type == PROP_VAL_COMPLEX) {
2447 2514 do_complex_rctl_val(pp->pv_complex);
2448 2515 return;
2449 2516 }
2450 2517 for (l = pp->pv_list; l != NULL; l = l->lp_next)
2451 2518 do_complex_rctl_val(l->lp_complex);
2452 2519 return;
2453 2520 default:
2454 2521 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
2455 2522 long_usage(CMD_ADD, B_TRUE);
2456 2523 usage(B_FALSE, HELP_RESOURCES);
2457 2524 return;
2458 2525 }
2459 2526 }
2460 2527
2461 2528 static boolean_t
2462 2529 gz_invalid_resource(int type)
2463 2530 {
2464 2531 return (global_zone && (type == RT_FS ||
2465 2532 type == RT_NET || type == RT_DEVICE || type == RT_ATTR ||
2466 2533 type == RT_DATASET));
2467 2534 }
2468 2535
2469 2536 static boolean_t
2470 2537 gz_invalid_rt_property(int type)
2471 2538 {
2472 2539 return (global_zone && (type == RT_ZONENAME || type == RT_ZONEPATH ||
2473 2540 type == RT_AUTOBOOT || type == RT_LIMITPRIV ||
2474 2541 type == RT_BOOTARGS || type == RT_BRAND || type == RT_SCHED ||
2475 2542 type == RT_IPTYPE || type == RT_HOSTID || type == RT_FS_ALLOWED));
2476 2543 }
2477 2544
2478 2545 static boolean_t
2479 2546 gz_invalid_property(int type)
2480 2547 {
2481 2548 return (global_zone && (type == PT_ZONENAME || type == PT_ZONEPATH ||
2482 2549 type == PT_AUTOBOOT || type == PT_LIMITPRIV ||
2483 2550 type == PT_BOOTARGS || type == PT_BRAND || type == PT_SCHED ||
2484 2551 type == PT_IPTYPE || type == PT_HOSTID || type == PT_FS_ALLOWED));
2485 2552 }
2486 2553
2487 2554 void
2488 2555 add_func(cmd_t *cmd)
2489 2556 {
2490 2557 int arg;
2491 2558 boolean_t arg_err = B_FALSE;
2492 2559
2493 2560 assert(cmd != NULL);
2494 2561
2495 2562 optind = 0;
2496 2563 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
2497 2564 switch (arg) {
2498 2565 case '?':
2499 2566 longer_usage(CMD_ADD);
2500 2567 arg_err = B_TRUE;
2501 2568 break;
2502 2569 default:
2503 2570 short_usage(CMD_ADD);
2504 2571 arg_err = B_TRUE;
2505 2572 break;
2506 2573 }
2507 2574 }
2508 2575 if (arg_err)
2509 2576 return;
2510 2577
2511 2578 if (optind != cmd->cmd_argc) {
2512 2579 short_usage(CMD_ADD);
2513 2580 return;
2514 2581 }
2515 2582
2516 2583 if (zone_is_read_only(CMD_ADD))
2517 2584 return;
2518 2585
2519 2586 if (initialize(B_TRUE) != Z_OK)
2520 2587 return;
2521 2588 if (global_scope) {
2522 2589 if (gz_invalid_resource(cmd->cmd_res_type)) {
2523 2590 zerr(gettext("Cannot add a %s resource to the "
2524 2591 "global zone."), rt_to_str(cmd->cmd_res_type));
2525 2592 saw_error = B_TRUE;
2526 2593 return;
2527 2594 }
2528 2595
2529 2596 global_scope = B_FALSE;
2530 2597 resource_scope = cmd->cmd_res_type;
2531 2598 end_op = CMD_ADD;
2532 2599 add_resource(cmd);
2533 2600 } else
2534 2601 add_property(cmd);
2535 2602 }
2536 2603
2537 2604 /*
2538 2605 * This routine has an unusual implementation, because it tries very
2539 2606 * hard to succeed in the face of a variety of failure modes.
2540 2607 * The most common and most vexing occurs when the index file and
2541 2608 * the /etc/zones/<zonename.xml> file are not both present. In
2542 2609 * this case, delete must eradicate as much of the zone state as is left
2543 2610 * so that the user can later create a new zone with the same name.
2544 2611 */
2545 2612 void
2546 2613 delete_func(cmd_t *cmd)
2547 2614 {
2548 2615 int err, arg, answer;
2549 2616 char line[ZONENAME_MAX + 128]; /* enough to ask a question */
2550 2617 boolean_t force = B_FALSE;
2551 2618 boolean_t arg_err = B_FALSE;
2552 2619
2553 2620 optind = 0;
2554 2621 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
2555 2622 switch (arg) {
2556 2623 case '?':
2557 2624 longer_usage(CMD_DELETE);
2558 2625 arg_err = B_TRUE;
2559 2626 break;
2560 2627 case 'F':
2561 2628 force = B_TRUE;
2562 2629 break;
2563 2630 default:
2564 2631 short_usage(CMD_DELETE);
2565 2632 arg_err = B_TRUE;
2566 2633 break;
2567 2634 }
2568 2635 }
2569 2636 if (arg_err)
2570 2637 return;
2571 2638
2572 2639 if (optind != cmd->cmd_argc) {
2573 2640 short_usage(CMD_DELETE);
2574 2641 return;
2575 2642 }
2576 2643
2577 2644 if (zone_is_read_only(CMD_DELETE))
2578 2645 return;
2579 2646
2580 2647 if (!force) {
2581 2648 /*
2582 2649 * Initialize sets up the global called "handle" and warns the
2583 2650 * user if the zone is not configured. In force mode, we don't
2584 2651 * trust that evaluation, and hence skip it. (We don't need the
2585 2652 * handle to be loaded anyway, since zonecfg_destroy is done by
2586 2653 * zonename). However, we also have to take care to emulate the
2587 2654 * messages spit out by initialize; see below.
2588 2655 */
2589 2656 if (initialize(B_TRUE) != Z_OK)
2590 2657 return;
2591 2658
2592 2659 (void) snprintf(line, sizeof (line),
2593 2660 gettext("Are you sure you want to delete zone %s"), zone);
2594 2661 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
2595 2662 zerr(gettext("Input not from terminal and -F not "
2596 2663 "specified:\n%s command ignored, exiting."),
2597 2664 cmd_to_str(CMD_DELETE));
2598 2665 exit(Z_ERR);
2599 2666 }
2600 2667 if (answer != 1)
2601 2668 return;
2602 2669 }
2603 2670
2604 2671 /*
2605 2672 * This function removes the authorizations from user_attr
2606 2673 * that correspond to those specified in the configuration
2607 2674 */
2608 2675 if (initialize(B_TRUE) == Z_OK) {
2609 2676 (void) zonecfg_deauthorize_users(handle, zone);
2610 2677 }
2611 2678 if ((err = zonecfg_destroy(zone, force)) != Z_OK) {
2612 2679 if ((err == Z_BAD_ZONE_STATE) && !force) {
2613 2680 zerr(gettext("Zone %s not in %s state; %s not "
2614 2681 "allowed. Use -F to force %s."),
2615 2682 zone, zone_state_str(ZONE_STATE_CONFIGURED),
2616 2683 cmd_to_str(CMD_DELETE), cmd_to_str(CMD_DELETE));
2617 2684 } else {
2618 2685 zone_perror(zone, err, B_TRUE);
2619 2686 }
2620 2687 }
2621 2688 need_to_commit = B_FALSE;
2622 2689
2623 2690 /*
2624 2691 * Emulate initialize's messaging; if there wasn't a valid handle to
2625 2692 * begin with, then user had typed delete (or delete -F) multiple
2626 2693 * times. So we emit a message.
2627 2694 *
2628 2695 * We only do this in the 'force' case because normally, initialize()
2629 2696 * takes care of this for us.
2630 2697 */
2631 2698 if (force && zonecfg_check_handle(handle) != Z_OK && interactive_mode)
2632 2699 (void) printf(gettext("Use '%s' to begin "
2633 2700 "configuring a new zone.\n"), cmd_to_str(CMD_CREATE));
2634 2701
2635 2702 /*
2636 2703 * Time for a new handle: finish the old one off first
2637 2704 * then get a new one properly to avoid leaks.
2638 2705 */
2639 2706 if (got_handle) {
2640 2707 zonecfg_fini_handle(handle);
2641 2708 if ((handle = zonecfg_init_handle()) == NULL) {
2642 2709 zone_perror(execname, Z_NOMEM, B_TRUE);
2643 2710 exit(Z_ERR);
2644 2711 }
2645 2712 if ((err = zonecfg_get_handle(zone, handle)) != Z_OK) {
2646 2713 /* If there was no zone before, that's OK */
2647 2714 if (err != Z_NO_ZONE)
2648 2715 zone_perror(zone, err, B_TRUE);
2649 2716 got_handle = B_FALSE;
2650 2717 }
2651 2718 }
2652 2719 }
2653 2720
2654 2721 static int
2655 2722 fill_in_fstab(cmd_t *cmd, struct zone_fstab *fstab, boolean_t fill_in_only)
2656 2723 {
2657 2724 int err, i;
2658 2725 property_value_ptr_t pp;
2659 2726
2660 2727 if ((err = initialize(B_TRUE)) != Z_OK)
2661 2728 return (err);
2662 2729
2663 2730 bzero(fstab, sizeof (*fstab));
2664 2731 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2665 2732 pp = cmd->cmd_property_ptr[i];
2666 2733 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2667 2734 zerr(gettext("A simple value was expected here."));
2668 2735 saw_error = B_TRUE;
2669 2736 return (Z_INSUFFICIENT_SPEC);
2670 2737 }
2671 2738 switch (cmd->cmd_prop_name[i]) {
2672 2739 case PT_DIR:
2673 2740 (void) strlcpy(fstab->zone_fs_dir, pp->pv_simple,
2674 2741 sizeof (fstab->zone_fs_dir));
2675 2742 break;
2676 2743 case PT_SPECIAL:
2677 2744 (void) strlcpy(fstab->zone_fs_special, pp->pv_simple,
2678 2745 sizeof (fstab->zone_fs_special));
2679 2746 break;
2680 2747 case PT_RAW:
2681 2748 (void) strlcpy(fstab->zone_fs_raw, pp->pv_simple,
2682 2749 sizeof (fstab->zone_fs_raw));
2683 2750 break;
2684 2751 case PT_TYPE:
2685 2752 (void) strlcpy(fstab->zone_fs_type, pp->pv_simple,
2686 2753 sizeof (fstab->zone_fs_type));
2687 2754 break;
2688 2755 default:
2689 2756 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2690 2757 Z_NO_PROPERTY_TYPE, B_TRUE);
2691 2758 return (Z_INSUFFICIENT_SPEC);
2692 2759 }
2693 2760 }
2694 2761 if (fill_in_only)
2695 2762 return (Z_OK);
2696 2763 return (zonecfg_lookup_filesystem(handle, fstab));
2697 2764 }
2698 2765
2699 2766 static int
2700 2767 fill_in_nwiftab(cmd_t *cmd, struct zone_nwiftab *nwiftab,
2701 2768 boolean_t fill_in_only)
2702 2769 {
2703 2770 int err, i;
2704 2771 property_value_ptr_t pp;
2705 2772
2706 2773 if ((err = initialize(B_TRUE)) != Z_OK)
2707 2774 return (err);
2708 2775
2709 2776 bzero(nwiftab, sizeof (*nwiftab));
2710 2777 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2711 2778 pp = cmd->cmd_property_ptr[i];
2712 2779 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2713 2780 zerr(gettext("A simple value was expected here."));
2714 2781 saw_error = B_TRUE;
2715 2782 return (Z_INSUFFICIENT_SPEC);
2716 2783 }
2717 2784 switch (cmd->cmd_prop_name[i]) {
2718 2785 case PT_ADDRESS:
2719 2786 (void) strlcpy(nwiftab->zone_nwif_address,
2720 2787 pp->pv_simple, sizeof (nwiftab->zone_nwif_address));
2721 2788 break;
2722 2789 case PT_ALLOWED_ADDRESS:
2723 2790 (void) strlcpy(nwiftab->zone_nwif_allowed_address,
2724 2791 pp->pv_simple,
2725 2792 sizeof (nwiftab->zone_nwif_allowed_address));
2726 2793 break;
2727 2794 case PT_PHYSICAL:
2728 2795 (void) strlcpy(nwiftab->zone_nwif_physical,
2729 2796 pp->pv_simple,
2730 2797 sizeof (nwiftab->zone_nwif_physical));
2731 2798 break;
2732 2799 case PT_DEFROUTER:
2733 2800 (void) strlcpy(nwiftab->zone_nwif_defrouter,
2734 2801 pp->pv_simple,
2735 2802 sizeof (nwiftab->zone_nwif_defrouter));
2736 2803 break;
2737 2804 default:
2738 2805 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2739 2806 Z_NO_PROPERTY_TYPE, B_TRUE);
2740 2807 return (Z_INSUFFICIENT_SPEC);
2741 2808 }
2742 2809 }
2743 2810 if (fill_in_only)
2744 2811 return (Z_OK);
2745 2812 err = zonecfg_lookup_nwif(handle, nwiftab);
2746 2813 return (err);
2747 2814 }
2748 2815
2749 2816 static int
2750 2817 fill_in_devtab(cmd_t *cmd, struct zone_devtab *devtab, boolean_t fill_in_only)
2751 2818 {
2752 2819 int err, i;
2753 2820 property_value_ptr_t pp;
2754 2821
2755 2822 if ((err = initialize(B_TRUE)) != Z_OK)
2756 2823 return (err);
2757 2824
2758 2825 bzero(devtab, sizeof (*devtab));
2759 2826 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2760 2827 pp = cmd->cmd_property_ptr[i];
2761 2828 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2762 2829 zerr(gettext("A simple value was expected here."));
2763 2830 saw_error = B_TRUE;
2764 2831 return (Z_INSUFFICIENT_SPEC);
2765 2832 }
2766 2833 switch (cmd->cmd_prop_name[i]) {
2767 2834 case PT_MATCH:
2768 2835 (void) strlcpy(devtab->zone_dev_match, pp->pv_simple,
2769 2836 sizeof (devtab->zone_dev_match));
2770 2837 break;
2771 2838 default:
2772 2839 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2773 2840 Z_NO_PROPERTY_TYPE, B_TRUE);
2774 2841 return (Z_INSUFFICIENT_SPEC);
2775 2842 }
2776 2843 }
2777 2844 if (fill_in_only)
2778 2845 return (Z_OK);
2779 2846 err = zonecfg_lookup_dev(handle, devtab);
2780 2847 return (err);
2781 2848 }
2782 2849
2783 2850 static int
2784 2851 fill_in_rctltab(cmd_t *cmd, struct zone_rctltab *rctltab,
2785 2852 boolean_t fill_in_only)
2786 2853 {
2787 2854 int err, i;
2788 2855 property_value_ptr_t pp;
2789 2856
2790 2857 if ((err = initialize(B_TRUE)) != Z_OK)
2791 2858 return (err);
2792 2859
2793 2860 bzero(rctltab, sizeof (*rctltab));
2794 2861 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2795 2862 pp = cmd->cmd_property_ptr[i];
2796 2863 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2797 2864 zerr(gettext("A simple value was expected here."));
2798 2865 saw_error = B_TRUE;
2799 2866 return (Z_INSUFFICIENT_SPEC);
2800 2867 }
2801 2868 switch (cmd->cmd_prop_name[i]) {
2802 2869 case PT_NAME:
2803 2870 (void) strlcpy(rctltab->zone_rctl_name, pp->pv_simple,
2804 2871 sizeof (rctltab->zone_rctl_name));
2805 2872 break;
2806 2873 default:
2807 2874 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2808 2875 Z_NO_PROPERTY_TYPE, B_TRUE);
2809 2876 return (Z_INSUFFICIENT_SPEC);
2810 2877 }
2811 2878 }
2812 2879 if (fill_in_only)
2813 2880 return (Z_OK);
2814 2881 err = zonecfg_lookup_rctl(handle, rctltab);
2815 2882 return (err);
2816 2883 }
2817 2884
2818 2885 static int
2819 2886 fill_in_attrtab(cmd_t *cmd, struct zone_attrtab *attrtab,
2820 2887 boolean_t fill_in_only)
2821 2888 {
2822 2889 int err, i;
2823 2890 property_value_ptr_t pp;
2824 2891
2825 2892 if ((err = initialize(B_TRUE)) != Z_OK)
2826 2893 return (err);
2827 2894
2828 2895 bzero(attrtab, sizeof (*attrtab));
2829 2896 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2830 2897 pp = cmd->cmd_property_ptr[i];
2831 2898 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2832 2899 zerr(gettext("A simple value was expected here."));
2833 2900 saw_error = B_TRUE;
2834 2901 return (Z_INSUFFICIENT_SPEC);
2835 2902 }
2836 2903 switch (cmd->cmd_prop_name[i]) {
2837 2904 case PT_NAME:
2838 2905 (void) strlcpy(attrtab->zone_attr_name, pp->pv_simple,
2839 2906 sizeof (attrtab->zone_attr_name));
2840 2907 break;
2841 2908 case PT_TYPE:
2842 2909 (void) strlcpy(attrtab->zone_attr_type, pp->pv_simple,
2843 2910 sizeof (attrtab->zone_attr_type));
2844 2911 break;
2845 2912 case PT_VALUE:
2846 2913 (void) strlcpy(attrtab->zone_attr_value, pp->pv_simple,
2847 2914 sizeof (attrtab->zone_attr_value));
2848 2915 break;
2849 2916 default:
2850 2917 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2851 2918 Z_NO_PROPERTY_TYPE, B_TRUE);
2852 2919 return (Z_INSUFFICIENT_SPEC);
2853 2920 }
2854 2921 }
2855 2922 if (fill_in_only)
2856 2923 return (Z_OK);
2857 2924 err = zonecfg_lookup_attr(handle, attrtab);
2858 2925 return (err);
2859 2926 }
2860 2927
2861 2928 static int
2862 2929 fill_in_dstab(cmd_t *cmd, struct zone_dstab *dstab, boolean_t fill_in_only)
2863 2930 {
2864 2931 int err, i;
2865 2932 property_value_ptr_t pp;
2866 2933
2867 2934 if ((err = initialize(B_TRUE)) != Z_OK)
2868 2935 return (err);
2869 2936
2870 2937 dstab->zone_dataset_name[0] = '\0';
2871 2938 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2872 2939 pp = cmd->cmd_property_ptr[i];
2873 2940 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2874 2941 zerr(gettext("A simple value was expected here."));
2875 2942 saw_error = B_TRUE;
2876 2943 return (Z_INSUFFICIENT_SPEC);
2877 2944 }
2878 2945 switch (cmd->cmd_prop_name[i]) {
2879 2946 case PT_NAME:
2880 2947 (void) strlcpy(dstab->zone_dataset_name, pp->pv_simple,
2881 2948 sizeof (dstab->zone_dataset_name));
2882 2949 break;
2883 2950 default:
2884 2951 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
2885 2952 Z_NO_PROPERTY_TYPE, B_TRUE);
2886 2953 return (Z_INSUFFICIENT_SPEC);
2887 2954 }
2888 2955 }
2889 2956 if (fill_in_only)
2890 2957 return (Z_OK);
2891 2958 return (zonecfg_lookup_ds(handle, dstab));
2892 2959 }
2893 2960
2894 2961 static int
2895 2962 fill_in_admintab(cmd_t *cmd, struct zone_admintab *admintab,
2896 2963 boolean_t fill_in_only)
2897 2964 {
2898 2965 int err, i;
2899 2966 property_value_ptr_t pp;
2900 2967
2901 2968 if ((err = initialize(B_TRUE)) != Z_OK)
2902 2969 return (err);
2903 2970
2904 2971 bzero(admintab, sizeof (*admintab));
2905 2972 for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
2906 2973 pp = cmd->cmd_property_ptr[i];
2907 2974 if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
2908 2975 zerr(gettext("A simple value was expected here."));
2909 2976 saw_error = B_TRUE;
2910 2977 return (Z_INSUFFICIENT_SPEC);
2911 2978 }
2912 2979 switch (cmd->cmd_prop_name[i]) {
2913 2980 case PT_USER:
2914 2981 (void) strlcpy(admintab->zone_admin_user, pp->pv_simple,
2915 2982 sizeof (admintab->zone_admin_user));
2916 2983 break;
2917 2984 case PT_AUTHS:
2918 2985 (void) strlcpy(admintab->zone_admin_auths,
2919 2986 pp->pv_simple, sizeof (admintab->zone_admin_auths));
2920 2987 break;
2921 2988 default:
2922 2989 zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
|
↓ open down ↓ |
649 lines elided |
↑ open up ↑ |
2923 2990 Z_NO_PROPERTY_TYPE, B_TRUE);
2924 2991 return (Z_INSUFFICIENT_SPEC);
2925 2992 }
2926 2993 }
2927 2994 if (fill_in_only)
2928 2995 return (Z_OK);
2929 2996 err = zonecfg_lookup_admin(handle, admintab);
2930 2997 return (err);
2931 2998 }
2932 2999
3000 +static int
3001 +fill_in_secflagstab(cmd_t *cmd, struct zone_secflagstab *secflagstab,
3002 + boolean_t fill_in_only)
3003 +{
3004 + int err, i;
3005 + property_value_ptr_t pp;
3006 +
3007 + if ((err = initialize(B_TRUE)) != Z_OK)
3008 + return (err);
3009 +
3010 + bzero(secflagstab, sizeof (*secflagstab));
3011 + for (i = 0; i < cmd->cmd_prop_nv_pairs; i++) {
3012 + pp = cmd->cmd_property_ptr[i];
3013 + if (pp->pv_type != PROP_VAL_SIMPLE || pp->pv_simple == NULL) {
3014 + zerr(gettext("A simple value was expected here."));
3015 + saw_error = B_TRUE;
3016 + return (Z_INSUFFICIENT_SPEC);
3017 + }
3018 + switch (cmd->cmd_prop_name[i]) {
3019 + case PT_DEFAULT:
3020 + (void) strlcpy(secflagstab->zone_secflags_default,
3021 + pp->pv_simple,
3022 + sizeof (secflagstab->zone_secflags_default));
3023 + break;
3024 + case PT_LOWER:
3025 + (void) strlcpy(secflagstab->zone_secflags_lower,
3026 + pp->pv_simple,
3027 + sizeof (secflagstab->zone_secflags_lower));
3028 + break;
3029 + case PT_UPPER:
3030 + (void) strlcpy(secflagstab->zone_secflags_upper,
3031 + pp->pv_simple,
3032 + sizeof (secflagstab->zone_secflags_upper));
3033 + break;
3034 + default:
3035 + zone_perror(pt_to_str(cmd->cmd_prop_name[i]),
3036 + Z_NO_PROPERTY_TYPE, B_TRUE);
3037 + return (Z_INSUFFICIENT_SPEC);
3038 + }
3039 + }
3040 + if (fill_in_only)
3041 + return (Z_OK);
3042 +
3043 + err = zonecfg_lookup_secflags(handle, secflagstab);
3044 +
3045 + return (err);
3046 +}
3047 +
2933 3048 static void
2934 3049 remove_aliased_rctl(int type, char *name)
2935 3050 {
2936 3051 int err;
2937 3052 uint64_t tmp;
2938 3053
2939 3054 if ((err = zonecfg_get_aliased_rctl(handle, name, &tmp)) != Z_OK) {
2940 3055 zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2941 3056 zonecfg_strerror(err));
2942 3057 saw_error = B_TRUE;
2943 3058 return;
2944 3059 }
2945 3060 if ((err = zonecfg_rm_aliased_rctl(handle, name)) != Z_OK) {
2946 3061 zerr("%s %s: %s", cmd_to_str(CMD_CLEAR), pt_to_str(type),
2947 3062 zonecfg_strerror(err));
2948 3063 saw_error = B_TRUE;
2949 3064 } else {
2950 3065 need_to_commit = B_TRUE;
2951 3066 }
2952 3067 }
2953 3068
2954 3069 static boolean_t
2955 3070 prompt_remove_resource(cmd_t *cmd, char *rsrc)
2956 3071 {
2957 3072 int num;
2958 3073 int answer;
2959 3074 int arg;
2960 3075 boolean_t force = B_FALSE;
2961 3076 char prompt[128];
2962 3077 boolean_t arg_err = B_FALSE;
2963 3078
2964 3079 optind = 0;
2965 3080 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
2966 3081 switch (arg) {
2967 3082 case 'F':
2968 3083 force = B_TRUE;
2969 3084 break;
2970 3085 default:
2971 3086 arg_err = B_TRUE;
2972 3087 break;
2973 3088 }
2974 3089 }
2975 3090 if (arg_err)
2976 3091 return (B_FALSE);
2977 3092
2978 3093
2979 3094 num = zonecfg_num_resources(handle, rsrc);
2980 3095
2981 3096 if (num == 0) {
2982 3097 z_cmd_rt_perror(CMD_REMOVE, cmd->cmd_res_type, Z_NO_ENTRY,
2983 3098 B_TRUE);
2984 3099 return (B_FALSE);
2985 3100 }
2986 3101 if (num > 1 && !force) {
2987 3102 if (!interactive_mode) {
2988 3103 zerr(gettext("There are multiple instances of this "
2989 3104 "resource. Either qualify the resource to\n"
2990 3105 "remove a single instance or use the -F option to "
2991 3106 "remove all instances."));
2992 3107 saw_error = B_TRUE;
2993 3108 return (B_FALSE);
2994 3109 }
2995 3110 (void) snprintf(prompt, sizeof (prompt), gettext(
2996 3111 "Are you sure you want to remove ALL '%s' resources"),
2997 3112 rsrc);
2998 3113 answer = ask_yesno(B_FALSE, prompt);
2999 3114 if (answer == -1) {
3000 3115 zerr(gettext("Resource incomplete."));
3001 3116 return (B_FALSE);
3002 3117 }
3003 3118 if (answer != 1)
3004 3119 return (B_FALSE);
3005 3120 }
3006 3121 return (B_TRUE);
3007 3122 }
3008 3123
3009 3124 static void
3010 3125 remove_fs(cmd_t *cmd)
3011 3126 {
3012 3127 int err;
3013 3128
3014 3129 /* traditional, qualified fs removal */
3015 3130 if (cmd->cmd_prop_nv_pairs > 0) {
3016 3131 struct zone_fstab fstab;
3017 3132
3018 3133 if ((err = fill_in_fstab(cmd, &fstab, B_FALSE)) != Z_OK) {
3019 3134 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3020 3135 return;
3021 3136 }
3022 3137 if ((err = zonecfg_delete_filesystem(handle, &fstab)) != Z_OK)
3023 3138 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3024 3139 else
3025 3140 need_to_commit = B_TRUE;
3026 3141 zonecfg_free_fs_option_list(fstab.zone_fs_options);
3027 3142 return;
3028 3143 }
3029 3144
3030 3145 /*
3031 3146 * unqualified fs removal. remove all fs's but prompt if more
3032 3147 * than one.
3033 3148 */
3034 3149 if (!prompt_remove_resource(cmd, "fs"))
3035 3150 return;
3036 3151
3037 3152 if ((err = zonecfg_del_all_resources(handle, "fs")) != Z_OK)
3038 3153 z_cmd_rt_perror(CMD_REMOVE, RT_FS, err, B_TRUE);
3039 3154 else
3040 3155 need_to_commit = B_TRUE;
3041 3156 }
3042 3157
3043 3158 static void
3044 3159 remove_net(cmd_t *cmd)
3045 3160 {
3046 3161 int err;
3047 3162
3048 3163 /* traditional, qualified net removal */
3049 3164 if (cmd->cmd_prop_nv_pairs > 0) {
3050 3165 struct zone_nwiftab nwiftab;
3051 3166
3052 3167 if ((err = fill_in_nwiftab(cmd, &nwiftab, B_FALSE)) != Z_OK) {
3053 3168 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3054 3169 return;
3055 3170 }
3056 3171 if ((err = zonecfg_delete_nwif(handle, &nwiftab)) != Z_OK)
3057 3172 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3058 3173 else
3059 3174 need_to_commit = B_TRUE;
3060 3175 return;
3061 3176 }
3062 3177
3063 3178 /*
3064 3179 * unqualified net removal. remove all nets but prompt if more
3065 3180 * than one.
3066 3181 */
3067 3182 if (!prompt_remove_resource(cmd, "net"))
3068 3183 return;
3069 3184
3070 3185 if ((err = zonecfg_del_all_resources(handle, "net")) != Z_OK)
3071 3186 z_cmd_rt_perror(CMD_REMOVE, RT_NET, err, B_TRUE);
3072 3187 else
3073 3188 need_to_commit = B_TRUE;
3074 3189 }
3075 3190
3076 3191 static void
3077 3192 remove_device(cmd_t *cmd)
3078 3193 {
3079 3194 int err;
3080 3195
3081 3196 /* traditional, qualified device removal */
3082 3197 if (cmd->cmd_prop_nv_pairs > 0) {
3083 3198 struct zone_devtab devtab;
3084 3199
3085 3200 if ((err = fill_in_devtab(cmd, &devtab, B_FALSE)) != Z_OK) {
3086 3201 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3087 3202 return;
3088 3203 }
3089 3204 if ((err = zonecfg_delete_dev(handle, &devtab)) != Z_OK)
3090 3205 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3091 3206 else
3092 3207 need_to_commit = B_TRUE;
3093 3208 return;
3094 3209 }
3095 3210
3096 3211 /*
3097 3212 * unqualified device removal. remove all devices but prompt if more
3098 3213 * than one.
3099 3214 */
3100 3215 if (!prompt_remove_resource(cmd, "device"))
3101 3216 return;
3102 3217
3103 3218 if ((err = zonecfg_del_all_resources(handle, "device")) != Z_OK)
3104 3219 z_cmd_rt_perror(CMD_REMOVE, RT_DEVICE, err, B_TRUE);
3105 3220 else
3106 3221 need_to_commit = B_TRUE;
3107 3222 }
3108 3223
3109 3224 static void
3110 3225 remove_attr(cmd_t *cmd)
3111 3226 {
3112 3227 int err;
3113 3228
3114 3229 /* traditional, qualified attr removal */
3115 3230 if (cmd->cmd_prop_nv_pairs > 0) {
3116 3231 struct zone_attrtab attrtab;
3117 3232
3118 3233 if ((err = fill_in_attrtab(cmd, &attrtab, B_FALSE)) != Z_OK) {
3119 3234 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3120 3235 return;
3121 3236 }
3122 3237 if ((err = zonecfg_delete_attr(handle, &attrtab)) != Z_OK)
3123 3238 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3124 3239 else
3125 3240 need_to_commit = B_TRUE;
3126 3241 return;
3127 3242 }
3128 3243
3129 3244 /*
3130 3245 * unqualified attr removal. remove all attrs but prompt if more
3131 3246 * than one.
3132 3247 */
3133 3248 if (!prompt_remove_resource(cmd, "attr"))
3134 3249 return;
3135 3250
3136 3251 if ((err = zonecfg_del_all_resources(handle, "attr")) != Z_OK)
3137 3252 z_cmd_rt_perror(CMD_REMOVE, RT_ATTR, err, B_TRUE);
3138 3253 else
3139 3254 need_to_commit = B_TRUE;
3140 3255 }
3141 3256
3142 3257 static void
3143 3258 remove_dataset(cmd_t *cmd)
3144 3259 {
3145 3260 int err;
3146 3261
3147 3262 /* traditional, qualified dataset removal */
3148 3263 if (cmd->cmd_prop_nv_pairs > 0) {
3149 3264 struct zone_dstab dstab;
3150 3265
3151 3266 if ((err = fill_in_dstab(cmd, &dstab, B_FALSE)) != Z_OK) {
3152 3267 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3153 3268 return;
3154 3269 }
3155 3270 if ((err = zonecfg_delete_ds(handle, &dstab)) != Z_OK)
3156 3271 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3157 3272 else
3158 3273 need_to_commit = B_TRUE;
3159 3274 return;
3160 3275 }
3161 3276
3162 3277 /*
3163 3278 * unqualified dataset removal. remove all datasets but prompt if more
3164 3279 * than one.
3165 3280 */
3166 3281 if (!prompt_remove_resource(cmd, "dataset"))
3167 3282 return;
3168 3283
3169 3284 if ((err = zonecfg_del_all_resources(handle, "dataset")) != Z_OK)
3170 3285 z_cmd_rt_perror(CMD_REMOVE, RT_DATASET, err, B_TRUE);
3171 3286 else
3172 3287 need_to_commit = B_TRUE;
3173 3288 }
3174 3289
3175 3290 static void
3176 3291 remove_rctl(cmd_t *cmd)
3177 3292 {
3178 3293 int err;
3179 3294
3180 3295 /* traditional, qualified rctl removal */
3181 3296 if (cmd->cmd_prop_nv_pairs > 0) {
3182 3297 struct zone_rctltab rctltab;
3183 3298
3184 3299 if ((err = fill_in_rctltab(cmd, &rctltab, B_FALSE)) != Z_OK) {
3185 3300 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3186 3301 return;
3187 3302 }
3188 3303 if ((err = zonecfg_delete_rctl(handle, &rctltab)) != Z_OK)
3189 3304 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3190 3305 else
3191 3306 need_to_commit = B_TRUE;
3192 3307 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3193 3308 return;
3194 3309 }
3195 3310
3196 3311 /*
3197 3312 * unqualified rctl removal. remove all rctls but prompt if more
3198 3313 * than one.
3199 3314 */
3200 3315 if (!prompt_remove_resource(cmd, "rctl"))
3201 3316 return;
3202 3317
3203 3318 if ((err = zonecfg_del_all_resources(handle, "rctl")) != Z_OK)
3204 3319 z_cmd_rt_perror(CMD_REMOVE, RT_RCTL, err, B_TRUE);
3205 3320 else
3206 3321 need_to_commit = B_TRUE;
3207 3322 }
3208 3323
3209 3324 static void
3210 3325 remove_pset()
3211 3326 {
3212 3327 int err;
3213 3328 struct zone_psettab psettab;
3214 3329
3215 3330 if ((err = zonecfg_lookup_pset(handle, &psettab)) != Z_OK) {
3216 3331 z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3217 3332 return;
3218 3333 }
3219 3334 if ((err = zonecfg_delete_pset(handle)) != Z_OK)
3220 3335 z_cmd_rt_perror(CMD_REMOVE, RT_DCPU, err, B_TRUE);
3221 3336 else
3222 3337 need_to_commit = B_TRUE;
3223 3338 }
3224 3339
3225 3340 static void
3226 3341 remove_pcap()
3227 3342 {
3228 3343 int err;
3229 3344 uint64_t tmp;
3230 3345
3231 3346 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp) != Z_OK) {
3232 3347 zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_PCAP),
3233 3348 zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3234 3349 saw_error = B_TRUE;
3235 3350 return;
3236 3351 }
3237 3352
3238 3353 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_CPUCAP)) != Z_OK)
3239 3354 z_cmd_rt_perror(CMD_REMOVE, RT_PCAP, err, B_TRUE);
3240 3355 else
3241 3356 need_to_commit = B_TRUE;
3242 3357 }
3243 3358
3244 3359 static void
3245 3360 remove_mcap()
3246 3361 {
3247 3362 int err, res1, res2, res3;
3248 3363 uint64_t tmp;
3249 3364 struct zone_mcaptab mcaptab;
3250 3365 boolean_t revert = B_FALSE;
3251 3366
3252 3367 res1 = zonecfg_lookup_mcap(handle, &mcaptab);
3253 3368 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &tmp);
3254 3369 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &tmp);
3255 3370
3256 3371 /* if none of these exist, there is no resource to remove */
3257 3372 if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
3258 3373 zerr("%s %s: %s", cmd_to_str(CMD_REMOVE), rt_to_str(RT_MCAP),
3259 3374 zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3260 3375 saw_error = B_TRUE;
3261 3376 return;
3262 3377 }
3263 3378 if (res1 == Z_OK) {
3264 3379 if ((err = zonecfg_delete_mcap(handle)) != Z_OK) {
3265 3380 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3266 3381 revert = B_TRUE;
3267 3382 } else {
3268 3383 need_to_commit = B_TRUE;
3269 3384 }
3270 3385 }
3271 3386 if (res2 == Z_OK) {
3272 3387 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXSWAP))
3273 3388 != Z_OK) {
3274 3389 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3275 3390 revert = B_TRUE;
3276 3391 } else {
3277 3392 need_to_commit = B_TRUE;
3278 3393 }
3279 3394 }
3280 3395 if (res3 == Z_OK) {
3281 3396 if ((err = zonecfg_rm_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM))
3282 3397 != Z_OK) {
3283 3398 z_cmd_rt_perror(CMD_REMOVE, RT_MCAP, err, B_TRUE);
3284 3399 revert = B_TRUE;
3285 3400 } else {
3286 3401 need_to_commit = B_TRUE;
3287 3402 }
3288 3403 }
3289 3404
3290 3405 if (revert)
3291 3406 need_to_commit = B_FALSE;
3292 3407 }
3293 3408
3294 3409 static void
3295 3410 remove_admin(cmd_t *cmd)
3296 3411 {
3297 3412 int err;
3298 3413
3299 3414 /* traditional, qualified attr removal */
3300 3415 if (cmd->cmd_prop_nv_pairs > 0) {
3301 3416 struct zone_admintab admintab;
3302 3417
3303 3418 if ((err = fill_in_admintab(cmd, &admintab, B_FALSE)) != Z_OK) {
3304 3419 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3305 3420 err, B_TRUE);
3306 3421 return;
3307 3422 }
3308 3423 if ((err = zonecfg_delete_admin(handle, &admintab,
3309 3424 zone))
3310 3425 != Z_OK)
3311 3426 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3312 3427 err, B_TRUE);
3313 3428 else
3314 3429 need_to_commit = B_TRUE;
3315 3430 return;
3316 3431 } else {
3317 3432 /*
3318 3433 * unqualified admin removal.
3319 3434 * remove all admins but prompt if more
3320 3435 * than one.
3321 3436 */
3322 3437 if (!prompt_remove_resource(cmd, "admin"))
3323 3438 return;
3324 3439
|
↓ open down ↓ |
382 lines elided |
↑ open up ↑ |
3325 3440 if ((err = zonecfg_delete_admins(handle, zone))
3326 3441 != Z_OK)
3327 3442 z_cmd_rt_perror(CMD_REMOVE, RT_ADMIN,
3328 3443 err, B_TRUE);
3329 3444 else
3330 3445 need_to_commit = B_TRUE;
3331 3446 }
3332 3447 }
3333 3448
3334 3449 static void
3450 +remove_secflags()
3451 +{
3452 + int err;
3453 + struct zone_secflagstab sectab = { 0 };
3454 +
3455 + if (zonecfg_lookup_secflags(handle, §ab) != Z_OK) {
3456 + zerr("%s %s: %s", cmd_to_str(CMD_REMOVE),
3457 + rt_to_str(RT_SECFLAGS),
3458 + zonecfg_strerror(Z_NO_RESOURCE_TYPE));
3459 + return;
3460 + }
3461 +
3462 + if ((err = zonecfg_delete_secflags(handle, §ab)) != Z_OK) {
3463 + z_cmd_rt_perror(CMD_REMOVE, RT_SECFLAGS, err, B_TRUE);
3464 + return;
3465 + }
3466 +
3467 + need_to_commit = B_TRUE;
3468 +}
3469 +
3470 +static void
3335 3471 remove_resource(cmd_t *cmd)
3336 3472 {
3337 3473 int type;
3338 3474 int arg;
3339 3475 boolean_t arg_err = B_FALSE;
3340 3476
3341 3477 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3342 3478 long_usage(CMD_REMOVE, B_TRUE);
3343 3479 return;
3344 3480 }
3345 3481
3346 3482 optind = 0;
3347 3483 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
3348 3484 switch (arg) {
3349 3485 case '?':
3350 3486 longer_usage(CMD_REMOVE);
3351 3487 arg_err = B_TRUE;
3352 3488 break;
3353 3489 case 'F':
3354 3490 break;
3355 3491 default:
3356 3492 short_usage(CMD_REMOVE);
3357 3493 arg_err = B_TRUE;
3358 3494 break;
3359 3495 }
3360 3496 }
3361 3497 if (arg_err)
3362 3498 return;
3363 3499
3364 3500 if (initialize(B_TRUE) != Z_OK)
3365 3501 return;
3366 3502
3367 3503 switch (type) {
3368 3504 case RT_FS:
3369 3505 remove_fs(cmd);
3370 3506 return;
3371 3507 case RT_NET:
3372 3508 remove_net(cmd);
3373 3509 return;
3374 3510 case RT_DEVICE:
3375 3511 remove_device(cmd);
3376 3512 return;
3377 3513 case RT_RCTL:
3378 3514 remove_rctl(cmd);
3379 3515 return;
3380 3516 case RT_ATTR:
3381 3517 remove_attr(cmd);
3382 3518 return;
3383 3519 case RT_DATASET:
3384 3520 remove_dataset(cmd);
3385 3521 return;
3386 3522 case RT_DCPU:
3387 3523 remove_pset();
|
↓ open down ↓ |
43 lines elided |
↑ open up ↑ |
3388 3524 return;
3389 3525 case RT_PCAP:
3390 3526 remove_pcap();
3391 3527 return;
3392 3528 case RT_MCAP:
3393 3529 remove_mcap();
3394 3530 return;
3395 3531 case RT_ADMIN:
3396 3532 remove_admin(cmd);
3397 3533 return;
3534 + case RT_SECFLAGS:
3535 + remove_secflags();
3536 + return;
3398 3537 default:
3399 3538 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3400 3539 long_usage(CMD_REMOVE, B_TRUE);
3401 3540 usage(B_FALSE, HELP_RESOURCES);
3402 3541 return;
3403 3542 }
3404 3543 }
3405 3544
3406 3545 static void
3407 3546 remove_property(cmd_t *cmd)
3408 3547 {
3409 3548 char *prop_id;
3410 3549 int err, res_type, prop_type;
3411 3550 property_value_ptr_t pp;
3412 3551 struct zone_rctlvaltab *rctlvaltab;
3413 3552 complex_property_ptr_t cx;
3414 3553
3415 3554 res_type = resource_scope;
3416 3555 prop_type = cmd->cmd_prop_name[0];
3417 3556 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3418 3557 long_usage(CMD_REMOVE, B_TRUE);
3419 3558 return;
3420 3559 }
3421 3560
3422 3561 if (cmd->cmd_prop_nv_pairs != 1) {
3423 3562 long_usage(CMD_ADD, B_TRUE);
3424 3563 return;
3425 3564 }
3426 3565
3427 3566 if (initialize(B_TRUE) != Z_OK)
3428 3567 return;
3429 3568
3430 3569 switch (res_type) {
3431 3570 case RT_FS:
3432 3571 if (prop_type != PT_OPTIONS) {
3433 3572 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3434 3573 B_TRUE);
3435 3574 long_usage(CMD_REMOVE, B_TRUE);
3436 3575 usage(B_FALSE, HELP_PROPS);
3437 3576 return;
3438 3577 }
3439 3578 pp = cmd->cmd_property_ptr[0];
3440 3579 if (pp->pv_type == PROP_VAL_COMPLEX) {
3441 3580 zerr(gettext("A %s or %s value was expected here."),
3442 3581 pvt_to_str(PROP_VAL_SIMPLE),
3443 3582 pvt_to_str(PROP_VAL_LIST));
3444 3583 saw_error = B_TRUE;
3445 3584 return;
3446 3585 }
3447 3586 if (pp->pv_type == PROP_VAL_SIMPLE) {
3448 3587 if (pp->pv_simple == NULL) {
3449 3588 long_usage(CMD_ADD, B_TRUE);
3450 3589 return;
3451 3590 }
3452 3591 prop_id = pp->pv_simple;
3453 3592 err = zonecfg_remove_fs_option(&in_progress_fstab,
3454 3593 prop_id);
3455 3594 if (err != Z_OK)
3456 3595 zone_perror(pt_to_str(prop_type), err, B_TRUE);
3457 3596 } else {
3458 3597 list_property_ptr_t list;
3459 3598
3460 3599 for (list = pp->pv_list; list != NULL;
3461 3600 list = list->lp_next) {
3462 3601 prop_id = list->lp_simple;
3463 3602 if (prop_id == NULL)
3464 3603 break;
3465 3604 err = zonecfg_remove_fs_option(
3466 3605 &in_progress_fstab, prop_id);
3467 3606 if (err != Z_OK)
3468 3607 zone_perror(pt_to_str(prop_type), err,
3469 3608 B_TRUE);
3470 3609 }
3471 3610 }
3472 3611 return;
3473 3612 case RT_RCTL:
3474 3613 if (prop_type != PT_VALUE) {
3475 3614 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3476 3615 B_TRUE);
3477 3616 long_usage(CMD_REMOVE, B_TRUE);
3478 3617 usage(B_FALSE, HELP_PROPS);
3479 3618 return;
3480 3619 }
3481 3620 pp = cmd->cmd_property_ptr[0];
3482 3621 if (pp->pv_type != PROP_VAL_COMPLEX) {
3483 3622 zerr(gettext("A %s value was expected here."),
3484 3623 pvt_to_str(PROP_VAL_COMPLEX));
3485 3624 saw_error = B_TRUE;
3486 3625 return;
3487 3626 }
3488 3627 if ((rctlvaltab = alloc_rctlvaltab()) == NULL) {
3489 3628 zone_perror(zone, Z_NOMEM, B_TRUE);
3490 3629 exit(Z_ERR);
3491 3630 }
3492 3631 for (cx = pp->pv_complex; cx != NULL; cx = cx->cp_next) {
3493 3632 switch (cx->cp_type) {
3494 3633 case PT_PRIV:
3495 3634 (void) strlcpy(rctlvaltab->zone_rctlval_priv,
3496 3635 cx->cp_value,
3497 3636 sizeof (rctlvaltab->zone_rctlval_priv));
3498 3637 break;
3499 3638 case PT_LIMIT:
3500 3639 (void) strlcpy(rctlvaltab->zone_rctlval_limit,
3501 3640 cx->cp_value,
3502 3641 sizeof (rctlvaltab->zone_rctlval_limit));
3503 3642 break;
3504 3643 case PT_ACTION:
3505 3644 (void) strlcpy(rctlvaltab->zone_rctlval_action,
3506 3645 cx->cp_value,
3507 3646 sizeof (rctlvaltab->zone_rctlval_action));
3508 3647 break;
3509 3648 default:
3510 3649 zone_perror(pt_to_str(prop_type),
3511 3650 Z_NO_PROPERTY_TYPE, B_TRUE);
3512 3651 long_usage(CMD_ADD, B_TRUE);
3513 3652 usage(B_FALSE, HELP_PROPS);
3514 3653 zonecfg_free_rctl_value_list(rctlvaltab);
3515 3654 return;
3516 3655 }
3517 3656 }
3518 3657 rctlvaltab->zone_rctlval_next = NULL;
3519 3658 err = zonecfg_remove_rctl_value(&in_progress_rctltab,
3520 3659 rctlvaltab);
3521 3660 if (err != Z_OK)
3522 3661 zone_perror(pt_to_str(prop_type), err, B_TRUE);
3523 3662 zonecfg_free_rctl_value_list(rctlvaltab);
3524 3663 return;
3525 3664 case RT_NET:
3526 3665 if (prop_type != PT_DEFROUTER) {
3527 3666 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
3528 3667 B_TRUE);
3529 3668 long_usage(CMD_REMOVE, B_TRUE);
3530 3669 usage(B_FALSE, HELP_PROPS);
3531 3670 return;
3532 3671 } else {
3533 3672 bzero(&in_progress_nwiftab.zone_nwif_defrouter,
3534 3673 sizeof (in_progress_nwiftab.zone_nwif_defrouter));
3535 3674 return;
3536 3675 }
3537 3676 default:
3538 3677 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
3539 3678 long_usage(CMD_REMOVE, B_TRUE);
3540 3679 usage(B_FALSE, HELP_RESOURCES);
3541 3680 return;
3542 3681 }
3543 3682 }
3544 3683
3545 3684 void
3546 3685 remove_func(cmd_t *cmd)
3547 3686 {
3548 3687 if (zone_is_read_only(CMD_REMOVE))
3549 3688 return;
3550 3689
3551 3690 assert(cmd != NULL);
3552 3691
3553 3692 if (global_scope) {
3554 3693 if (gz_invalid_resource(cmd->cmd_res_type)) {
3555 3694 zerr(gettext("%s is not a valid resource for the "
3556 3695 "global zone."), rt_to_str(cmd->cmd_res_type));
3557 3696 saw_error = B_TRUE;
3558 3697 return;
3559 3698 }
3560 3699 remove_resource(cmd);
3561 3700 } else {
3562 3701 remove_property(cmd);
3563 3702 }
3564 3703 }
3565 3704
3566 3705 static void
3567 3706 clear_property(cmd_t *cmd)
3568 3707 {
3569 3708 int res_type, prop_type;
3570 3709
3571 3710 res_type = resource_scope;
3572 3711 prop_type = cmd->cmd_res_type;
3573 3712 if (res_type == RT_UNKNOWN || prop_type == PT_UNKNOWN) {
3574 3713 long_usage(CMD_CLEAR, B_TRUE);
3575 3714 return;
3576 3715 }
3577 3716
3578 3717 if (initialize(B_TRUE) != Z_OK)
3579 3718 return;
3580 3719
3581 3720 switch (res_type) {
3582 3721 case RT_FS:
3583 3722 if (prop_type == PT_RAW) {
3584 3723 in_progress_fstab.zone_fs_raw[0] = '\0';
3585 3724 need_to_commit = B_TRUE;
3586 3725 return;
3587 3726 }
3588 3727 break;
3589 3728 case RT_DCPU:
3590 3729 if (prop_type == PT_IMPORTANCE) {
3591 3730 in_progress_psettab.zone_importance[0] = '\0';
3592 3731 need_to_commit = B_TRUE;
3593 3732 return;
3594 3733 }
3595 3734 break;
3596 3735 case RT_MCAP:
3597 3736 switch (prop_type) {
3598 3737 case PT_PHYSICAL:
3599 3738 in_progress_mcaptab.zone_physmem_cap[0] = '\0';
|
↓ open down ↓ |
192 lines elided |
↑ open up ↑ |
3600 3739 need_to_commit = B_TRUE;
3601 3740 return;
3602 3741 case PT_SWAP:
3603 3742 remove_aliased_rctl(PT_SWAP, ALIAS_MAXSWAP);
3604 3743 return;
3605 3744 case PT_LOCKED:
3606 3745 remove_aliased_rctl(PT_LOCKED, ALIAS_MAXLOCKEDMEM);
3607 3746 return;
3608 3747 }
3609 3748 break;
3749 + case RT_SECFLAGS:
3750 + switch (prop_type) {
3751 + case PT_LOWER:
3752 + in_progress_secflagstab.zone_secflags_lower[0] = '\0';
3753 + need_to_commit = B_TRUE;
3754 + return;
3755 + case PT_DEFAULT:
3756 + in_progress_secflagstab.zone_secflags_default[0] = '\0';
3757 + need_to_commit = B_TRUE;
3758 + return;
3759 + case PT_UPPER:
3760 + in_progress_secflagstab.zone_secflags_upper[0] = '\0';
3761 + need_to_commit = B_TRUE;
3762 + return;
3763 + }
3764 + break;
3610 3765 default:
3611 3766 break;
3612 3767 }
3613 3768
3614 3769 zone_perror(pt_to_str(prop_type), Z_CLEAR_DISALLOW, B_TRUE);
3615 3770 }
3616 3771
3617 3772 static void
3618 3773 clear_global(cmd_t *cmd)
3619 3774 {
3620 3775 int err, type;
3621 3776
3622 3777 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3623 3778 long_usage(CMD_CLEAR, B_TRUE);
3624 3779 return;
3625 3780 }
3626 3781
3627 3782 if (initialize(B_TRUE) != Z_OK)
3628 3783 return;
3629 3784
3630 3785 switch (type) {
3631 3786 case PT_ZONENAME:
3632 3787 /* FALLTHRU */
3633 3788 case PT_ZONEPATH:
3634 3789 /* FALLTHRU */
3635 3790 case PT_BRAND:
3636 3791 zone_perror(pt_to_str(type), Z_CLEAR_DISALLOW, B_TRUE);
3637 3792 return;
3638 3793 case PT_AUTOBOOT:
3639 3794 /* false is default; we'll treat as equivalent to clearing */
3640 3795 if ((err = zonecfg_set_autoboot(handle, B_FALSE)) != Z_OK)
3641 3796 z_cmd_rt_perror(CMD_CLEAR, RT_AUTOBOOT, err, B_TRUE);
3642 3797 else
3643 3798 need_to_commit = B_TRUE;
3644 3799 return;
3645 3800 case PT_POOL:
3646 3801 if ((err = zonecfg_set_pool(handle, NULL)) != Z_OK)
3647 3802 z_cmd_rt_perror(CMD_CLEAR, RT_POOL, err, B_TRUE);
3648 3803 else
3649 3804 need_to_commit = B_TRUE;
3650 3805 return;
3651 3806 case PT_LIMITPRIV:
3652 3807 if ((err = zonecfg_set_limitpriv(handle, NULL)) != Z_OK)
3653 3808 z_cmd_rt_perror(CMD_CLEAR, RT_LIMITPRIV, err, B_TRUE);
3654 3809 else
3655 3810 need_to_commit = B_TRUE;
3656 3811 return;
3657 3812 case PT_BOOTARGS:
3658 3813 if ((err = zonecfg_set_bootargs(handle, NULL)) != Z_OK)
3659 3814 z_cmd_rt_perror(CMD_CLEAR, RT_BOOTARGS, err, B_TRUE);
3660 3815 else
3661 3816 need_to_commit = B_TRUE;
3662 3817 return;
3663 3818 case PT_SCHED:
3664 3819 if ((err = zonecfg_set_sched(handle, NULL)) != Z_OK)
3665 3820 z_cmd_rt_perror(CMD_CLEAR, RT_SCHED, err, B_TRUE);
3666 3821 else
3667 3822 need_to_commit = B_TRUE;
3668 3823 return;
3669 3824 case PT_IPTYPE:
3670 3825 /* shared is default; we'll treat as equivalent to clearing */
3671 3826 if ((err = zonecfg_set_iptype(handle, ZS_SHARED)) != Z_OK)
3672 3827 z_cmd_rt_perror(CMD_CLEAR, RT_IPTYPE, err, B_TRUE);
3673 3828 else
3674 3829 need_to_commit = B_TRUE;
3675 3830 return;
3676 3831 case PT_MAXLWPS:
3677 3832 remove_aliased_rctl(PT_MAXLWPS, ALIAS_MAXLWPS);
3678 3833 return;
3679 3834 case PT_MAXPROCS:
3680 3835 remove_aliased_rctl(PT_MAXPROCS, ALIAS_MAXPROCS);
3681 3836 return;
3682 3837 case PT_MAXSHMMEM:
3683 3838 remove_aliased_rctl(PT_MAXSHMMEM, ALIAS_MAXSHMMEM);
3684 3839 return;
3685 3840 case PT_MAXSHMIDS:
3686 3841 remove_aliased_rctl(PT_MAXSHMIDS, ALIAS_MAXSHMIDS);
3687 3842 return;
3688 3843 case PT_MAXMSGIDS:
3689 3844 remove_aliased_rctl(PT_MAXMSGIDS, ALIAS_MAXMSGIDS);
3690 3845 return;
3691 3846 case PT_MAXSEMIDS:
3692 3847 remove_aliased_rctl(PT_MAXSEMIDS, ALIAS_MAXSEMIDS);
3693 3848 return;
3694 3849 case PT_SHARES:
3695 3850 remove_aliased_rctl(PT_SHARES, ALIAS_SHARES);
3696 3851 return;
3697 3852 case PT_HOSTID:
3698 3853 if ((err = zonecfg_set_hostid(handle, NULL)) != Z_OK)
3699 3854 z_cmd_rt_perror(CMD_CLEAR, RT_HOSTID, err, B_TRUE);
3700 3855 else
3701 3856 need_to_commit = B_TRUE;
3702 3857 return;
3703 3858 case PT_FS_ALLOWED:
3704 3859 if ((err = zonecfg_set_fs_allowed(handle, NULL)) != Z_OK)
3705 3860 z_cmd_rt_perror(CMD_CLEAR, RT_FS_ALLOWED, err, B_TRUE);
3706 3861 else
3707 3862 need_to_commit = B_TRUE;
3708 3863 return;
3709 3864 default:
3710 3865 zone_perror(pt_to_str(type), Z_NO_PROPERTY_TYPE, B_TRUE);
3711 3866 long_usage(CMD_CLEAR, B_TRUE);
3712 3867 usage(B_FALSE, HELP_PROPS);
3713 3868 return;
3714 3869 }
3715 3870 }
3716 3871
3717 3872 void
3718 3873 clear_func(cmd_t *cmd)
3719 3874 {
3720 3875 if (zone_is_read_only(CMD_CLEAR))
3721 3876 return;
3722 3877
3723 3878 assert(cmd != NULL);
3724 3879
3725 3880 if (global_scope) {
3726 3881 if (gz_invalid_property(cmd->cmd_res_type)) {
3727 3882 zerr(gettext("%s is not a valid property for the "
3728 3883 "global zone."), pt_to_str(cmd->cmd_res_type));
3729 3884 saw_error = B_TRUE;
3730 3885 return;
3731 3886 }
3732 3887
3733 3888 clear_global(cmd);
3734 3889 } else {
3735 3890 clear_property(cmd);
3736 3891 }
3737 3892 }
3738 3893
3739 3894 void
3740 3895 select_func(cmd_t *cmd)
3741 3896 {
3742 3897 int type, err, res;
3743 3898 uint64_t limit;
3744 3899 uint64_t tmp;
3745 3900
3746 3901 if (zone_is_read_only(CMD_SELECT))
3747 3902 return;
3748 3903
3749 3904 assert(cmd != NULL);
3750 3905
3751 3906 if (global_scope) {
3752 3907 global_scope = B_FALSE;
3753 3908 resource_scope = cmd->cmd_res_type;
3754 3909 end_op = CMD_SELECT;
3755 3910 } else {
3756 3911 scope_usage(CMD_SELECT);
3757 3912 return;
3758 3913 }
3759 3914
3760 3915 if ((type = cmd->cmd_res_type) == RT_UNKNOWN) {
3761 3916 long_usage(CMD_SELECT, B_TRUE);
3762 3917 return;
3763 3918 }
3764 3919
3765 3920 if (initialize(B_TRUE) != Z_OK)
3766 3921 return;
3767 3922
3768 3923 switch (type) {
3769 3924 case RT_FS:
3770 3925 if ((err = fill_in_fstab(cmd, &old_fstab, B_FALSE)) != Z_OK) {
3771 3926 z_cmd_rt_perror(CMD_SELECT, RT_FS, err, B_TRUE);
3772 3927 global_scope = B_TRUE;
3773 3928 }
3774 3929 bcopy(&old_fstab, &in_progress_fstab,
3775 3930 sizeof (struct zone_fstab));
3776 3931 return;
3777 3932 case RT_NET:
3778 3933 if ((err = fill_in_nwiftab(cmd, &old_nwiftab, B_FALSE))
3779 3934 != Z_OK) {
3780 3935 z_cmd_rt_perror(CMD_SELECT, RT_NET, err, B_TRUE);
3781 3936 global_scope = B_TRUE;
3782 3937 }
3783 3938 bcopy(&old_nwiftab, &in_progress_nwiftab,
3784 3939 sizeof (struct zone_nwiftab));
3785 3940 return;
3786 3941 case RT_DEVICE:
3787 3942 if ((err = fill_in_devtab(cmd, &old_devtab, B_FALSE)) != Z_OK) {
3788 3943 z_cmd_rt_perror(CMD_SELECT, RT_DEVICE, err, B_TRUE);
3789 3944 global_scope = B_TRUE;
3790 3945 }
3791 3946 bcopy(&old_devtab, &in_progress_devtab,
3792 3947 sizeof (struct zone_devtab));
3793 3948 return;
3794 3949 case RT_RCTL:
3795 3950 if ((err = fill_in_rctltab(cmd, &old_rctltab, B_FALSE))
3796 3951 != Z_OK) {
3797 3952 z_cmd_rt_perror(CMD_SELECT, RT_RCTL, err, B_TRUE);
3798 3953 global_scope = B_TRUE;
3799 3954 }
3800 3955 bcopy(&old_rctltab, &in_progress_rctltab,
3801 3956 sizeof (struct zone_rctltab));
3802 3957 return;
3803 3958 case RT_ATTR:
3804 3959 if ((err = fill_in_attrtab(cmd, &old_attrtab, B_FALSE))
3805 3960 != Z_OK) {
3806 3961 z_cmd_rt_perror(CMD_SELECT, RT_ATTR, err, B_TRUE);
3807 3962 global_scope = B_TRUE;
3808 3963 }
3809 3964 bcopy(&old_attrtab, &in_progress_attrtab,
3810 3965 sizeof (struct zone_attrtab));
3811 3966 return;
3812 3967 case RT_DATASET:
3813 3968 if ((err = fill_in_dstab(cmd, &old_dstab, B_FALSE)) != Z_OK) {
3814 3969 z_cmd_rt_perror(CMD_SELECT, RT_DATASET, err, B_TRUE);
3815 3970 global_scope = B_TRUE;
3816 3971 }
3817 3972 bcopy(&old_dstab, &in_progress_dstab,
3818 3973 sizeof (struct zone_dstab));
3819 3974 return;
3820 3975 case RT_DCPU:
3821 3976 if ((err = zonecfg_lookup_pset(handle, &old_psettab)) != Z_OK) {
3822 3977 z_cmd_rt_perror(CMD_SELECT, RT_DCPU, err, B_TRUE);
3823 3978 global_scope = B_TRUE;
3824 3979 }
3825 3980 bcopy(&old_psettab, &in_progress_psettab,
3826 3981 sizeof (struct zone_psettab));
3827 3982 return;
3828 3983 case RT_PCAP:
3829 3984 if ((err = zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &tmp))
3830 3985 != Z_OK) {
3831 3986 z_cmd_rt_perror(CMD_SELECT, RT_PCAP, err, B_TRUE);
3832 3987 global_scope = B_TRUE;
3833 3988 }
3834 3989 return;
3835 3990 case RT_MCAP:
3836 3991 /* if none of these exist, there is no resource to select */
3837 3992 if ((res = zonecfg_lookup_mcap(handle, &old_mcaptab)) != Z_OK &&
3838 3993 zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &limit)
3839 3994 != Z_OK &&
3840 3995 zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM, &limit)
3841 3996 != Z_OK) {
3842 3997 z_cmd_rt_perror(CMD_SELECT, RT_MCAP, Z_NO_RESOURCE_TYPE,
3843 3998 B_TRUE);
3844 3999 global_scope = B_TRUE;
3845 4000 }
3846 4001 if (res == Z_OK)
3847 4002 bcopy(&old_mcaptab, &in_progress_mcaptab,
3848 4003 sizeof (struct zone_mcaptab));
3849 4004 else
3850 4005 bzero(&in_progress_mcaptab,
3851 4006 sizeof (in_progress_mcaptab));
3852 4007 return;
|
↓ open down ↓ |
233 lines elided |
↑ open up ↑ |
3853 4008 case RT_ADMIN:
3854 4009 if ((err = fill_in_admintab(cmd, &old_admintab, B_FALSE))
3855 4010 != Z_OK) {
3856 4011 z_cmd_rt_perror(CMD_SELECT, RT_ADMIN, err,
3857 4012 B_TRUE);
3858 4013 global_scope = B_TRUE;
3859 4014 }
3860 4015 bcopy(&old_admintab, &in_progress_admintab,
3861 4016 sizeof (struct zone_admintab));
3862 4017 return;
4018 + case RT_SECFLAGS:
4019 + if ((err = fill_in_secflagstab(cmd, &old_secflagstab, B_FALSE))
4020 + != Z_OK) {
4021 + z_cmd_rt_perror(CMD_SELECT, RT_SECFLAGS, err,
4022 + B_TRUE);
4023 + global_scope = B_TRUE;
4024 + }
4025 + bcopy(&old_secflagstab, &in_progress_secflagstab,
4026 + sizeof (struct zone_secflagstab));
4027 + return;
3863 4028 default:
3864 4029 zone_perror(rt_to_str(type), Z_NO_RESOURCE_TYPE, B_TRUE);
3865 4030 long_usage(CMD_SELECT, B_TRUE);
3866 4031 usage(B_FALSE, HELP_RESOURCES);
3867 4032 return;
3868 4033 }
3869 4034 }
3870 4035
3871 4036 /*
3872 4037 * Network "addresses" can be one of the following forms:
3873 4038 * <IPv4 address>
3874 4039 * <IPv4 address>/<prefix length>
3875 4040 * <IPv6 address>/<prefix length>
3876 4041 * <host name>
3877 4042 * <host name>/<prefix length>
3878 4043 * In other words, the "/" followed by a prefix length is allowed but not
3879 4044 * required for IPv4 addresses and host names, and required for IPv6 addresses.
3880 4045 * If a prefix length is given, it must be in the allowable range: 0 to 32 for
3881 4046 * IPv4 addresses and host names, 0 to 128 for IPv6 addresses.
3882 4047 * Host names must start with an alpha-numeric character, and all subsequent
3883 4048 * characters must be either alpha-numeric or "-".
3884 4049 *
3885 4050 * In some cases, e.g., the nexthop for the defrouter, the context indicates
3886 4051 * that this is the IPV4_ABITS or IPV6_ABITS netmask, in which case we don't
3887 4052 * require the /<prefix length> (and should ignore it if provided).
3888 4053 */
3889 4054
3890 4055 static int
3891 4056 validate_net_address_syntax(char *address, boolean_t ishost)
3892 4057 {
3893 4058 char *slashp, part1[MAXHOSTNAMELEN];
3894 4059 struct in6_addr in6;
3895 4060 struct in_addr in4;
3896 4061 int prefixlen, i;
3897 4062
3898 4063 /*
3899 4064 * Copy the part before any '/' into part1 or copy the whole
3900 4065 * thing if there is no '/'.
3901 4066 */
3902 4067 if ((slashp = strchr(address, '/')) != NULL) {
3903 4068 *slashp = '\0';
3904 4069 (void) strlcpy(part1, address, sizeof (part1));
3905 4070 *slashp = '/';
3906 4071 prefixlen = atoi(++slashp);
3907 4072 } else {
3908 4073 (void) strlcpy(part1, address, sizeof (part1));
3909 4074 }
3910 4075
3911 4076 if (ishost && slashp != NULL) {
3912 4077 zerr(gettext("Warning: prefix length in %s is not required and "
3913 4078 "will be ignored. The default host-prefix length "
3914 4079 "will be used"), address);
3915 4080 }
3916 4081
3917 4082
3918 4083 if (inet_pton(AF_INET6, part1, &in6) == 1) {
3919 4084 if (ishost) {
3920 4085 prefixlen = IPV6_ABITS;
3921 4086 } else if (slashp == NULL) {
3922 4087 zerr(gettext("%s: IPv6 addresses "
3923 4088 "require /prefix-length suffix."), address);
3924 4089 return (Z_ERR);
3925 4090 }
3926 4091 if (prefixlen < 0 || prefixlen > 128) {
3927 4092 zerr(gettext("%s: IPv6 address "
3928 4093 "prefix lengths must be 0 - 128."), address);
3929 4094 return (Z_ERR);
3930 4095 }
3931 4096 return (Z_OK);
3932 4097 }
3933 4098
3934 4099 /* At this point, any /prefix must be for IPv4. */
3935 4100 if (ishost)
3936 4101 prefixlen = IPV4_ABITS;
3937 4102 else if (slashp != NULL) {
3938 4103 if (prefixlen < 0 || prefixlen > 32) {
3939 4104 zerr(gettext("%s: IPv4 address "
3940 4105 "prefix lengths must be 0 - 32."), address);
3941 4106 return (Z_ERR);
3942 4107 }
3943 4108 }
3944 4109
3945 4110 if (inet_pton(AF_INET, part1, &in4) == 1)
3946 4111 return (Z_OK);
3947 4112
3948 4113 /* address may also be a host name */
3949 4114 if (!isalnum(part1[0])) {
3950 4115 zerr(gettext("%s: bogus host name or network address syntax"),
3951 4116 part1);
3952 4117 saw_error = B_TRUE;
3953 4118 usage(B_FALSE, HELP_NETADDR);
3954 4119 return (Z_ERR);
3955 4120 }
3956 4121 for (i = 1; part1[i]; i++)
3957 4122 if (!isalnum(part1[i]) && part1[i] != '-' && part1[i] != '.') {
3958 4123 zerr(gettext("%s: bogus host name or "
3959 4124 "network address syntax"), part1);
3960 4125 saw_error = B_TRUE;
3961 4126 usage(B_FALSE, HELP_NETADDR);
3962 4127 return (Z_ERR);
3963 4128 }
3964 4129 return (Z_OK);
3965 4130 }
3966 4131
3967 4132 static int
3968 4133 validate_net_physical_syntax(const char *ifname)
3969 4134 {
3970 4135 ifspec_t ifnameprop;
3971 4136 zone_iptype_t iptype;
3972 4137
3973 4138 if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
3974 4139 zerr(gettext("zone configuration has an invalid or nonexistent "
3975 4140 "ip-type property"));
3976 4141 return (Z_ERR);
3977 4142 }
3978 4143 switch (iptype) {
3979 4144 case ZS_SHARED:
3980 4145 if (ifparse_ifspec(ifname, &ifnameprop) == B_FALSE) {
3981 4146 zerr(gettext("%s: invalid physical interface name"),
3982 4147 ifname);
3983 4148 return (Z_ERR);
3984 4149 }
3985 4150 if (ifnameprop.ifsp_lunvalid) {
3986 4151 zerr(gettext("%s: LUNs not allowed in physical "
3987 4152 "interface names"), ifname);
3988 4153 return (Z_ERR);
3989 4154 }
3990 4155 break;
3991 4156 case ZS_EXCLUSIVE:
3992 4157 if (dladm_valid_linkname(ifname) == B_FALSE) {
3993 4158 if (strchr(ifname, ':') != NULL)
3994 4159 zerr(gettext("%s: physical interface name "
3995 4160 "required; logical interface name not "
3996 4161 "allowed"), ifname);
3997 4162 else
3998 4163 zerr(gettext("%s: invalid physical interface "
3999 4164 "name"), ifname);
4000 4165 return (Z_ERR);
4001 4166 }
4002 4167 break;
4003 4168 }
4004 4169 return (Z_OK);
4005 4170 }
4006 4171
4007 4172 static boolean_t
4008 4173 valid_fs_type(const char *type)
4009 4174 {
4010 4175 /*
4011 4176 * Is this a valid path component?
4012 4177 */
4013 4178 if (strlen(type) + 1 > MAXNAMELEN)
4014 4179 return (B_FALSE);
4015 4180 /*
4016 4181 * Make sure a bad value for "type" doesn't make
4017 4182 * /usr/lib/fs/<type>/mount turn into something else.
4018 4183 */
4019 4184 if (strchr(type, '/') != NULL || type[0] == '\0' ||
4020 4185 strcmp(type, ".") == 0 || strcmp(type, "..") == 0)
4021 4186 return (B_FALSE);
4022 4187 /*
4023 4188 * More detailed verification happens later by zoneadm(1m).
4024 4189 */
4025 4190 return (B_TRUE);
4026 4191 }
4027 4192
4028 4193 static boolean_t
4029 4194 allow_exclusive()
4030 4195 {
4031 4196 brand_handle_t bh;
4032 4197 char brand[MAXNAMELEN];
4033 4198 boolean_t ret;
4034 4199
4035 4200 if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
4036 4201 zerr("%s: %s\n", zone, gettext("could not get zone brand"));
4037 4202 return (B_FALSE);
4038 4203 }
4039 4204 if ((bh = brand_open(brand)) == NULL) {
4040 4205 zerr("%s: %s\n", zone, gettext("unknown brand."));
4041 4206 return (B_FALSE);
4042 4207 }
4043 4208 ret = brand_allow_exclusive_ip(bh);
4044 4209 brand_close(bh);
4045 4210 if (!ret)
4046 4211 zerr(gettext("%s cannot be '%s' when %s is '%s'."),
4047 4212 pt_to_str(PT_IPTYPE), "exclusive",
4048 4213 pt_to_str(PT_BRAND), brand);
4049 4214 return (ret);
4050 4215 }
4051 4216
4052 4217 static void
4053 4218 set_aliased_rctl(char *alias, int prop_type, char *s)
4054 4219 {
4055 4220 uint64_t limit;
4056 4221 int err;
4057 4222 char tmp[128];
4058 4223
4059 4224 if (global_zone && strcmp(alias, ALIAS_SHARES) != 0)
4060 4225 zerr(gettext("WARNING: Setting a global zone resource "
4061 4226 "control too low could deny\nservice "
4062 4227 "to even the root user; "
4063 4228 "this could render the system impossible\n"
4064 4229 "to administer. Please use caution."));
4065 4230
4066 4231 /* convert memory based properties */
4067 4232 if (prop_type == PT_MAXSHMMEM) {
4068 4233 if (!zonecfg_valid_memlimit(s, &limit)) {
4069 4234 zerr(gettext("A non-negative number with a required "
4070 4235 "scale suffix (K, M, G or T) was expected\nhere."));
4071 4236 saw_error = B_TRUE;
4072 4237 return;
4073 4238 }
4074 4239
4075 4240 (void) snprintf(tmp, sizeof (tmp), "%llu", limit);
4076 4241 s = tmp;
4077 4242 }
4078 4243
4079 4244 if (!zonecfg_aliased_rctl_ok(handle, alias)) {
4080 4245 zone_perror(pt_to_str(prop_type), Z_ALIAS_DISALLOW, B_FALSE);
4081 4246 saw_error = B_TRUE;
4082 4247 } else if (!zonecfg_valid_alias_limit(alias, s, &limit)) {
4083 4248 zerr(gettext("%s property is out of range."),
4084 4249 pt_to_str(prop_type));
4085 4250 saw_error = B_TRUE;
4086 4251 } else if ((err = zonecfg_set_aliased_rctl(handle, alias, limit))
4087 4252 != Z_OK) {
4088 4253 zone_perror(zone, err, B_TRUE);
4089 4254 saw_error = B_TRUE;
4090 4255 } else {
4091 4256 need_to_commit = B_TRUE;
4092 4257 }
4093 4258 }
4094 4259
4095 4260 static void
4096 4261 set_in_progress_nwiftab_address(char *prop_id, int prop_type)
4097 4262 {
4098 4263 if (prop_type == PT_ADDRESS) {
4099 4264 (void) strlcpy(in_progress_nwiftab.zone_nwif_address, prop_id,
4100 4265 sizeof (in_progress_nwiftab.zone_nwif_address));
4101 4266 } else {
4102 4267 assert(prop_type == PT_ALLOWED_ADDRESS);
4103 4268 (void) strlcpy(in_progress_nwiftab.zone_nwif_allowed_address,
4104 4269 prop_id,
4105 4270 sizeof (in_progress_nwiftab.zone_nwif_allowed_address));
4106 4271 }
4107 4272 }
4108 4273
4109 4274 void
4110 4275 set_func(cmd_t *cmd)
4111 4276 {
4112 4277 char *prop_id;
4113 4278 int arg, err, res_type, prop_type;
4114 4279 property_value_ptr_t pp;
4115 4280 boolean_t autoboot;
4116 4281 zone_iptype_t iptype;
4117 4282 boolean_t force_set = B_FALSE;
4118 4283 size_t physmem_size = sizeof (in_progress_mcaptab.zone_physmem_cap);
4119 4284 uint64_t mem_cap, mem_limit;
4120 4285 float cap;
4121 4286 char *unitp;
4122 4287 struct zone_psettab tmp_psettab;
4123 4288 boolean_t arg_err = B_FALSE;
4124 4289
4125 4290 if (zone_is_read_only(CMD_SET))
4126 4291 return;
4127 4292
4128 4293 assert(cmd != NULL);
4129 4294
4130 4295 optind = opterr = 0;
4131 4296 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "F")) != EOF) {
4132 4297 switch (arg) {
4133 4298 case 'F':
4134 4299 force_set = B_TRUE;
4135 4300 break;
4136 4301 default:
4137 4302 if (optopt == '?')
4138 4303 longer_usage(CMD_SET);
4139 4304 else
4140 4305 short_usage(CMD_SET);
4141 4306 arg_err = B_TRUE;
4142 4307 break;
4143 4308 }
4144 4309 }
4145 4310 if (arg_err)
4146 4311 return;
4147 4312
4148 4313 prop_type = cmd->cmd_prop_name[0];
4149 4314 if (global_scope) {
4150 4315 if (gz_invalid_property(prop_type)) {
4151 4316 zerr(gettext("%s is not a valid property for the "
4152 4317 "global zone."), pt_to_str(prop_type));
4153 4318 saw_error = B_TRUE;
4154 4319 return;
4155 4320 }
4156 4321
4157 4322 if (prop_type == PT_ZONENAME) {
4158 4323 res_type = RT_ZONENAME;
4159 4324 } else if (prop_type == PT_ZONEPATH) {
4160 4325 res_type = RT_ZONEPATH;
4161 4326 } else if (prop_type == PT_AUTOBOOT) {
4162 4327 res_type = RT_AUTOBOOT;
4163 4328 } else if (prop_type == PT_BRAND) {
4164 4329 res_type = RT_BRAND;
4165 4330 } else if (prop_type == PT_POOL) {
4166 4331 res_type = RT_POOL;
4167 4332 } else if (prop_type == PT_LIMITPRIV) {
4168 4333 res_type = RT_LIMITPRIV;
4169 4334 } else if (prop_type == PT_BOOTARGS) {
4170 4335 res_type = RT_BOOTARGS;
4171 4336 } else if (prop_type == PT_SCHED) {
4172 4337 res_type = RT_SCHED;
4173 4338 } else if (prop_type == PT_IPTYPE) {
4174 4339 res_type = RT_IPTYPE;
4175 4340 } else if (prop_type == PT_MAXLWPS) {
4176 4341 res_type = RT_MAXLWPS;
4177 4342 } else if (prop_type == PT_MAXPROCS) {
4178 4343 res_type = RT_MAXPROCS;
4179 4344 } else if (prop_type == PT_MAXSHMMEM) {
4180 4345 res_type = RT_MAXSHMMEM;
4181 4346 } else if (prop_type == PT_MAXSHMIDS) {
4182 4347 res_type = RT_MAXSHMIDS;
4183 4348 } else if (prop_type == PT_MAXMSGIDS) {
4184 4349 res_type = RT_MAXMSGIDS;
4185 4350 } else if (prop_type == PT_MAXSEMIDS) {
4186 4351 res_type = RT_MAXSEMIDS;
4187 4352 } else if (prop_type == PT_SHARES) {
4188 4353 res_type = RT_SHARES;
4189 4354 } else if (prop_type == PT_HOSTID) {
4190 4355 res_type = RT_HOSTID;
4191 4356 } else if (prop_type == PT_FS_ALLOWED) {
4192 4357 res_type = RT_FS_ALLOWED;
4193 4358 } else {
4194 4359 zerr(gettext("Cannot set a resource-specific property "
4195 4360 "from the global scope."));
4196 4361 saw_error = B_TRUE;
4197 4362 return;
4198 4363 }
4199 4364 } else {
4200 4365 res_type = resource_scope;
4201 4366 }
4202 4367
4203 4368 if (force_set) {
4204 4369 if (res_type != RT_ZONEPATH) {
4205 4370 zerr(gettext("Only zonepath setting can be forced."));
4206 4371 saw_error = B_TRUE;
4207 4372 return;
4208 4373 }
4209 4374 if (!zonecfg_in_alt_root()) {
4210 4375 zerr(gettext("Zonepath is changeable only in an "
4211 4376 "alternate root."));
4212 4377 saw_error = B_TRUE;
4213 4378 return;
4214 4379 }
4215 4380 }
4216 4381
4217 4382 pp = cmd->cmd_property_ptr[0];
4218 4383 /*
4219 4384 * A nasty expression but not that complicated:
4220 4385 * 1. fs options are simple or list (tested below)
4221 4386 * 2. rctl value's are complex or list (tested below)
4222 4387 * Anything else should be simple.
4223 4388 */
4224 4389 if (!(res_type == RT_FS && prop_type == PT_OPTIONS) &&
4225 4390 !(res_type == RT_RCTL && prop_type == PT_VALUE) &&
4226 4391 (pp->pv_type != PROP_VAL_SIMPLE ||
4227 4392 (prop_id = pp->pv_simple) == NULL)) {
4228 4393 zerr(gettext("A %s value was expected here."),
4229 4394 pvt_to_str(PROP_VAL_SIMPLE));
4230 4395 saw_error = B_TRUE;
4231 4396 return;
4232 4397 }
4233 4398 if (prop_type == PT_UNKNOWN) {
4234 4399 long_usage(CMD_SET, B_TRUE);
4235 4400 return;
4236 4401 }
4237 4402
4238 4403 /*
4239 4404 * Special case: the user can change the zone name prior to 'create';
4240 4405 * if the zone already exists, we fall through letting initialize()
4241 4406 * and the rest of the logic run.
4242 4407 */
4243 4408 if (res_type == RT_ZONENAME && got_handle == B_FALSE &&
4244 4409 !state_atleast(ZONE_STATE_CONFIGURED)) {
4245 4410 if ((err = zonecfg_validate_zonename(prop_id)) != Z_OK) {
4246 4411 zone_perror(prop_id, err, B_TRUE);
4247 4412 usage(B_FALSE, HELP_SYNTAX);
4248 4413 return;
4249 4414 }
4250 4415 (void) strlcpy(zone, prop_id, sizeof (zone));
4251 4416 return;
4252 4417 }
4253 4418
4254 4419 if (initialize(B_TRUE) != Z_OK)
4255 4420 return;
4256 4421
4257 4422 switch (res_type) {
4258 4423 case RT_ZONENAME:
4259 4424 if ((err = zonecfg_set_name(handle, prop_id)) != Z_OK) {
4260 4425 /*
4261 4426 * Use prop_id instead of 'zone' here, since we're
4262 4427 * reporting a problem about the *new* zonename.
4263 4428 */
4264 4429 zone_perror(prop_id, err, B_TRUE);
4265 4430 usage(B_FALSE, HELP_SYNTAX);
4266 4431 } else {
4267 4432 need_to_commit = B_TRUE;
4268 4433 (void) strlcpy(zone, prop_id, sizeof (zone));
4269 4434 }
4270 4435 return;
4271 4436 case RT_ZONEPATH:
4272 4437 if (!force_set && state_atleast(ZONE_STATE_INSTALLED)) {
4273 4438 zerr(gettext("Zone %s already installed; %s %s not "
4274 4439 "allowed."), zone, cmd_to_str(CMD_SET),
4275 4440 rt_to_str(RT_ZONEPATH));
4276 4441 return;
4277 4442 }
4278 4443 if (validate_zonepath_syntax(prop_id) != Z_OK) {
4279 4444 saw_error = B_TRUE;
4280 4445 return;
4281 4446 }
4282 4447 if ((err = zonecfg_set_zonepath(handle, prop_id)) != Z_OK)
4283 4448 zone_perror(zone, err, B_TRUE);
4284 4449 else
4285 4450 need_to_commit = B_TRUE;
4286 4451 return;
4287 4452 case RT_BRAND:
4288 4453 if (state_atleast(ZONE_STATE_INSTALLED)) {
4289 4454 zerr(gettext("Zone %s already installed; %s %s not "
4290 4455 "allowed."), zone, cmd_to_str(CMD_SET),
4291 4456 rt_to_str(RT_BRAND));
4292 4457 return;
4293 4458 }
4294 4459 if ((err = zonecfg_set_brand(handle, prop_id)) != Z_OK)
4295 4460 zone_perror(zone, err, B_TRUE);
4296 4461 else
4297 4462 need_to_commit = B_TRUE;
4298 4463 return;
4299 4464 case RT_AUTOBOOT:
4300 4465 if (strcmp(prop_id, "true") == 0) {
4301 4466 autoboot = B_TRUE;
4302 4467 } else if (strcmp(prop_id, "false") == 0) {
4303 4468 autoboot = B_FALSE;
4304 4469 } else {
4305 4470 zerr(gettext("%s value must be '%s' or '%s'."),
4306 4471 pt_to_str(PT_AUTOBOOT), "true", "false");
4307 4472 saw_error = B_TRUE;
4308 4473 return;
4309 4474 }
4310 4475 if ((err = zonecfg_set_autoboot(handle, autoboot)) != Z_OK)
4311 4476 zone_perror(zone, err, B_TRUE);
4312 4477 else
4313 4478 need_to_commit = B_TRUE;
4314 4479 return;
4315 4480 case RT_POOL:
4316 4481 /* don't allow use of the reserved temporary pool names */
4317 4482 if (strncmp("SUNW", prop_id, 4) == 0) {
4318 4483 zerr(gettext("pool names starting with SUNW are "
4319 4484 "reserved."));
4320 4485 saw_error = B_TRUE;
4321 4486 return;
4322 4487 }
4323 4488
4324 4489 /* can't set pool if dedicated-cpu exists */
4325 4490 if (zonecfg_lookup_pset(handle, &tmp_psettab) == Z_OK) {
4326 4491 zerr(gettext("The %s resource already exists. "
4327 4492 "A persistent pool is incompatible\nwith the %s "
4328 4493 "resource."), rt_to_str(RT_DCPU),
4329 4494 rt_to_str(RT_DCPU));
4330 4495 saw_error = B_TRUE;
4331 4496 return;
4332 4497 }
4333 4498
4334 4499 if ((err = zonecfg_set_pool(handle, prop_id)) != Z_OK)
4335 4500 zone_perror(zone, err, B_TRUE);
4336 4501 else
4337 4502 need_to_commit = B_TRUE;
4338 4503 return;
4339 4504 case RT_LIMITPRIV:
4340 4505 if ((err = zonecfg_set_limitpriv(handle, prop_id)) != Z_OK)
4341 4506 zone_perror(zone, err, B_TRUE);
4342 4507 else
4343 4508 need_to_commit = B_TRUE;
4344 4509 return;
4345 4510 case RT_BOOTARGS:
4346 4511 if ((err = zonecfg_set_bootargs(handle, prop_id)) != Z_OK)
4347 4512 zone_perror(zone, err, B_TRUE);
4348 4513 else
4349 4514 need_to_commit = B_TRUE;
4350 4515 return;
4351 4516 case RT_SCHED:
4352 4517 if ((err = zonecfg_set_sched(handle, prop_id)) != Z_OK)
4353 4518 zone_perror(zone, err, B_TRUE);
4354 4519 else
4355 4520 need_to_commit = B_TRUE;
4356 4521 return;
4357 4522 case RT_IPTYPE:
4358 4523 if (strcmp(prop_id, "shared") == 0) {
4359 4524 iptype = ZS_SHARED;
4360 4525 } else if (strcmp(prop_id, "exclusive") == 0) {
4361 4526 iptype = ZS_EXCLUSIVE;
4362 4527 } else {
4363 4528 zerr(gettext("%s value must be '%s' or '%s'."),
4364 4529 pt_to_str(PT_IPTYPE), "shared", "exclusive");
4365 4530 saw_error = B_TRUE;
4366 4531 return;
4367 4532 }
4368 4533 if (iptype == ZS_EXCLUSIVE && !allow_exclusive()) {
4369 4534 saw_error = B_TRUE;
4370 4535 return;
4371 4536 }
4372 4537 if ((err = zonecfg_set_iptype(handle, iptype)) != Z_OK)
4373 4538 zone_perror(zone, err, B_TRUE);
4374 4539 else
4375 4540 need_to_commit = B_TRUE;
4376 4541 return;
4377 4542 case RT_MAXLWPS:
4378 4543 set_aliased_rctl(ALIAS_MAXLWPS, prop_type, prop_id);
4379 4544 return;
4380 4545 case RT_MAXPROCS:
4381 4546 set_aliased_rctl(ALIAS_MAXPROCS, prop_type, prop_id);
4382 4547 return;
4383 4548 case RT_MAXSHMMEM:
4384 4549 set_aliased_rctl(ALIAS_MAXSHMMEM, prop_type, prop_id);
4385 4550 return;
4386 4551 case RT_MAXSHMIDS:
4387 4552 set_aliased_rctl(ALIAS_MAXSHMIDS, prop_type, prop_id);
4388 4553 return;
4389 4554 case RT_MAXMSGIDS:
4390 4555 set_aliased_rctl(ALIAS_MAXMSGIDS, prop_type, prop_id);
4391 4556 return;
4392 4557 case RT_MAXSEMIDS:
4393 4558 set_aliased_rctl(ALIAS_MAXSEMIDS, prop_type, prop_id);
4394 4559 return;
4395 4560 case RT_SHARES:
4396 4561 set_aliased_rctl(ALIAS_SHARES, prop_type, prop_id);
4397 4562 return;
4398 4563 case RT_HOSTID:
4399 4564 if ((err = zonecfg_set_hostid(handle, prop_id)) != Z_OK) {
4400 4565 if (err == Z_TOO_BIG) {
4401 4566 zerr(gettext("hostid string is too large: %s"),
4402 4567 prop_id);
4403 4568 saw_error = B_TRUE;
4404 4569 } else {
4405 4570 zone_perror(pt_to_str(prop_type), err, B_TRUE);
4406 4571 }
4407 4572 return;
4408 4573 }
4409 4574 need_to_commit = B_TRUE;
4410 4575 return;
4411 4576 case RT_FS_ALLOWED:
4412 4577 if ((err = zonecfg_set_fs_allowed(handle, prop_id)) != Z_OK)
4413 4578 zone_perror(zone, err, B_TRUE);
4414 4579 else
4415 4580 need_to_commit = B_TRUE;
4416 4581 return;
4417 4582 case RT_FS:
4418 4583 switch (prop_type) {
4419 4584 case PT_DIR:
4420 4585 (void) strlcpy(in_progress_fstab.zone_fs_dir, prop_id,
4421 4586 sizeof (in_progress_fstab.zone_fs_dir));
4422 4587 return;
4423 4588 case PT_SPECIAL:
4424 4589 (void) strlcpy(in_progress_fstab.zone_fs_special,
4425 4590 prop_id,
4426 4591 sizeof (in_progress_fstab.zone_fs_special));
4427 4592 return;
4428 4593 case PT_RAW:
4429 4594 (void) strlcpy(in_progress_fstab.zone_fs_raw,
4430 4595 prop_id, sizeof (in_progress_fstab.zone_fs_raw));
4431 4596 return;
4432 4597 case PT_TYPE:
4433 4598 if (!valid_fs_type(prop_id)) {
4434 4599 zerr(gettext("\"%s\" is not a valid %s."),
4435 4600 prop_id, pt_to_str(PT_TYPE));
4436 4601 saw_error = B_TRUE;
4437 4602 return;
4438 4603 }
4439 4604 (void) strlcpy(in_progress_fstab.zone_fs_type, prop_id,
4440 4605 sizeof (in_progress_fstab.zone_fs_type));
4441 4606 return;
4442 4607 case PT_OPTIONS:
4443 4608 if (pp->pv_type != PROP_VAL_SIMPLE &&
4444 4609 pp->pv_type != PROP_VAL_LIST) {
4445 4610 zerr(gettext("A %s or %s value was expected "
4446 4611 "here."), pvt_to_str(PROP_VAL_SIMPLE),
4447 4612 pvt_to_str(PROP_VAL_LIST));
4448 4613 saw_error = B_TRUE;
4449 4614 return;
4450 4615 }
4451 4616 zonecfg_free_fs_option_list(
4452 4617 in_progress_fstab.zone_fs_options);
4453 4618 in_progress_fstab.zone_fs_options = NULL;
4454 4619 if (!(pp->pv_type == PROP_VAL_LIST &&
4455 4620 pp->pv_list == NULL))
4456 4621 add_property(cmd);
4457 4622 return;
4458 4623 default:
4459 4624 break;
4460 4625 }
4461 4626 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4462 4627 long_usage(CMD_SET, B_TRUE);
4463 4628 usage(B_FALSE, HELP_PROPS);
4464 4629 return;
4465 4630 case RT_NET:
4466 4631 switch (prop_type) {
4467 4632 case PT_ADDRESS:
4468 4633 case PT_ALLOWED_ADDRESS:
4469 4634 if (validate_net_address_syntax(prop_id, B_FALSE)
4470 4635 != Z_OK) {
4471 4636 saw_error = B_TRUE;
4472 4637 return;
4473 4638 }
4474 4639 set_in_progress_nwiftab_address(prop_id, prop_type);
4475 4640 break;
4476 4641 case PT_PHYSICAL:
4477 4642 if (validate_net_physical_syntax(prop_id) != Z_OK) {
4478 4643 saw_error = B_TRUE;
4479 4644 return;
4480 4645 }
4481 4646 (void) strlcpy(in_progress_nwiftab.zone_nwif_physical,
4482 4647 prop_id,
4483 4648 sizeof (in_progress_nwiftab.zone_nwif_physical));
4484 4649 break;
4485 4650 case PT_DEFROUTER:
4486 4651 if (validate_net_address_syntax(prop_id, B_TRUE)
4487 4652 != Z_OK) {
4488 4653 saw_error = B_TRUE;
4489 4654 return;
4490 4655 }
4491 4656 (void) strlcpy(in_progress_nwiftab.zone_nwif_defrouter,
4492 4657 prop_id,
4493 4658 sizeof (in_progress_nwiftab.zone_nwif_defrouter));
4494 4659 break;
4495 4660 default:
4496 4661 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4497 4662 B_TRUE);
4498 4663 long_usage(CMD_SET, B_TRUE);
4499 4664 usage(B_FALSE, HELP_PROPS);
4500 4665 return;
4501 4666 }
4502 4667 return;
4503 4668 case RT_DEVICE:
4504 4669 switch (prop_type) {
4505 4670 case PT_MATCH:
4506 4671 (void) strlcpy(in_progress_devtab.zone_dev_match,
4507 4672 prop_id,
4508 4673 sizeof (in_progress_devtab.zone_dev_match));
4509 4674 break;
4510 4675 default:
4511 4676 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4512 4677 B_TRUE);
4513 4678 long_usage(CMD_SET, B_TRUE);
4514 4679 usage(B_FALSE, HELP_PROPS);
4515 4680 return;
4516 4681 }
4517 4682 return;
4518 4683 case RT_RCTL:
4519 4684 switch (prop_type) {
4520 4685 case PT_NAME:
4521 4686 if (!zonecfg_valid_rctlname(prop_id)) {
4522 4687 zerr(gettext("'%s' is not a valid zone %s "
4523 4688 "name."), prop_id, rt_to_str(RT_RCTL));
4524 4689 return;
4525 4690 }
4526 4691 (void) strlcpy(in_progress_rctltab.zone_rctl_name,
4527 4692 prop_id,
4528 4693 sizeof (in_progress_rctltab.zone_rctl_name));
4529 4694 break;
4530 4695 case PT_VALUE:
4531 4696 if (pp->pv_type != PROP_VAL_COMPLEX &&
4532 4697 pp->pv_type != PROP_VAL_LIST) {
4533 4698 zerr(gettext("A %s or %s value was expected "
4534 4699 "here."), pvt_to_str(PROP_VAL_COMPLEX),
4535 4700 pvt_to_str(PROP_VAL_LIST));
4536 4701 saw_error = B_TRUE;
4537 4702 return;
4538 4703 }
4539 4704 zonecfg_free_rctl_value_list(
4540 4705 in_progress_rctltab.zone_rctl_valptr);
4541 4706 in_progress_rctltab.zone_rctl_valptr = NULL;
4542 4707 if (!(pp->pv_type == PROP_VAL_LIST &&
4543 4708 pp->pv_list == NULL))
4544 4709 add_property(cmd);
4545 4710 break;
4546 4711 default:
4547 4712 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4548 4713 B_TRUE);
4549 4714 long_usage(CMD_SET, B_TRUE);
4550 4715 usage(B_FALSE, HELP_PROPS);
4551 4716 return;
4552 4717 }
4553 4718 return;
4554 4719 case RT_ATTR:
4555 4720 switch (prop_type) {
4556 4721 case PT_NAME:
4557 4722 (void) strlcpy(in_progress_attrtab.zone_attr_name,
4558 4723 prop_id,
4559 4724 sizeof (in_progress_attrtab.zone_attr_name));
4560 4725 break;
4561 4726 case PT_TYPE:
4562 4727 (void) strlcpy(in_progress_attrtab.zone_attr_type,
4563 4728 prop_id,
4564 4729 sizeof (in_progress_attrtab.zone_attr_type));
4565 4730 break;
4566 4731 case PT_VALUE:
4567 4732 (void) strlcpy(in_progress_attrtab.zone_attr_value,
4568 4733 prop_id,
4569 4734 sizeof (in_progress_attrtab.zone_attr_value));
4570 4735 break;
4571 4736 default:
4572 4737 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4573 4738 B_TRUE);
4574 4739 long_usage(CMD_SET, B_TRUE);
4575 4740 usage(B_FALSE, HELP_PROPS);
4576 4741 return;
4577 4742 }
4578 4743 return;
4579 4744 case RT_DATASET:
4580 4745 switch (prop_type) {
4581 4746 case PT_NAME:
4582 4747 (void) strlcpy(in_progress_dstab.zone_dataset_name,
4583 4748 prop_id,
4584 4749 sizeof (in_progress_dstab.zone_dataset_name));
4585 4750 return;
4586 4751 default:
4587 4752 break;
4588 4753 }
4589 4754 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4590 4755 long_usage(CMD_SET, B_TRUE);
4591 4756 usage(B_FALSE, HELP_PROPS);
4592 4757 return;
4593 4758 case RT_DCPU:
4594 4759 switch (prop_type) {
4595 4760 char *lowp, *highp;
4596 4761
4597 4762 case PT_NCPUS:
4598 4763 lowp = prop_id;
4599 4764 if ((highp = strchr(prop_id, '-')) != NULL)
4600 4765 *highp++ = '\0';
4601 4766 else
4602 4767 highp = lowp;
4603 4768
4604 4769 /* Make sure the input makes sense. */
4605 4770 if (!zonecfg_valid_ncpus(lowp, highp)) {
4606 4771 zerr(gettext("%s property is out of range."),
4607 4772 pt_to_str(PT_NCPUS));
4608 4773 saw_error = B_TRUE;
4609 4774 return;
4610 4775 }
4611 4776
4612 4777 (void) strlcpy(
4613 4778 in_progress_psettab.zone_ncpu_min, lowp,
4614 4779 sizeof (in_progress_psettab.zone_ncpu_min));
4615 4780 (void) strlcpy(
4616 4781 in_progress_psettab.zone_ncpu_max, highp,
4617 4782 sizeof (in_progress_psettab.zone_ncpu_max));
4618 4783 return;
4619 4784 case PT_IMPORTANCE:
4620 4785 /* Make sure the value makes sense. */
4621 4786 if (!zonecfg_valid_importance(prop_id)) {
4622 4787 zerr(gettext("%s property is out of range."),
4623 4788 pt_to_str(PT_IMPORTANCE));
4624 4789 saw_error = B_TRUE;
4625 4790 return;
4626 4791 }
4627 4792
4628 4793 (void) strlcpy(in_progress_psettab.zone_importance,
4629 4794 prop_id,
4630 4795 sizeof (in_progress_psettab.zone_importance));
4631 4796 return;
4632 4797 default:
4633 4798 break;
4634 4799 }
4635 4800 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE, B_TRUE);
4636 4801 long_usage(CMD_SET, B_TRUE);
4637 4802 usage(B_FALSE, HELP_PROPS);
4638 4803 return;
4639 4804 case RT_PCAP:
4640 4805 if (prop_type != PT_NCPUS) {
4641 4806 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4642 4807 B_TRUE);
4643 4808 long_usage(CMD_SET, B_TRUE);
4644 4809 usage(B_FALSE, HELP_PROPS);
4645 4810 return;
4646 4811 }
4647 4812
4648 4813 /*
4649 4814 * We already checked that an rctl alias is allowed in
4650 4815 * the add_resource() function.
4651 4816 */
4652 4817
4653 4818 if ((cap = strtof(prop_id, &unitp)) <= 0 || *unitp != '\0' ||
4654 4819 (int)(cap * 100) < 1) {
4655 4820 zerr(gettext("%s property is out of range."),
4656 4821 pt_to_str(PT_NCPUS));
4657 4822 saw_error = B_TRUE;
4658 4823 return;
4659 4824 }
4660 4825
4661 4826 if ((err = zonecfg_set_aliased_rctl(handle, ALIAS_CPUCAP,
4662 4827 (int)(cap * 100))) != Z_OK)
4663 4828 zone_perror(zone, err, B_TRUE);
4664 4829 else
4665 4830 need_to_commit = B_TRUE;
4666 4831 return;
4667 4832 case RT_MCAP:
4668 4833 switch (prop_type) {
4669 4834 case PT_PHYSICAL:
4670 4835 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4671 4836 zerr(gettext("A positive number with a "
4672 4837 "required scale suffix (K, M, G or T) was "
4673 4838 "expected here."));
4674 4839 saw_error = B_TRUE;
4675 4840 } else if (mem_cap < ONE_MB) {
4676 4841 zerr(gettext("%s value is too small. It must "
4677 4842 "be at least 1M."), pt_to_str(PT_PHYSICAL));
4678 4843 saw_error = B_TRUE;
4679 4844 } else {
4680 4845 snprintf(in_progress_mcaptab.zone_physmem_cap,
4681 4846 physmem_size, "%llu", mem_cap);
4682 4847 }
4683 4848 break;
4684 4849 case PT_SWAP:
4685 4850 /*
4686 4851 * We have to check if an rctl is allowed here since
4687 4852 * there might already be a rctl defined that blocks
4688 4853 * the alias.
4689 4854 */
4690 4855 if (!zonecfg_aliased_rctl_ok(handle, ALIAS_MAXSWAP)) {
4691 4856 zone_perror(pt_to_str(PT_MAXSWAP),
4692 4857 Z_ALIAS_DISALLOW, B_FALSE);
4693 4858 saw_error = B_TRUE;
4694 4859 return;
4695 4860 }
4696 4861
4697 4862 if (global_zone)
4698 4863 mem_limit = ONE_MB * 100;
4699 4864 else
4700 4865 mem_limit = ONE_MB * 50;
4701 4866
4702 4867 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4703 4868 zerr(gettext("A positive number with a "
4704 4869 "required scale suffix (K, M, G or T) was "
4705 4870 "expected here."));
4706 4871 saw_error = B_TRUE;
4707 4872 } else if (mem_cap < mem_limit) {
4708 4873 char buf[128];
4709 4874
4710 4875 (void) snprintf(buf, sizeof (buf), "%llu",
4711 4876 mem_limit);
4712 4877 bytes_to_units(buf, buf, sizeof (buf));
4713 4878 zerr(gettext("%s value is too small. It must "
4714 4879 "be at least %s."), pt_to_str(PT_SWAP),
4715 4880 buf);
4716 4881 saw_error = B_TRUE;
4717 4882 } else {
4718 4883 if ((err = zonecfg_set_aliased_rctl(handle,
4719 4884 ALIAS_MAXSWAP, mem_cap)) != Z_OK)
4720 4885 zone_perror(zone, err, B_TRUE);
4721 4886 else
4722 4887 need_to_commit = B_TRUE;
4723 4888 }
4724 4889 break;
4725 4890 case PT_LOCKED:
4726 4891 /*
4727 4892 * We have to check if an rctl is allowed here since
4728 4893 * there might already be a rctl defined that blocks
4729 4894 * the alias.
4730 4895 */
4731 4896 if (!zonecfg_aliased_rctl_ok(handle,
4732 4897 ALIAS_MAXLOCKEDMEM)) {
4733 4898 zone_perror(pt_to_str(PT_LOCKED),
4734 4899 Z_ALIAS_DISALLOW, B_FALSE);
4735 4900 saw_error = B_TRUE;
4736 4901 return;
4737 4902 }
4738 4903
4739 4904 if (!zonecfg_valid_memlimit(prop_id, &mem_cap)) {
4740 4905 zerr(gettext("A non-negative number with a "
4741 4906 "required scale suffix (K, M, G or T) was "
4742 4907 "expected\nhere."));
4743 4908 saw_error = B_TRUE;
4744 4909 } else {
4745 4910 if ((err = zonecfg_set_aliased_rctl(handle,
4746 4911 ALIAS_MAXLOCKEDMEM, mem_cap)) != Z_OK)
4747 4912 zone_perror(zone, err, B_TRUE);
4748 4913 else
4749 4914 need_to_commit = B_TRUE;
4750 4915 }
4751 4916 break;
4752 4917 default:
4753 4918 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4754 4919 B_TRUE);
4755 4920 long_usage(CMD_SET, B_TRUE);
4756 4921 usage(B_FALSE, HELP_PROPS);
4757 4922 return;
4758 4923 }
4759 4924 return;
4760 4925 case RT_ADMIN:
4761 4926 switch (prop_type) {
4762 4927 case PT_USER:
4763 4928 (void) strlcpy(in_progress_admintab.zone_admin_user,
4764 4929 prop_id,
4765 4930 sizeof (in_progress_admintab.zone_admin_user));
4766 4931 return;
4767 4932 case PT_AUTHS:
4768 4933 (void) strlcpy(in_progress_admintab.zone_admin_auths,
|
↓ open down ↓ |
896 lines elided |
↑ open up ↑ |
4769 4934 prop_id,
4770 4935 sizeof (in_progress_admintab.zone_admin_auths));
4771 4936 return;
4772 4937 default:
4773 4938 zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4774 4939 B_TRUE);
4775 4940 long_usage(CMD_SET, B_TRUE);
4776 4941 usage(B_FALSE, HELP_PROPS);
4777 4942 return;
4778 4943 }
4944 + case RT_SECFLAGS: {
4945 + char *propstr;
4946 +
4947 + switch (prop_type) {
4948 + case PT_DEFAULT:
4949 + propstr = in_progress_secflagstab.zone_secflags_default;
4950 + break;
4951 + case PT_UPPER:
4952 + propstr = in_progress_secflagstab.zone_secflags_upper;
4953 + break;
4954 + case PT_LOWER:
4955 + propstr = in_progress_secflagstab.zone_secflags_lower;
4956 + break;
4957 + default:
4958 + zone_perror(pt_to_str(prop_type), Z_NO_PROPERTY_TYPE,
4959 + B_TRUE);
4960 + long_usage(CMD_SET, B_TRUE);
4961 + usage(B_FALSE, HELP_PROPS);
4962 + return;
4963 + }
4964 + (void) strlcpy(propstr, prop_id, ZONECFG_SECFLAGS_MAX);
4965 + return;
4966 + }
4779 4967 default:
4780 4968 zone_perror(rt_to_str(res_type), Z_NO_RESOURCE_TYPE, B_TRUE);
4781 4969 long_usage(CMD_SET, B_TRUE);
4782 4970 usage(B_FALSE, HELP_RESOURCES);
4783 4971 return;
4784 4972 }
4785 4973 }
4786 4974
4787 4975 static void
4788 4976 output_prop(FILE *fp, int pnum, char *pval, boolean_t print_notspec)
4789 4977 {
4790 4978 char *qstr;
4791 4979
4792 4980 if (*pval != '\0') {
4793 4981 qstr = quoteit(pval);
4794 4982 if (pnum == PT_SWAP || pnum == PT_LOCKED)
4795 4983 (void) fprintf(fp, "\t[%s: %s]\n", pt_to_str(pnum),
4796 4984 qstr);
4797 4985 else
4798 4986 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(pnum), qstr);
4799 4987 free(qstr);
4800 4988 } else if (print_notspec)
4801 4989 (void) fprintf(fp, gettext("\t%s not specified\n"),
4802 4990 pt_to_str(pnum));
4803 4991 }
4804 4992
4805 4993 static void
4806 4994 info_zonename(zone_dochandle_t handle, FILE *fp)
4807 4995 {
4808 4996 char zonename[ZONENAME_MAX];
4809 4997
4810 4998 if (zonecfg_get_name(handle, zonename, sizeof (zonename)) == Z_OK)
4811 4999 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONENAME),
4812 5000 zonename);
4813 5001 else
4814 5002 (void) fprintf(fp, gettext("%s not specified\n"),
4815 5003 pt_to_str(PT_ZONENAME));
4816 5004 }
4817 5005
4818 5006 static void
4819 5007 info_zonepath(zone_dochandle_t handle, FILE *fp)
4820 5008 {
4821 5009 char zonepath[MAXPATHLEN];
4822 5010
4823 5011 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) == Z_OK)
4824 5012 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_ZONEPATH),
4825 5013 zonepath);
4826 5014 else {
4827 5015 (void) fprintf(fp, gettext("%s not specified\n"),
4828 5016 pt_to_str(PT_ZONEPATH));
4829 5017 }
4830 5018 }
4831 5019
4832 5020 static void
4833 5021 info_brand(zone_dochandle_t handle, FILE *fp)
4834 5022 {
4835 5023 char brand[MAXNAMELEN];
4836 5024
4837 5025 if (zonecfg_get_brand(handle, brand, sizeof (brand)) == Z_OK)
4838 5026 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BRAND),
4839 5027 brand);
4840 5028 else
4841 5029 (void) fprintf(fp, "%s %s\n", pt_to_str(PT_BRAND),
4842 5030 gettext("not specified"));
4843 5031 }
4844 5032
4845 5033 static void
4846 5034 info_autoboot(zone_dochandle_t handle, FILE *fp)
4847 5035 {
4848 5036 boolean_t autoboot;
4849 5037 int err;
4850 5038
4851 5039 if ((err = zonecfg_get_autoboot(handle, &autoboot)) == Z_OK)
4852 5040 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_AUTOBOOT),
4853 5041 autoboot ? "true" : "false");
4854 5042 else
4855 5043 zone_perror(zone, err, B_TRUE);
4856 5044 }
4857 5045
4858 5046 static void
4859 5047 info_pool(zone_dochandle_t handle, FILE *fp)
4860 5048 {
4861 5049 char pool[MAXNAMELEN];
4862 5050 int err;
4863 5051
4864 5052 if ((err = zonecfg_get_pool(handle, pool, sizeof (pool))) == Z_OK)
4865 5053 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_POOL), pool);
4866 5054 else
4867 5055 zone_perror(zone, err, B_TRUE);
4868 5056 }
4869 5057
4870 5058 static void
4871 5059 info_limitpriv(zone_dochandle_t handle, FILE *fp)
4872 5060 {
4873 5061 char *limitpriv;
4874 5062 int err;
4875 5063
4876 5064 if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) == Z_OK) {
4877 5065 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_LIMITPRIV),
4878 5066 limitpriv);
4879 5067 free(limitpriv);
4880 5068 } else {
4881 5069 zone_perror(zone, err, B_TRUE);
4882 5070 }
4883 5071 }
4884 5072
4885 5073 static void
4886 5074 info_bootargs(zone_dochandle_t handle, FILE *fp)
4887 5075 {
4888 5076 char bootargs[BOOTARGS_MAX];
4889 5077 int err;
4890 5078
4891 5079 if ((err = zonecfg_get_bootargs(handle, bootargs,
4892 5080 sizeof (bootargs))) == Z_OK) {
4893 5081 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_BOOTARGS),
4894 5082 bootargs);
4895 5083 } else {
4896 5084 zone_perror(zone, err, B_TRUE);
4897 5085 }
4898 5086 }
4899 5087
4900 5088 static void
4901 5089 info_sched(zone_dochandle_t handle, FILE *fp)
4902 5090 {
4903 5091 char sched[MAXNAMELEN];
4904 5092 int err;
4905 5093
4906 5094 if ((err = zonecfg_get_sched_class(handle, sched, sizeof (sched)))
4907 5095 == Z_OK) {
4908 5096 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_SCHED), sched);
4909 5097 } else {
4910 5098 zone_perror(zone, err, B_TRUE);
4911 5099 }
4912 5100 }
4913 5101
4914 5102 static void
4915 5103 info_iptype(zone_dochandle_t handle, FILE *fp)
4916 5104 {
4917 5105 zone_iptype_t iptype;
4918 5106 int err;
4919 5107
4920 5108 if ((err = zonecfg_get_iptype(handle, &iptype)) == Z_OK) {
4921 5109 switch (iptype) {
4922 5110 case ZS_SHARED:
4923 5111 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4924 5112 "shared");
4925 5113 break;
4926 5114 case ZS_EXCLUSIVE:
4927 5115 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_IPTYPE),
4928 5116 "exclusive");
4929 5117 break;
4930 5118 }
4931 5119 } else {
4932 5120 zone_perror(zone, err, B_TRUE);
4933 5121 }
4934 5122 }
4935 5123
4936 5124 static void
4937 5125 info_hostid(zone_dochandle_t handle, FILE *fp)
4938 5126 {
4939 5127 char hostidp[HW_HOSTID_LEN];
4940 5128 int err;
4941 5129
4942 5130 if ((err = zonecfg_get_hostid(handle, hostidp,
4943 5131 sizeof (hostidp))) == Z_OK) {
4944 5132 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_HOSTID), hostidp);
4945 5133 } else if (err == Z_BAD_PROPERTY) {
4946 5134 (void) fprintf(fp, "%s: \n", pt_to_str(PT_HOSTID));
4947 5135 } else {
4948 5136 zone_perror(zone, err, B_TRUE);
4949 5137 }
4950 5138 }
4951 5139
4952 5140 static void
4953 5141 info_fs_allowed(zone_dochandle_t handle, FILE *fp)
4954 5142 {
4955 5143 char fsallowedp[ZONE_FS_ALLOWED_MAX];
4956 5144 int err;
4957 5145
4958 5146 if ((err = zonecfg_get_fs_allowed(handle, fsallowedp,
4959 5147 sizeof (fsallowedp))) == Z_OK) {
4960 5148 (void) fprintf(fp, "%s: %s\n", pt_to_str(PT_FS_ALLOWED),
4961 5149 fsallowedp);
4962 5150 } else if (err == Z_BAD_PROPERTY) {
4963 5151 (void) fprintf(fp, "%s: \n", pt_to_str(PT_FS_ALLOWED));
4964 5152 } else {
4965 5153 zone_perror(zone, err, B_TRUE);
4966 5154 }
4967 5155 }
4968 5156
4969 5157 static void
4970 5158 output_fs(FILE *fp, struct zone_fstab *fstab)
4971 5159 {
4972 5160 zone_fsopt_t *this;
4973 5161
4974 5162 (void) fprintf(fp, "%s:\n", rt_to_str(RT_FS));
4975 5163 output_prop(fp, PT_DIR, fstab->zone_fs_dir, B_TRUE);
4976 5164 output_prop(fp, PT_SPECIAL, fstab->zone_fs_special, B_TRUE);
4977 5165 output_prop(fp, PT_RAW, fstab->zone_fs_raw, B_TRUE);
4978 5166 output_prop(fp, PT_TYPE, fstab->zone_fs_type, B_TRUE);
4979 5167 (void) fprintf(fp, "\t%s: [", pt_to_str(PT_OPTIONS));
4980 5168 for (this = fstab->zone_fs_options; this != NULL;
4981 5169 this = this->zone_fsopt_next) {
4982 5170 if (strchr(this->zone_fsopt_opt, '='))
4983 5171 (void) fprintf(fp, "\"%s\"", this->zone_fsopt_opt);
4984 5172 else
4985 5173 (void) fprintf(fp, "%s", this->zone_fsopt_opt);
4986 5174 if (this->zone_fsopt_next != NULL)
4987 5175 (void) fprintf(fp, ",");
4988 5176 }
4989 5177 (void) fprintf(fp, "]\n");
4990 5178 }
4991 5179
4992 5180 static void
4993 5181 info_fs(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
4994 5182 {
4995 5183 struct zone_fstab lookup, user;
4996 5184 boolean_t output = B_FALSE;
4997 5185
4998 5186 if (zonecfg_setfsent(handle) != Z_OK)
4999 5187 return;
5000 5188 while (zonecfg_getfsent(handle, &lookup) == Z_OK) {
5001 5189 if (cmd->cmd_prop_nv_pairs == 0) {
5002 5190 output_fs(fp, &lookup);
5003 5191 goto loopend;
5004 5192 }
5005 5193 if (fill_in_fstab(cmd, &user, B_TRUE) != Z_OK)
5006 5194 goto loopend;
5007 5195 if (strlen(user.zone_fs_dir) > 0 &&
5008 5196 strcmp(user.zone_fs_dir, lookup.zone_fs_dir) != 0)
5009 5197 goto loopend; /* no match */
5010 5198 if (strlen(user.zone_fs_special) > 0 &&
5011 5199 strcmp(user.zone_fs_special, lookup.zone_fs_special) != 0)
5012 5200 goto loopend; /* no match */
5013 5201 if (strlen(user.zone_fs_type) > 0 &&
5014 5202 strcmp(user.zone_fs_type, lookup.zone_fs_type) != 0)
5015 5203 goto loopend; /* no match */
5016 5204 output_fs(fp, &lookup);
5017 5205 output = B_TRUE;
5018 5206 loopend:
5019 5207 zonecfg_free_fs_option_list(lookup.zone_fs_options);
5020 5208 }
5021 5209 (void) zonecfg_endfsent(handle);
5022 5210 /*
5023 5211 * If a property n/v pair was specified, warn the user if there was
5024 5212 * nothing to output.
5025 5213 */
5026 5214 if (!output && cmd->cmd_prop_nv_pairs > 0)
5027 5215 (void) printf(gettext("No such %s resource.\n"),
5028 5216 rt_to_str(RT_FS));
5029 5217 }
5030 5218
5031 5219 static void
5032 5220 output_net(FILE *fp, struct zone_nwiftab *nwiftab)
5033 5221 {
5034 5222 (void) fprintf(fp, "%s:\n", rt_to_str(RT_NET));
5035 5223 output_prop(fp, PT_ADDRESS, nwiftab->zone_nwif_address, B_TRUE);
5036 5224 output_prop(fp, PT_ALLOWED_ADDRESS,
5037 5225 nwiftab->zone_nwif_allowed_address, B_TRUE);
5038 5226 output_prop(fp, PT_PHYSICAL, nwiftab->zone_nwif_physical, B_TRUE);
5039 5227 output_prop(fp, PT_DEFROUTER, nwiftab->zone_nwif_defrouter, B_TRUE);
5040 5228 }
5041 5229
5042 5230 static void
5043 5231 info_net(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5044 5232 {
5045 5233 struct zone_nwiftab lookup, user;
5046 5234 boolean_t output = B_FALSE;
5047 5235
5048 5236 if (zonecfg_setnwifent(handle) != Z_OK)
5049 5237 return;
5050 5238 while (zonecfg_getnwifent(handle, &lookup) == Z_OK) {
5051 5239 if (cmd->cmd_prop_nv_pairs == 0) {
5052 5240 output_net(fp, &lookup);
5053 5241 continue;
5054 5242 }
5055 5243 if (fill_in_nwiftab(cmd, &user, B_TRUE) != Z_OK)
5056 5244 continue;
5057 5245 if (strlen(user.zone_nwif_physical) > 0 &&
5058 5246 strcmp(user.zone_nwif_physical,
5059 5247 lookup.zone_nwif_physical) != 0)
5060 5248 continue; /* no match */
5061 5249 /* If present make sure it matches */
5062 5250 if (strlen(user.zone_nwif_address) > 0 &&
5063 5251 !zonecfg_same_net_address(user.zone_nwif_address,
5064 5252 lookup.zone_nwif_address))
5065 5253 continue; /* no match */
5066 5254 output_net(fp, &lookup);
5067 5255 output = B_TRUE;
5068 5256 }
5069 5257 (void) zonecfg_endnwifent(handle);
5070 5258 /*
5071 5259 * If a property n/v pair was specified, warn the user if there was
5072 5260 * nothing to output.
5073 5261 */
5074 5262 if (!output && cmd->cmd_prop_nv_pairs > 0)
5075 5263 (void) printf(gettext("No such %s resource.\n"),
5076 5264 rt_to_str(RT_NET));
5077 5265 }
5078 5266
5079 5267 static void
5080 5268 output_dev(FILE *fp, struct zone_devtab *devtab)
5081 5269 {
5082 5270 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DEVICE));
5083 5271 output_prop(fp, PT_MATCH, devtab->zone_dev_match, B_TRUE);
5084 5272 }
5085 5273
5086 5274 static void
5087 5275 info_dev(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5088 5276 {
5089 5277 struct zone_devtab lookup, user;
5090 5278 boolean_t output = B_FALSE;
5091 5279
5092 5280 if (zonecfg_setdevent(handle) != Z_OK)
5093 5281 return;
5094 5282 while (zonecfg_getdevent(handle, &lookup) == Z_OK) {
5095 5283 if (cmd->cmd_prop_nv_pairs == 0) {
5096 5284 output_dev(fp, &lookup);
5097 5285 continue;
5098 5286 }
5099 5287 if (fill_in_devtab(cmd, &user, B_TRUE) != Z_OK)
5100 5288 continue;
5101 5289 if (strlen(user.zone_dev_match) > 0 &&
5102 5290 strcmp(user.zone_dev_match, lookup.zone_dev_match) != 0)
5103 5291 continue; /* no match */
5104 5292 output_dev(fp, &lookup);
5105 5293 output = B_TRUE;
5106 5294 }
5107 5295 (void) zonecfg_enddevent(handle);
5108 5296 /*
5109 5297 * If a property n/v pair was specified, warn the user if there was
5110 5298 * nothing to output.
5111 5299 */
5112 5300 if (!output && cmd->cmd_prop_nv_pairs > 0)
5113 5301 (void) printf(gettext("No such %s resource.\n"),
5114 5302 rt_to_str(RT_DEVICE));
5115 5303 }
5116 5304
5117 5305 static void
5118 5306 output_rctl(FILE *fp, struct zone_rctltab *rctltab)
5119 5307 {
5120 5308 struct zone_rctlvaltab *valptr;
5121 5309
5122 5310 (void) fprintf(fp, "%s:\n", rt_to_str(RT_RCTL));
5123 5311 output_prop(fp, PT_NAME, rctltab->zone_rctl_name, B_TRUE);
5124 5312 for (valptr = rctltab->zone_rctl_valptr; valptr != NULL;
5125 5313 valptr = valptr->zone_rctlval_next) {
5126 5314 fprintf(fp, "\t%s: (%s=%s,%s=%s,%s=%s)\n",
5127 5315 pt_to_str(PT_VALUE),
5128 5316 pt_to_str(PT_PRIV), valptr->zone_rctlval_priv,
5129 5317 pt_to_str(PT_LIMIT), valptr->zone_rctlval_limit,
5130 5318 pt_to_str(PT_ACTION), valptr->zone_rctlval_action);
5131 5319 }
5132 5320 }
5133 5321
5134 5322 static void
5135 5323 info_rctl(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5136 5324 {
5137 5325 struct zone_rctltab lookup, user;
5138 5326 boolean_t output = B_FALSE;
5139 5327
5140 5328 if (zonecfg_setrctlent(handle) != Z_OK)
5141 5329 return;
5142 5330 while (zonecfg_getrctlent(handle, &lookup) == Z_OK) {
5143 5331 if (cmd->cmd_prop_nv_pairs == 0) {
5144 5332 output_rctl(fp, &lookup);
5145 5333 } else if (fill_in_rctltab(cmd, &user, B_TRUE) == Z_OK &&
5146 5334 (strlen(user.zone_rctl_name) == 0 ||
5147 5335 strcmp(user.zone_rctl_name, lookup.zone_rctl_name) == 0)) {
5148 5336 output_rctl(fp, &lookup);
5149 5337 output = B_TRUE;
5150 5338 }
5151 5339 zonecfg_free_rctl_value_list(lookup.zone_rctl_valptr);
5152 5340 }
5153 5341 (void) zonecfg_endrctlent(handle);
5154 5342 /*
5155 5343 * If a property n/v pair was specified, warn the user if there was
5156 5344 * nothing to output.
5157 5345 */
5158 5346 if (!output && cmd->cmd_prop_nv_pairs > 0)
5159 5347 (void) printf(gettext("No such %s resource.\n"),
5160 5348 rt_to_str(RT_RCTL));
5161 5349 }
5162 5350
5163 5351 static void
5164 5352 output_attr(FILE *fp, struct zone_attrtab *attrtab)
5165 5353 {
5166 5354 (void) fprintf(fp, "%s:\n", rt_to_str(RT_ATTR));
5167 5355 output_prop(fp, PT_NAME, attrtab->zone_attr_name, B_TRUE);
5168 5356 output_prop(fp, PT_TYPE, attrtab->zone_attr_type, B_TRUE);
5169 5357 output_prop(fp, PT_VALUE, attrtab->zone_attr_value, B_TRUE);
5170 5358 }
5171 5359
5172 5360 static void
5173 5361 info_attr(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5174 5362 {
5175 5363 struct zone_attrtab lookup, user;
5176 5364 boolean_t output = B_FALSE;
5177 5365
5178 5366 if (zonecfg_setattrent(handle) != Z_OK)
5179 5367 return;
5180 5368 while (zonecfg_getattrent(handle, &lookup) == Z_OK) {
5181 5369 if (cmd->cmd_prop_nv_pairs == 0) {
5182 5370 output_attr(fp, &lookup);
5183 5371 continue;
5184 5372 }
5185 5373 if (fill_in_attrtab(cmd, &user, B_TRUE) != Z_OK)
5186 5374 continue;
5187 5375 if (strlen(user.zone_attr_name) > 0 &&
5188 5376 strcmp(user.zone_attr_name, lookup.zone_attr_name) != 0)
5189 5377 continue; /* no match */
5190 5378 if (strlen(user.zone_attr_type) > 0 &&
5191 5379 strcmp(user.zone_attr_type, lookup.zone_attr_type) != 0)
5192 5380 continue; /* no match */
5193 5381 if (strlen(user.zone_attr_value) > 0 &&
5194 5382 strcmp(user.zone_attr_value, lookup.zone_attr_value) != 0)
5195 5383 continue; /* no match */
5196 5384 output_attr(fp, &lookup);
5197 5385 output = B_TRUE;
5198 5386 }
5199 5387 (void) zonecfg_endattrent(handle);
5200 5388 /*
5201 5389 * If a property n/v pair was specified, warn the user if there was
5202 5390 * nothing to output.
5203 5391 */
5204 5392 if (!output && cmd->cmd_prop_nv_pairs > 0)
5205 5393 (void) printf(gettext("No such %s resource.\n"),
5206 5394 rt_to_str(RT_ATTR));
5207 5395 }
5208 5396
5209 5397 static void
5210 5398 output_ds(FILE *fp, struct zone_dstab *dstab)
5211 5399 {
5212 5400 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DATASET));
5213 5401 output_prop(fp, PT_NAME, dstab->zone_dataset_name, B_TRUE);
5214 5402 }
5215 5403
5216 5404 static void
5217 5405 info_ds(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5218 5406 {
5219 5407 struct zone_dstab lookup, user;
5220 5408 boolean_t output = B_FALSE;
5221 5409
5222 5410 if (zonecfg_setdsent(handle) != Z_OK)
5223 5411 return;
5224 5412 while (zonecfg_getdsent(handle, &lookup) == Z_OK) {
5225 5413 if (cmd->cmd_prop_nv_pairs == 0) {
5226 5414 output_ds(fp, &lookup);
5227 5415 continue;
5228 5416 }
5229 5417 if (fill_in_dstab(cmd, &user, B_TRUE) != Z_OK)
5230 5418 continue;
5231 5419 if (strlen(user.zone_dataset_name) > 0 &&
5232 5420 strcmp(user.zone_dataset_name,
5233 5421 lookup.zone_dataset_name) != 0)
5234 5422 continue; /* no match */
5235 5423 output_ds(fp, &lookup);
5236 5424 output = B_TRUE;
5237 5425 }
5238 5426 (void) zonecfg_enddsent(handle);
5239 5427 /*
5240 5428 * If a property n/v pair was specified, warn the user if there was
5241 5429 * nothing to output.
5242 5430 */
5243 5431 if (!output && cmd->cmd_prop_nv_pairs > 0)
5244 5432 (void) printf(gettext("No such %s resource.\n"),
5245 5433 rt_to_str(RT_DATASET));
5246 5434 }
5247 5435
5248 5436 static void
5249 5437 output_pset(FILE *fp, struct zone_psettab *psettab)
5250 5438 {
5251 5439 (void) fprintf(fp, "%s:\n", rt_to_str(RT_DCPU));
5252 5440 if (strcmp(psettab->zone_ncpu_min, psettab->zone_ncpu_max) == 0)
5253 5441 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_NCPUS),
5254 5442 psettab->zone_ncpu_max);
5255 5443 else
5256 5444 (void) fprintf(fp, "\t%s: %s-%s\n", pt_to_str(PT_NCPUS),
5257 5445 psettab->zone_ncpu_min, psettab->zone_ncpu_max);
5258 5446 if (psettab->zone_importance[0] != '\0')
5259 5447 (void) fprintf(fp, "\t%s: %s\n", pt_to_str(PT_IMPORTANCE),
5260 5448 psettab->zone_importance);
5261 5449 }
5262 5450
5263 5451 static void
5264 5452 info_pset(zone_dochandle_t handle, FILE *fp)
5265 5453 {
5266 5454 struct zone_psettab lookup;
5267 5455
5268 5456 if (zonecfg_getpsetent(handle, &lookup) == Z_OK)
5269 5457 output_pset(fp, &lookup);
5270 5458 }
5271 5459
5272 5460 static void
5273 5461 output_pcap(FILE *fp)
5274 5462 {
5275 5463 uint64_t cap;
5276 5464
5277 5465 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &cap) == Z_OK) {
5278 5466 float scaled = (float)cap / 100;
5279 5467 (void) fprintf(fp, "%s:\n", rt_to_str(RT_PCAP));
5280 5468 (void) fprintf(fp, "\t[%s: %.2f]\n", pt_to_str(PT_NCPUS),
5281 5469 scaled);
5282 5470 }
5283 5471 }
5284 5472
5285 5473 static void
5286 5474 info_pcap(FILE *fp)
5287 5475 {
5288 5476 output_pcap(fp);
5289 5477 }
5290 5478
5291 5479
5292 5480 static void
5293 5481 info_aliased_rctl(zone_dochandle_t handle, FILE *fp, char *alias)
5294 5482 {
5295 5483 uint64_t limit;
5296 5484
5297 5485 if (zonecfg_get_aliased_rctl(handle, alias, &limit) == Z_OK) {
5298 5486 /* convert memory based properties */
5299 5487 if (strcmp(alias, ALIAS_MAXSHMMEM) == 0) {
5300 5488 char buf[128];
5301 5489
5302 5490 (void) snprintf(buf, sizeof (buf), "%llu", limit);
5303 5491 bytes_to_units(buf, buf, sizeof (buf));
5304 5492 (void) fprintf(fp, "[%s: %s]\n", alias, buf);
5305 5493 return;
5306 5494 }
5307 5495
5308 5496 (void) fprintf(fp, "[%s: %llu]\n", alias, limit);
5309 5497 }
5310 5498 }
5311 5499
5312 5500 static void
5313 5501 bytes_to_units(char *str, char *buf, int bufsize)
5314 5502 {
5315 5503 unsigned long long num;
5316 5504 unsigned long long save = 0;
5317 5505 char *units = "BKMGT";
5318 5506 char *up = units;
5319 5507
5320 5508 num = strtoll(str, NULL, 10);
5321 5509
5322 5510 if (num < 1024) {
5323 5511 (void) snprintf(buf, bufsize, "%llu", num);
5324 5512 return;
5325 5513 }
5326 5514
5327 5515 while ((num >= 1024) && (*up != 'T')) {
5328 5516 up++; /* next unit of measurement */
5329 5517 save = num;
5330 5518 num = (num + 512) >> 10;
5331 5519 }
5332 5520
5333 5521 /* check if we should output a fraction. snprintf will round for us */
5334 5522 if (save % 1024 != 0 && ((save >> 10) < 10))
5335 5523 (void) snprintf(buf, bufsize, "%2.1f%c", ((float)save / 1024),
5336 5524 *up);
5337 5525 else
5338 5526 (void) snprintf(buf, bufsize, "%llu%c", num, *up);
5339 5527 }
5340 5528
5341 5529 static void
5342 5530 output_mcap(FILE *fp, struct zone_mcaptab *mcaptab, int showswap,
5343 5531 uint64_t maxswap, int showlocked, uint64_t maxlocked)
5344 5532 {
5345 5533 char buf[128];
5346 5534
5347 5535 (void) fprintf(fp, "%s:\n", rt_to_str(RT_MCAP));
5348 5536 if (mcaptab->zone_physmem_cap[0] != '\0') {
5349 5537 bytes_to_units(mcaptab->zone_physmem_cap, buf, sizeof (buf));
5350 5538 output_prop(fp, PT_PHYSICAL, buf, B_TRUE);
5351 5539 }
5352 5540
5353 5541 if (showswap == Z_OK) {
5354 5542 (void) snprintf(buf, sizeof (buf), "%llu", maxswap);
5355 5543 bytes_to_units(buf, buf, sizeof (buf));
5356 5544 output_prop(fp, PT_SWAP, buf, B_TRUE);
5357 5545 }
5358 5546
5359 5547 if (showlocked == Z_OK) {
5360 5548 (void) snprintf(buf, sizeof (buf), "%llu", maxlocked);
5361 5549 bytes_to_units(buf, buf, sizeof (buf));
5362 5550 output_prop(fp, PT_LOCKED, buf, B_TRUE);
5363 5551 }
5364 5552 }
5365 5553
5366 5554 static void
5367 5555 info_mcap(zone_dochandle_t handle, FILE *fp)
5368 5556 {
5369 5557 int res1, res2, res3;
5370 5558 uint64_t swap_limit;
5371 5559 uint64_t locked_limit;
5372 5560 struct zone_mcaptab lookup;
5373 5561
5374 5562 bzero(&lookup, sizeof (lookup));
5375 5563 res1 = zonecfg_getmcapent(handle, &lookup);
5376 5564 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP, &swap_limit);
5377 5565 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
5378 5566 &locked_limit);
5379 5567
5380 5568 if (res1 == Z_OK || res2 == Z_OK || res3 == Z_OK)
5381 5569 output_mcap(fp, &lookup, res2, swap_limit, res3, locked_limit);
5382 5570 }
|
↓ open down ↓ |
594 lines elided |
↑ open up ↑ |
5383 5571
5384 5572 static void
5385 5573 output_auth(FILE *fp, struct zone_admintab *admintab)
5386 5574 {
5387 5575 (void) fprintf(fp, "%s:\n", rt_to_str(RT_ADMIN));
5388 5576 output_prop(fp, PT_USER, admintab->zone_admin_user, B_TRUE);
5389 5577 output_prop(fp, PT_AUTHS, admintab->zone_admin_auths, B_TRUE);
5390 5578 }
5391 5579
5392 5580 static void
5581 +output_secflags(FILE *fp, struct zone_secflagstab *sftab)
5582 +{
5583 + (void) fprintf(fp, "%s:\n", rt_to_str(RT_SECFLAGS));
5584 + output_prop(fp, PT_DEFAULT, sftab->zone_secflags_default, B_TRUE);
5585 + output_prop(fp, PT_LOWER, sftab->zone_secflags_lower, B_TRUE);
5586 + output_prop(fp, PT_UPPER, sftab->zone_secflags_upper, B_TRUE);
5587 +}
5588 +
5589 +static void
5393 5590 info_auth(zone_dochandle_t handle, FILE *fp, cmd_t *cmd)
5394 5591 {
5395 5592 struct zone_admintab lookup, user;
5396 5593 boolean_t output = B_FALSE;
5397 5594 int err;
5398 5595
5399 5596 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
5400 5597 zone_perror(zone, err, B_TRUE);
5401 5598 return;
5402 5599 }
5403 5600 while (zonecfg_getadminent(handle, &lookup) == Z_OK) {
5404 5601 if (cmd->cmd_prop_nv_pairs == 0) {
5405 5602 output_auth(fp, &lookup);
5406 5603 continue;
5407 5604 }
5408 5605 if (fill_in_admintab(cmd, &user, B_TRUE) != Z_OK)
5409 5606 continue;
5410 5607 if (strlen(user.zone_admin_user) > 0 &&
5411 5608 strcmp(user.zone_admin_user, lookup.zone_admin_user) != 0)
5412 5609 continue; /* no match */
5413 5610 output_auth(fp, &lookup);
5414 5611 output = B_TRUE;
5415 5612 }
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
5416 5613 (void) zonecfg_endadminent(handle);
5417 5614 /*
5418 5615 * If a property n/v pair was specified, warn the user if there was
5419 5616 * nothing to output.
5420 5617 */
5421 5618 if (!output && cmd->cmd_prop_nv_pairs > 0)
5422 5619 (void) printf(gettext("No such %s resource.\n"),
5423 5620 rt_to_str(RT_ADMIN));
5424 5621 }
5425 5622
5623 +static void
5624 +info_secflags(zone_dochandle_t handle, FILE *fp)
5625 +{
5626 + struct zone_secflagstab sftab;
5627 + int err;
5628 +
5629 + if ((err = zonecfg_lookup_secflags(handle, &sftab)) != Z_OK) {
5630 + zone_perror(zone, err, B_TRUE);
5631 + return;
5632 + }
5633 +
5634 + output_secflags(fp, &sftab);
5635 +}
5636 +
5426 5637 void
5427 5638 info_func(cmd_t *cmd)
5428 5639 {
5429 5640 FILE *fp = stdout;
5430 5641 boolean_t need_to_close = B_FALSE;
5431 5642 int type;
5432 5643 int res1, res2;
5433 5644 uint64_t swap_limit;
5434 5645 uint64_t locked_limit;
5435 5646
5436 5647 assert(cmd != NULL);
5437 5648
5438 5649 if (initialize(B_TRUE) != Z_OK)
5439 5650 return;
5440 5651
5441 5652 /* don't page error output */
5442 5653 if (interactive_mode) {
5443 5654 if ((fp = pager_open()) != NULL)
5444 5655 need_to_close = B_TRUE;
5445 5656 else
5446 5657 fp = stdout;
5447 5658
5448 5659 setbuf(fp, NULL);
5449 5660 }
5450 5661
5451 5662 if (!global_scope) {
5452 5663 switch (resource_scope) {
5453 5664 case RT_FS:
5454 5665 output_fs(fp, &in_progress_fstab);
5455 5666 break;
5456 5667 case RT_NET:
5457 5668 output_net(fp, &in_progress_nwiftab);
5458 5669 break;
5459 5670 case RT_DEVICE:
5460 5671 output_dev(fp, &in_progress_devtab);
5461 5672 break;
5462 5673 case RT_RCTL:
5463 5674 output_rctl(fp, &in_progress_rctltab);
5464 5675 break;
5465 5676 case RT_ATTR:
5466 5677 output_attr(fp, &in_progress_attrtab);
5467 5678 break;
5468 5679 case RT_DATASET:
5469 5680 output_ds(fp, &in_progress_dstab);
5470 5681 break;
5471 5682 case RT_DCPU:
5472 5683 output_pset(fp, &in_progress_psettab);
5473 5684 break;
5474 5685 case RT_PCAP:
5475 5686 output_pcap(fp);
5476 5687 break;
5477 5688 case RT_MCAP:
|
↓ open down ↓ |
42 lines elided |
↑ open up ↑ |
5478 5689 res1 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
5479 5690 &swap_limit);
5480 5691 res2 = zonecfg_get_aliased_rctl(handle,
5481 5692 ALIAS_MAXLOCKEDMEM, &locked_limit);
5482 5693 output_mcap(fp, &in_progress_mcaptab, res1, swap_limit,
5483 5694 res2, locked_limit);
5484 5695 break;
5485 5696 case RT_ADMIN:
5486 5697 output_auth(fp, &in_progress_admintab);
5487 5698 break;
5699 + case RT_SECFLAGS:
5700 + output_secflags(fp, &in_progress_secflagstab);
5701 + break;
5488 5702 }
5489 5703 goto cleanup;
5490 5704 }
5491 5705
5492 5706 type = cmd->cmd_res_type;
5493 5707
5494 5708 if (gz_invalid_rt_property(type)) {
5495 5709 zerr(gettext("%s is not a valid property for the global zone."),
5496 5710 rt_to_str(type));
5497 5711 goto cleanup;
5498 5712 }
5499 5713
5500 5714 if (gz_invalid_resource(type)) {
5501 5715 zerr(gettext("%s is not a valid resource for the global zone."),
5502 5716 rt_to_str(type));
5503 5717 goto cleanup;
5504 5718 }
5505 5719
5506 5720 switch (cmd->cmd_res_type) {
5507 5721 case RT_UNKNOWN:
5508 5722 info_zonename(handle, fp);
5509 5723 if (!global_zone) {
5510 5724 info_zonepath(handle, fp);
5511 5725 info_brand(handle, fp);
5512 5726 info_autoboot(handle, fp);
5513 5727 info_bootargs(handle, fp);
5514 5728 }
5515 5729 info_pool(handle, fp);
5516 5730 if (!global_zone) {
5517 5731 info_limitpriv(handle, fp);
5518 5732 info_sched(handle, fp);
5519 5733 info_iptype(handle, fp);
5520 5734 info_hostid(handle, fp);
5521 5735 info_fs_allowed(handle, fp);
5522 5736 }
5523 5737 info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5524 5738 info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5525 5739 info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5526 5740 info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5527 5741 info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5528 5742 info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5529 5743 info_aliased_rctl(handle, fp, ALIAS_SHARES);
5530 5744 if (!global_zone) {
5531 5745 info_fs(handle, fp, cmd);
5532 5746 info_net(handle, fp, cmd);
5533 5747 info_dev(handle, fp, cmd);
|
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
5534 5748 }
5535 5749 info_pset(handle, fp);
5536 5750 info_pcap(fp);
5537 5751 info_mcap(handle, fp);
5538 5752 if (!global_zone) {
5539 5753 info_attr(handle, fp, cmd);
5540 5754 info_ds(handle, fp, cmd);
5541 5755 info_auth(handle, fp, cmd);
5542 5756 }
5543 5757 info_rctl(handle, fp, cmd);
5758 + info_secflags(handle, fp);
5544 5759 break;
5545 5760 case RT_ZONENAME:
5546 5761 info_zonename(handle, fp);
5547 5762 break;
5548 5763 case RT_ZONEPATH:
5549 5764 info_zonepath(handle, fp);
5550 5765 break;
5551 5766 case RT_BRAND:
5552 5767 info_brand(handle, fp);
5553 5768 break;
5554 5769 case RT_AUTOBOOT:
5555 5770 info_autoboot(handle, fp);
5556 5771 break;
5557 5772 case RT_POOL:
5558 5773 info_pool(handle, fp);
5559 5774 break;
5560 5775 case RT_LIMITPRIV:
5561 5776 info_limitpriv(handle, fp);
5562 5777 break;
5563 5778 case RT_BOOTARGS:
5564 5779 info_bootargs(handle, fp);
5565 5780 break;
5566 5781 case RT_SCHED:
5567 5782 info_sched(handle, fp);
5568 5783 break;
5569 5784 case RT_IPTYPE:
5570 5785 info_iptype(handle, fp);
5571 5786 break;
5572 5787 case RT_MAXLWPS:
5573 5788 info_aliased_rctl(handle, fp, ALIAS_MAXLWPS);
5574 5789 break;
5575 5790 case RT_MAXPROCS:
5576 5791 info_aliased_rctl(handle, fp, ALIAS_MAXPROCS);
5577 5792 break;
5578 5793 case RT_MAXSHMMEM:
5579 5794 info_aliased_rctl(handle, fp, ALIAS_MAXSHMMEM);
5580 5795 break;
5581 5796 case RT_MAXSHMIDS:
5582 5797 info_aliased_rctl(handle, fp, ALIAS_MAXSHMIDS);
5583 5798 break;
5584 5799 case RT_MAXMSGIDS:
5585 5800 info_aliased_rctl(handle, fp, ALIAS_MAXMSGIDS);
5586 5801 break;
5587 5802 case RT_MAXSEMIDS:
5588 5803 info_aliased_rctl(handle, fp, ALIAS_MAXSEMIDS);
5589 5804 break;
5590 5805 case RT_SHARES:
5591 5806 info_aliased_rctl(handle, fp, ALIAS_SHARES);
5592 5807 break;
5593 5808 case RT_FS:
5594 5809 info_fs(handle, fp, cmd);
5595 5810 break;
5596 5811 case RT_NET:
5597 5812 info_net(handle, fp, cmd);
5598 5813 break;
5599 5814 case RT_DEVICE:
5600 5815 info_dev(handle, fp, cmd);
5601 5816 break;
5602 5817 case RT_RCTL:
5603 5818 info_rctl(handle, fp, cmd);
5604 5819 break;
5605 5820 case RT_ATTR:
5606 5821 info_attr(handle, fp, cmd);
5607 5822 break;
5608 5823 case RT_DATASET:
5609 5824 info_ds(handle, fp, cmd);
5610 5825 break;
5611 5826 case RT_DCPU:
5612 5827 info_pset(handle, fp);
5613 5828 break;
5614 5829 case RT_PCAP:
5615 5830 info_pcap(fp);
5616 5831 break;
5617 5832 case RT_MCAP:
5618 5833 info_mcap(handle, fp);
|
↓ open down ↓ |
65 lines elided |
↑ open up ↑ |
5619 5834 break;
5620 5835 case RT_HOSTID:
5621 5836 info_hostid(handle, fp);
5622 5837 break;
5623 5838 case RT_ADMIN:
5624 5839 info_auth(handle, fp, cmd);
5625 5840 break;
5626 5841 case RT_FS_ALLOWED:
5627 5842 info_fs_allowed(handle, fp);
5628 5843 break;
5844 + case RT_SECFLAGS:
5845 + info_secflags(handle, fp);
5846 + break;
5629 5847 default:
5630 5848 zone_perror(rt_to_str(cmd->cmd_res_type), Z_NO_RESOURCE_TYPE,
5631 5849 B_TRUE);
5632 5850 }
5633 5851
5634 5852 cleanup:
5635 5853 if (need_to_close)
5636 5854 (void) pager_close(fp);
5637 5855 }
5638 5856
5639 5857 /*
5640 5858 * Helper function for verify-- checks that a required string property
5641 5859 * exists.
5642 5860 */
5643 5861 static void
5644 5862 check_reqd_prop(char *attr, int rt, int pt, int *ret_val)
5645 5863 {
5646 5864 if (strlen(attr) == 0) {
5647 5865 zerr(gettext("%s: %s not specified"), rt_to_str(rt),
5648 5866 pt_to_str(pt));
5649 5867 saw_error = B_TRUE;
5650 5868 if (*ret_val == Z_OK)
5651 5869 *ret_val = Z_REQD_PROPERTY_MISSING;
5652 5870 }
5653 5871 }
5654 5872
5655 5873 static int
5656 5874 do_subproc(char *cmdbuf)
5657 5875 {
5658 5876 char inbuf[MAX_CMD_LEN];
5659 5877 FILE *file;
5660 5878 int status;
5661 5879
5662 5880 file = popen(cmdbuf, "r");
5663 5881 if (file == NULL) {
5664 5882 zerr(gettext("Could not launch: %s"), cmdbuf);
5665 5883 return (-1);
5666 5884 }
5667 5885
5668 5886 while (fgets(inbuf, sizeof (inbuf), file) != NULL)
5669 5887 fprintf(stderr, "%s", inbuf);
5670 5888 status = pclose(file);
5671 5889
5672 5890 if (WIFSIGNALED(status)) {
5673 5891 zerr(gettext("%s unexpectedly terminated due to signal %d"),
5674 5892 cmdbuf, WTERMSIG(status));
5675 5893 return (-1);
5676 5894 }
5677 5895 assert(WIFEXITED(status));
5678 5896 return (WEXITSTATUS(status));
5679 5897 }
5680 5898
5681 5899 static int
5682 5900 brand_verify(zone_dochandle_t handle)
5683 5901 {
5684 5902 char xml_file[32];
5685 5903 char cmdbuf[MAX_CMD_LEN];
5686 5904 brand_handle_t bh;
5687 5905 char brand[MAXNAMELEN];
5688 5906 int err;
5689 5907
5690 5908 if (zonecfg_get_brand(handle, brand, sizeof (brand)) != Z_OK) {
5691 5909 zerr("%s: %s\n", zone, gettext("could not get zone brand"));
5692 5910 return (Z_INVALID_DOCUMENT);
5693 5911 }
5694 5912 if ((bh = brand_open(brand)) == NULL) {
5695 5913 zerr("%s: %s\n", zone, gettext("unknown brand."));
5696 5914 return (Z_INVALID_DOCUMENT);
5697 5915 }
5698 5916
5699 5917 /*
5700 5918 * Fetch the verify command, if any, from the brand configuration
5701 5919 * and build the command line to execute it.
5702 5920 */
5703 5921 strcpy(cmdbuf, EXEC_PREFIX);
5704 5922 err = brand_get_verify_cfg(bh, cmdbuf + EXEC_LEN,
5705 5923 sizeof (cmdbuf) - (EXEC_LEN + (strlen(xml_file) + 1)));
5706 5924 brand_close(bh);
5707 5925 if (err != Z_OK) {
5708 5926 zerr("%s: %s\n", zone,
5709 5927 gettext("could not get brand verification command"));
5710 5928 return (Z_INVALID_DOCUMENT);
5711 5929 }
5712 5930
5713 5931 /*
5714 5932 * If the brand doesn't provide a verification routine, we just
5715 5933 * return success.
5716 5934 */
5717 5935 if (strlen(cmdbuf) == EXEC_LEN)
5718 5936 return (Z_OK);
5719 5937
5720 5938 /*
5721 5939 * Dump the current config information for this zone to a file.
5722 5940 */
5723 5941 strcpy(xml_file, "/tmp/zonecfg_verify.XXXXXX");
5724 5942 if (mkstemp(xml_file) == NULL)
5725 5943 return (Z_TEMP_FILE);
5726 5944 if ((err = zonecfg_verify_save(handle, xml_file)) != Z_OK) {
5727 5945 (void) unlink(xml_file);
5728 5946 return (err);
5729 5947 }
5730 5948
5731 5949 /*
5732 5950 * Execute the verification command.
5733 5951 */
5734 5952 if ((strlcat(cmdbuf, " ", MAX_CMD_LEN) >= MAX_CMD_LEN) ||
5735 5953 (strlcat(cmdbuf, xml_file, MAX_CMD_LEN) >= MAX_CMD_LEN)) {
5736 5954 err = Z_BRAND_ERROR;
5737 5955 } else {
5738 5956 err = do_subproc(cmdbuf);
5739 5957 }
5740 5958
5741 5959 (void) unlink(xml_file);
5742 5960 return ((err == Z_OK) ? Z_OK : Z_BRAND_ERROR);
5743 5961 }
5744 5962
5745 5963 /*
5746 5964 * Track the network interfaces listed in zonecfg(1m) in a linked list
5747 5965 * so that we can later check that defrouter is specified for an exclusive IP
5748 5966 * zone if and only if at least one allowed-address has been specified.
5749 5967 */
5750 5968 static boolean_t
5751 5969 add_nwif(struct zone_nwiftab *nwif)
5752 5970 {
5753 5971 struct xif *tmp;
5754 5972
5755 5973 for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5756 5974 if (strcmp(tmp->xif_name, nwif->zone_nwif_physical) == 0) {
5757 5975 if (strlen(nwif->zone_nwif_allowed_address) > 0)
5758 5976 tmp->xif_has_address = B_TRUE;
5759 5977 if (strlen(nwif->zone_nwif_defrouter) > 0)
5760 5978 tmp->xif_has_defrouter = B_TRUE;
5761 5979 return (B_TRUE);
5762 5980 }
5763 5981 }
5764 5982
5765 5983 tmp = malloc(sizeof (*tmp));
5766 5984 if (tmp == NULL) {
5767 5985 zerr(gettext("memory allocation failed for %s"),
5768 5986 nwif->zone_nwif_physical);
5769 5987 return (B_FALSE);
|
↓ open down ↓ |
131 lines elided |
↑ open up ↑ |
5770 5988 }
5771 5989 strlcpy(tmp->xif_name, nwif->zone_nwif_physical,
5772 5990 sizeof (tmp->xif_name));
5773 5991 tmp->xif_has_defrouter = (strlen(nwif->zone_nwif_defrouter) > 0);
5774 5992 tmp->xif_has_address = (strlen(nwif->zone_nwif_allowed_address) > 0);
5775 5993 tmp->xif_next = xif;
5776 5994 xif = tmp;
5777 5995 return (B_TRUE);
5778 5996 }
5779 5997
5998 +boolean_t
5999 +verify_secflags(struct zone_secflagstab *tab)
6000 +{
6001 + secflagdelta_t def = {0};
6002 + secflagdelta_t upper = {0};
6003 + secflagdelta_t lower = {0};
6004 + boolean_t def_set = B_FALSE;
6005 + boolean_t upper_set = B_FALSE;
6006 + boolean_t lower_set = B_FALSE;
6007 + boolean_t ret = B_TRUE;
6008 +
6009 + if (strlen(tab->zone_secflags_default) > 0) {
6010 + def_set = B_TRUE;
6011 + if (secflags_parse(NULL, tab->zone_secflags_default,
6012 + &def) == -1) {
6013 + zerr(gettext("default security flags '%s' are invalid"),
6014 + tab->zone_secflags_default);
6015 + ret = B_FALSE;
6016 + }
6017 + } else {
6018 + secflags_zero(&def.psd_assign);
6019 + def.psd_ass_active = B_TRUE;
6020 + }
6021 +
6022 + if (strlen(tab->zone_secflags_upper) > 0) {
6023 + upper_set = B_TRUE;
6024 + if (secflags_parse(NULL, tab->zone_secflags_upper,
6025 + &upper) == -1) {
6026 + zerr(gettext("upper security flags '%s' are invalid"),
6027 + tab->zone_secflags_upper);
6028 + ret = B_FALSE;
6029 + }
6030 + } else {
6031 + secflags_fullset(&upper.psd_assign);
6032 + upper.psd_ass_active = B_TRUE;
6033 + }
6034 +
6035 + if (strlen(tab->zone_secflags_lower) > 0) {
6036 + lower_set = B_TRUE;
6037 + if (secflags_parse(NULL, tab->zone_secflags_lower,
6038 + &lower) == -1) {
6039 + zerr(gettext("lower security flags '%s' are invalid"),
6040 + tab->zone_secflags_lower);
6041 + ret = B_FALSE;
6042 + }
6043 + } else {
6044 + secflags_zero(&lower.psd_assign);
6045 + lower.psd_ass_active = B_TRUE;
6046 + }
6047 +
6048 + if (def_set && !def.psd_ass_active) {
6049 + zerr(gettext("only assignment of security flags is "
6050 + "allowed (default: %s)"), tab->zone_secflags_default);
6051 + }
6052 +
6053 + if (lower_set && !lower.psd_ass_active) {
6054 + zerr(gettext("only assignment of security flags is "
6055 + "allowed (lower: %s)"), tab->zone_secflags_lower);
6056 + }
6057 +
6058 + if (upper_set && !upper.psd_ass_active) {
6059 + zerr(gettext("only assignment of security flags is "
6060 + "allowed (upper: %s)"), tab->zone_secflags_upper);
6061 + }
6062 +
6063 + if (def.psd_assign & ~upper.psd_assign) { /* In default but not upper */
6064 + zerr(gettext("default secflags must be within the "
6065 + "upper limit"));
6066 + ret = B_FALSE;
6067 + }
6068 + if (lower.psd_assign & ~def.psd_assign) { /* In lower but not default */
6069 + zerr(gettext("default secflags must be above the lower limit"));
6070 + ret = B_FALSE;
6071 + }
6072 + if (lower.psd_assign & ~upper.psd_assign) { /* In lower but not upper */
6073 + zerr(gettext("lower secflags must be within the upper limit"));
6074 + ret = B_FALSE;
6075 + }
6076 +
6077 + return (ret);
6078 +}
6079 +
5780 6080 /*
5781 6081 * See the DTD for which attributes are required for which resources.
5782 6082 *
5783 6083 * This function can be called by commit_func(), which needs to save things,
5784 6084 * in addition to the general call from parse_and_run(), which doesn't need
5785 6085 * things saved. Since the parameters are standardized, we distinguish by
5786 6086 * having commit_func() call here with cmd->cmd_arg set to "save" to indicate
5787 6087 * that a save is needed.
5788 6088 */
5789 6089 void
5790 6090 verify_func(cmd_t *cmd)
5791 6091 {
5792 6092 struct zone_nwiftab nwiftab;
5793 6093 struct zone_fstab fstab;
5794 6094 struct zone_attrtab attrtab;
5795 6095 struct zone_rctltab rctltab;
5796 6096 struct zone_dstab dstab;
5797 6097 struct zone_psettab psettab;
5798 6098 struct zone_admintab admintab;
6099 + struct zone_secflagstab secflagstab;
5799 6100 char zonepath[MAXPATHLEN];
5800 6101 char sched[MAXNAMELEN];
5801 6102 char brand[MAXNAMELEN];
5802 6103 char hostidp[HW_HOSTID_LEN];
5803 6104 char fsallowedp[ZONE_FS_ALLOWED_MAX];
5804 6105 priv_set_t *privs;
5805 6106 char *privname = NULL;
5806 6107 int err, ret_val = Z_OK, arg;
5807 6108 int pset_res;
5808 6109 boolean_t save = B_FALSE;
5809 6110 boolean_t arg_err = B_FALSE;
5810 6111 zone_iptype_t iptype;
5811 6112 boolean_t has_cpu_shares = B_FALSE;
5812 6113 boolean_t has_cpu_cap = B_FALSE;
5813 6114 struct xif *tmp;
5814 6115
5815 6116 optind = 0;
5816 6117 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
5817 6118 switch (arg) {
5818 6119 case '?':
5819 6120 longer_usage(CMD_VERIFY);
5820 6121 arg_err = B_TRUE;
5821 6122 break;
5822 6123 default:
5823 6124 short_usage(CMD_VERIFY);
5824 6125 arg_err = B_TRUE;
5825 6126 break;
5826 6127 }
5827 6128 }
5828 6129 if (arg_err)
5829 6130 return;
5830 6131
5831 6132 if (optind > cmd->cmd_argc) {
5832 6133 short_usage(CMD_VERIFY);
5833 6134 return;
5834 6135 }
5835 6136
5836 6137 if (zone_is_read_only(CMD_VERIFY))
5837 6138 return;
5838 6139
5839 6140 assert(cmd != NULL);
5840 6141
5841 6142 if (cmd->cmd_argc > 0 && (strcmp(cmd->cmd_argv[0], "save") == 0))
5842 6143 save = B_TRUE;
5843 6144 if (initialize(B_TRUE) != Z_OK)
5844 6145 return;
5845 6146
5846 6147 if (zonecfg_get_zonepath(handle, zonepath, sizeof (zonepath)) != Z_OK &&
5847 6148 !global_zone) {
5848 6149 zerr(gettext("%s not specified"), pt_to_str(PT_ZONEPATH));
5849 6150 ret_val = Z_REQD_RESOURCE_MISSING;
5850 6151 saw_error = B_TRUE;
5851 6152 }
5852 6153 if (strlen(zonepath) == 0 && !global_zone) {
5853 6154 zerr(gettext("%s cannot be empty."), pt_to_str(PT_ZONEPATH));
5854 6155 ret_val = Z_REQD_RESOURCE_MISSING;
5855 6156 saw_error = B_TRUE;
5856 6157 }
5857 6158
5858 6159 if ((err = zonecfg_get_brand(handle, brand, sizeof (brand))) != Z_OK) {
5859 6160 zone_perror(zone, err, B_TRUE);
5860 6161 return;
5861 6162 }
5862 6163 if ((err = brand_verify(handle)) != Z_OK) {
5863 6164 zone_perror(zone, err, B_TRUE);
5864 6165 return;
5865 6166 }
5866 6167
5867 6168 if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
5868 6169 zerr("%s %s", gettext("cannot get"), pt_to_str(PT_IPTYPE));
5869 6170 ret_val = Z_REQD_RESOURCE_MISSING;
5870 6171 saw_error = B_TRUE;
5871 6172 }
5872 6173
5873 6174 if ((privs = priv_allocset()) == NULL) {
5874 6175 zerr(gettext("%s: priv_allocset failed"), zone);
5875 6176 return;
5876 6177 }
5877 6178 if (zonecfg_get_privset(handle, privs, &privname) != Z_OK) {
5878 6179 zerr(gettext("%s: invalid privilege: %s"), zone, privname);
5879 6180 priv_freeset(privs);
5880 6181 free(privname);
5881 6182 return;
5882 6183 }
5883 6184 priv_freeset(privs);
5884 6185
5885 6186 if (zonecfg_get_hostid(handle, hostidp,
5886 6187 sizeof (hostidp)) == Z_INVALID_PROPERTY) {
5887 6188 zerr(gettext("%s: invalid hostid: %s"),
5888 6189 zone, hostidp);
5889 6190 return;
5890 6191 }
5891 6192
5892 6193 if (zonecfg_get_fs_allowed(handle, fsallowedp,
5893 6194 sizeof (fsallowedp)) == Z_INVALID_PROPERTY) {
5894 6195 zerr(gettext("%s: invalid fs-allowed: %s"),
5895 6196 zone, fsallowedp);
5896 6197 return;
5897 6198 }
5898 6199
5899 6200 if ((err = zonecfg_setfsent(handle)) != Z_OK) {
5900 6201 zone_perror(zone, err, B_TRUE);
5901 6202 return;
5902 6203 }
5903 6204 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
5904 6205 check_reqd_prop(fstab.zone_fs_dir, RT_FS, PT_DIR, &ret_val);
5905 6206 check_reqd_prop(fstab.zone_fs_special, RT_FS, PT_SPECIAL,
5906 6207 &ret_val);
5907 6208 check_reqd_prop(fstab.zone_fs_type, RT_FS, PT_TYPE, &ret_val);
5908 6209
5909 6210 zonecfg_free_fs_option_list(fstab.zone_fs_options);
5910 6211 }
5911 6212 (void) zonecfg_endfsent(handle);
5912 6213
5913 6214 if ((err = zonecfg_setnwifent(handle)) != Z_OK) {
5914 6215 zone_perror(zone, err, B_TRUE);
5915 6216 return;
5916 6217 }
5917 6218 while (zonecfg_getnwifent(handle, &nwiftab) == Z_OK) {
5918 6219 /*
5919 6220 * physical is required in all cases.
5920 6221 * A shared IP requires an address,
5921 6222 * and may include a default router, while
5922 6223 * an exclusive IP must have neither an address
5923 6224 * nor a default router.
5924 6225 * The physical interface name must be valid in all cases.
5925 6226 */
5926 6227 check_reqd_prop(nwiftab.zone_nwif_physical, RT_NET,
5927 6228 PT_PHYSICAL, &ret_val);
5928 6229 if (validate_net_physical_syntax(nwiftab.zone_nwif_physical) !=
5929 6230 Z_OK) {
5930 6231 saw_error = B_TRUE;
5931 6232 if (ret_val == Z_OK)
5932 6233 ret_val = Z_INVAL;
5933 6234 }
5934 6235
5935 6236 switch (iptype) {
5936 6237 case ZS_SHARED:
5937 6238 check_reqd_prop(nwiftab.zone_nwif_address, RT_NET,
5938 6239 PT_ADDRESS, &ret_val);
5939 6240 if (strlen(nwiftab.zone_nwif_allowed_address) > 0) {
5940 6241 zerr(gettext("%s: %s cannot be specified "
5941 6242 "for a shared IP type"),
5942 6243 rt_to_str(RT_NET),
5943 6244 pt_to_str(PT_ALLOWED_ADDRESS));
5944 6245 saw_error = B_TRUE;
5945 6246 if (ret_val == Z_OK)
5946 6247 ret_val = Z_INVAL;
5947 6248 }
5948 6249 break;
5949 6250 case ZS_EXCLUSIVE:
5950 6251 if (strlen(nwiftab.zone_nwif_address) > 0) {
5951 6252 zerr(gettext("%s: %s cannot be specified "
5952 6253 "for an exclusive IP type"),
5953 6254 rt_to_str(RT_NET), pt_to_str(PT_ADDRESS));
5954 6255 saw_error = B_TRUE;
5955 6256 if (ret_val == Z_OK)
5956 6257 ret_val = Z_INVAL;
5957 6258 } else {
5958 6259 if (!add_nwif(&nwiftab)) {
5959 6260 saw_error = B_TRUE;
5960 6261 if (ret_val == Z_OK)
5961 6262 ret_val = Z_INVAL;
5962 6263 }
5963 6264 }
5964 6265 break;
5965 6266 }
5966 6267 }
5967 6268 for (tmp = xif; tmp != NULL; tmp = tmp->xif_next) {
5968 6269 if (!tmp->xif_has_address && tmp->xif_has_defrouter) {
5969 6270 zerr(gettext("%s: %s for %s cannot be specified "
5970 6271 "without %s for an exclusive IP type"),
5971 6272 rt_to_str(RT_NET), pt_to_str(PT_DEFROUTER),
5972 6273 tmp->xif_name, pt_to_str(PT_ALLOWED_ADDRESS));
5973 6274 saw_error = B_TRUE;
5974 6275 ret_val = Z_INVAL;
5975 6276 }
5976 6277 }
5977 6278 free(xif);
5978 6279 xif = NULL;
5979 6280 (void) zonecfg_endnwifent(handle);
5980 6281
5981 6282 if ((err = zonecfg_setrctlent(handle)) != Z_OK) {
5982 6283 zone_perror(zone, err, B_TRUE);
5983 6284 return;
5984 6285 }
5985 6286 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
5986 6287 check_reqd_prop(rctltab.zone_rctl_name, RT_RCTL, PT_NAME,
5987 6288 &ret_val);
5988 6289
5989 6290 if (strcmp(rctltab.zone_rctl_name, "zone.cpu-shares") == 0)
5990 6291 has_cpu_shares = B_TRUE;
5991 6292
5992 6293 if (strcmp(rctltab.zone_rctl_name, "zone.cpu-cap") == 0)
5993 6294 has_cpu_cap = B_TRUE;
5994 6295
5995 6296 if (rctltab.zone_rctl_valptr == NULL) {
5996 6297 zerr(gettext("%s: no %s specified"),
5997 6298 rt_to_str(RT_RCTL), pt_to_str(PT_VALUE));
5998 6299 saw_error = B_TRUE;
5999 6300 if (ret_val == Z_OK)
6000 6301 ret_val = Z_REQD_PROPERTY_MISSING;
6001 6302 } else {
6002 6303 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
6003 6304 }
6004 6305 }
6005 6306 (void) zonecfg_endrctlent(handle);
6006 6307
6007 6308 if ((pset_res = zonecfg_lookup_pset(handle, &psettab)) == Z_OK &&
6008 6309 has_cpu_shares) {
6009 6310 zerr(gettext("%s zone.cpu-shares and %s are incompatible."),
6010 6311 rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6011 6312 saw_error = B_TRUE;
6012 6313 if (ret_val == Z_OK)
6013 6314 ret_val = Z_INCOMPATIBLE;
6014 6315 }
6015 6316
6016 6317 if (has_cpu_shares && zonecfg_get_sched_class(handle, sched,
6017 6318 sizeof (sched)) == Z_OK && strlen(sched) > 0 &&
6018 6319 strcmp(sched, "FSS") != 0) {
6019 6320 zerr(gettext("WARNING: %s zone.cpu-shares and %s=%s are "
6020 6321 "incompatible"),
6021 6322 rt_to_str(RT_RCTL), rt_to_str(RT_SCHED), sched);
6022 6323 saw_error = B_TRUE;
6023 6324 if (ret_val == Z_OK)
6024 6325 ret_val = Z_INCOMPATIBLE;
6025 6326 }
6026 6327
6027 6328 if (pset_res == Z_OK && has_cpu_cap) {
6028 6329 zerr(gettext("%s zone.cpu-cap and the %s are incompatible."),
6029 6330 rt_to_str(RT_RCTL), rt_to_str(RT_DCPU));
6030 6331 saw_error = B_TRUE;
6031 6332 if (ret_val == Z_OK)
6032 6333 ret_val = Z_INCOMPATIBLE;
6033 6334 }
6034 6335
6035 6336 if ((err = zonecfg_setattrent(handle)) != Z_OK) {
6036 6337 zone_perror(zone, err, B_TRUE);
6037 6338 return;
6038 6339 }
6039 6340 while (zonecfg_getattrent(handle, &attrtab) == Z_OK) {
6040 6341 check_reqd_prop(attrtab.zone_attr_name, RT_ATTR, PT_NAME,
6041 6342 &ret_val);
6042 6343 check_reqd_prop(attrtab.zone_attr_type, RT_ATTR, PT_TYPE,
6043 6344 &ret_val);
6044 6345 check_reqd_prop(attrtab.zone_attr_value, RT_ATTR, PT_VALUE,
6045 6346 &ret_val);
6046 6347 }
6047 6348 (void) zonecfg_endattrent(handle);
6048 6349
6049 6350 if ((err = zonecfg_setdsent(handle)) != Z_OK) {
6050 6351 zone_perror(zone, err, B_TRUE);
6051 6352 return;
6052 6353 }
6053 6354 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
6054 6355 if (strlen(dstab.zone_dataset_name) == 0) {
6055 6356 zerr("%s: %s %s", rt_to_str(RT_DATASET),
6056 6357 pt_to_str(PT_NAME), gettext("not specified"));
6057 6358 saw_error = B_TRUE;
6058 6359 if (ret_val == Z_OK)
6059 6360 ret_val = Z_REQD_PROPERTY_MISSING;
6060 6361 } else if (!zfs_name_valid(dstab.zone_dataset_name,
6061 6362 ZFS_TYPE_FILESYSTEM)) {
6062 6363 zerr("%s: %s %s", rt_to_str(RT_DATASET),
6063 6364 pt_to_str(PT_NAME), gettext("invalid"));
6064 6365 saw_error = B_TRUE;
6065 6366 if (ret_val == Z_OK)
6066 6367 ret_val = Z_BAD_PROPERTY;
6067 6368 }
6068 6369
6069 6370 }
6070 6371 (void) zonecfg_enddsent(handle);
6071 6372
6072 6373 if ((err = zonecfg_setadminent(handle)) != Z_OK) {
6073 6374 zone_perror(zone, err, B_TRUE);
6074 6375 return;
6075 6376 }
6076 6377 while (zonecfg_getadminent(handle, &admintab) == Z_OK) {
6077 6378 check_reqd_prop(admintab.zone_admin_user, RT_ADMIN,
6078 6379 PT_USER, &ret_val);
6079 6380 check_reqd_prop(admintab.zone_admin_auths, RT_ADMIN,
6080 6381 PT_AUTHS, &ret_val);
6081 6382 if ((ret_val == Z_OK) && (getpwnam(admintab.zone_admin_user)
6082 6383 == NULL)) {
6083 6384 zerr(gettext("%s %s is not a valid username"),
6084 6385 pt_to_str(PT_USER),
|
↓ open down ↓ |
276 lines elided |
↑ open up ↑ |
6085 6386 admintab.zone_admin_user);
6086 6387 ret_val = Z_BAD_PROPERTY;
6087 6388 }
6088 6389 if ((ret_val == Z_OK) && (!zonecfg_valid_auths(
6089 6390 admintab.zone_admin_auths, zone))) {
6090 6391 ret_val = Z_BAD_PROPERTY;
6091 6392 }
6092 6393 }
6093 6394 (void) zonecfg_endadminent(handle);
6094 6395
6396 + if ((err = zonecfg_getsecflagsent(handle, &secflagstab)) != Z_OK) {
6397 + zone_perror(zone, err, B_TRUE);
6398 + return;
6399 + }
6400 +
6401 + /*
6402 + * No properties are required, but any specified should be
6403 + * valid
6404 + */
6405 + if (verify_secflags(&secflagstab) != B_TRUE) {
6406 + /* Error is reported from verify_secflags */
6407 + ret_val = Z_BAD_PROPERTY;
6408 + }
6409 +
6095 6410 if (!global_scope) {
6096 6411 zerr(gettext("resource specification incomplete"));
6097 6412 saw_error = B_TRUE;
6098 6413 if (ret_val == Z_OK)
6099 6414 ret_val = Z_INSUFFICIENT_SPEC;
6100 6415 }
6101 6416
6102 6417 if (save) {
6103 6418 if (ret_val == Z_OK) {
6104 6419 if ((ret_val = zonecfg_save(handle)) == Z_OK) {
6105 6420 need_to_commit = B_FALSE;
6106 6421 (void) strlcpy(revert_zone, zone,
6107 6422 sizeof (revert_zone));
6108 6423 }
6109 6424 } else {
6110 6425 zerr(gettext("Zone %s failed to verify"), zone);
6111 6426 }
6112 6427 }
6113 6428 if (ret_val != Z_OK)
6114 6429 zone_perror(zone, ret_val, B_TRUE);
6115 6430 }
6116 6431
6117 6432 void
6118 6433 cancel_func(cmd_t *cmd)
6119 6434 {
6120 6435 int arg;
6121 6436 boolean_t arg_err = B_FALSE;
6122 6437
6123 6438 assert(cmd != NULL);
6124 6439
6125 6440 optind = 0;
6126 6441 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6127 6442 switch (arg) {
6128 6443 case '?':
6129 6444 longer_usage(CMD_CANCEL);
6130 6445 arg_err = B_TRUE;
6131 6446 break;
6132 6447 default:
6133 6448 short_usage(CMD_CANCEL);
6134 6449 arg_err = B_TRUE;
6135 6450 break;
6136 6451 }
6137 6452 }
6138 6453 if (arg_err)
6139 6454 return;
6140 6455
6141 6456 if (optind != cmd->cmd_argc) {
6142 6457 short_usage(CMD_CANCEL);
6143 6458 return;
6144 6459 }
6145 6460
6146 6461 if (global_scope)
6147 6462 scope_usage(CMD_CANCEL);
6148 6463 global_scope = B_TRUE;
6149 6464 zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6150 6465 bzero(&in_progress_fstab, sizeof (in_progress_fstab));
6151 6466 bzero(&in_progress_nwiftab, sizeof (in_progress_nwiftab));
6152 6467 bzero(&in_progress_devtab, sizeof (in_progress_devtab));
6153 6468 zonecfg_free_rctl_value_list(in_progress_rctltab.zone_rctl_valptr);
6154 6469 bzero(&in_progress_rctltab, sizeof (in_progress_rctltab));
6155 6470 bzero(&in_progress_attrtab, sizeof (in_progress_attrtab));
6156 6471 bzero(&in_progress_dstab, sizeof (in_progress_dstab));
6157 6472 }
6158 6473
6159 6474 static int
6160 6475 validate_attr_name(char *name)
6161 6476 {
6162 6477 int i;
6163 6478
6164 6479 if (!isalnum(name[0])) {
6165 6480 zerr(gettext("Invalid %s %s %s: must start with an alpha-"
6166 6481 "numeric character."), rt_to_str(RT_ATTR),
6167 6482 pt_to_str(PT_NAME), name);
6168 6483 return (Z_INVAL);
6169 6484 }
6170 6485 for (i = 1; name[i]; i++)
6171 6486 if (!isalnum(name[i]) && name[i] != '-' && name[i] != '.') {
6172 6487 zerr(gettext("Invalid %s %s %s: can only contain "
6173 6488 "alpha-numeric characters, plus '-' and '.'."),
6174 6489 rt_to_str(RT_ATTR), pt_to_str(PT_NAME), name);
6175 6490 return (Z_INVAL);
6176 6491 }
6177 6492 return (Z_OK);
6178 6493 }
6179 6494
6180 6495 static int
6181 6496 validate_attr_type_val(struct zone_attrtab *attrtab)
6182 6497 {
6183 6498 boolean_t boolval;
6184 6499 int64_t intval;
6185 6500 char strval[MAXNAMELEN];
6186 6501 uint64_t uintval;
6187 6502
6188 6503 if (strcmp(attrtab->zone_attr_type, "boolean") == 0) {
6189 6504 if (zonecfg_get_attr_boolean(attrtab, &boolval) == Z_OK)
6190 6505 return (Z_OK);
6191 6506 zerr(gettext("invalid %s value for %s=%s"),
6192 6507 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "boolean");
6193 6508 return (Z_ERR);
6194 6509 }
6195 6510
6196 6511 if (strcmp(attrtab->zone_attr_type, "int") == 0) {
6197 6512 if (zonecfg_get_attr_int(attrtab, &intval) == Z_OK)
6198 6513 return (Z_OK);
6199 6514 zerr(gettext("invalid %s value for %s=%s"),
6200 6515 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "int");
6201 6516 return (Z_ERR);
6202 6517 }
6203 6518
6204 6519 if (strcmp(attrtab->zone_attr_type, "string") == 0) {
6205 6520 if (zonecfg_get_attr_string(attrtab, strval,
6206 6521 sizeof (strval)) == Z_OK)
6207 6522 return (Z_OK);
6208 6523 zerr(gettext("invalid %s value for %s=%s"),
6209 6524 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "string");
6210 6525 return (Z_ERR);
6211 6526 }
6212 6527
6213 6528 if (strcmp(attrtab->zone_attr_type, "uint") == 0) {
6214 6529 if (zonecfg_get_attr_uint(attrtab, &uintval) == Z_OK)
6215 6530 return (Z_OK);
6216 6531 zerr(gettext("invalid %s value for %s=%s"),
6217 6532 rt_to_str(RT_ATTR), pt_to_str(PT_TYPE), "uint");
6218 6533 return (Z_ERR);
6219 6534 }
6220 6535
6221 6536 zerr(gettext("invalid %s %s '%s'"), rt_to_str(RT_ATTR),
6222 6537 pt_to_str(PT_TYPE), attrtab->zone_attr_type);
6223 6538 return (Z_ERR);
6224 6539 }
6225 6540
6226 6541 /*
6227 6542 * Helper function for end_func-- checks the existence of a given property
6228 6543 * and emits a message if not specified.
6229 6544 */
6230 6545 static int
6231 6546 end_check_reqd(char *attr, int pt, boolean_t *validation_failed)
6232 6547 {
6233 6548 if (strlen(attr) == 0) {
6234 6549 *validation_failed = B_TRUE;
6235 6550 zerr(gettext("%s not specified"), pt_to_str(pt));
6236 6551 return (Z_ERR);
6237 6552 }
6238 6553 return (Z_OK);
6239 6554 }
6240 6555
6241 6556 static void
6242 6557 net_exists_error(struct zone_nwiftab nwif)
6243 6558 {
6244 6559 if (strlen(nwif.zone_nwif_address) > 0) {
6245 6560 zerr(gettext("A %s resource with the %s '%s', "
6246 6561 "and %s '%s' already exists."),
6247 6562 rt_to_str(RT_NET),
6248 6563 pt_to_str(PT_PHYSICAL),
6249 6564 nwif.zone_nwif_physical,
6250 6565 pt_to_str(PT_ADDRESS),
6251 6566 in_progress_nwiftab.zone_nwif_address);
6252 6567 } else {
6253 6568 zerr(gettext("A %s resource with the %s '%s', "
6254 6569 "and %s '%s' already exists."),
6255 6570 rt_to_str(RT_NET),
6256 6571 pt_to_str(PT_PHYSICAL),
6257 6572 nwif.zone_nwif_physical,
6258 6573 pt_to_str(PT_ALLOWED_ADDRESS),
6259 6574 nwif.zone_nwif_allowed_address);
6260 6575 }
6261 6576 }
6262 6577
6263 6578 void
6264 6579 end_func(cmd_t *cmd)
6265 6580 {
6266 6581 boolean_t validation_failed = B_FALSE;
6267 6582 boolean_t arg_err = B_FALSE;
6268 6583 struct zone_fstab tmp_fstab;
6269 6584 struct zone_nwiftab tmp_nwiftab;
6270 6585 struct zone_devtab tmp_devtab;
6271 6586 struct zone_rctltab tmp_rctltab;
6272 6587 struct zone_attrtab tmp_attrtab;
6273 6588 struct zone_dstab tmp_dstab;
6274 6589 struct zone_admintab tmp_admintab;
6275 6590 int err, arg, res1, res2, res3;
6276 6591 uint64_t swap_limit;
6277 6592 uint64_t locked_limit;
6278 6593 uint64_t proc_cap;
6279 6594
6280 6595 assert(cmd != NULL);
6281 6596
6282 6597 optind = 0;
6283 6598 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6284 6599 switch (arg) {
6285 6600 case '?':
6286 6601 longer_usage(CMD_END);
6287 6602 arg_err = B_TRUE;
6288 6603 break;
6289 6604 default:
6290 6605 short_usage(CMD_END);
6291 6606 arg_err = B_TRUE;
6292 6607 break;
6293 6608 }
6294 6609 }
6295 6610 if (arg_err)
6296 6611 return;
6297 6612
6298 6613 if (optind != cmd->cmd_argc) {
6299 6614 short_usage(CMD_END);
6300 6615 return;
6301 6616 }
6302 6617
6303 6618 if (global_scope) {
6304 6619 scope_usage(CMD_END);
6305 6620 return;
6306 6621 }
6307 6622
6308 6623 assert(end_op == CMD_ADD || end_op == CMD_SELECT);
6309 6624
6310 6625 switch (resource_scope) {
6311 6626 case RT_FS:
6312 6627 /* First make sure everything was filled in. */
6313 6628 if (end_check_reqd(in_progress_fstab.zone_fs_dir,
6314 6629 PT_DIR, &validation_failed) == Z_OK) {
6315 6630 if (in_progress_fstab.zone_fs_dir[0] != '/') {
6316 6631 zerr(gettext("%s %s is not an absolute path."),
6317 6632 pt_to_str(PT_DIR),
6318 6633 in_progress_fstab.zone_fs_dir);
6319 6634 validation_failed = B_TRUE;
6320 6635 }
6321 6636 }
6322 6637
6323 6638 (void) end_check_reqd(in_progress_fstab.zone_fs_special,
6324 6639 PT_SPECIAL, &validation_failed);
6325 6640
6326 6641 if (in_progress_fstab.zone_fs_raw[0] != '\0' &&
6327 6642 in_progress_fstab.zone_fs_raw[0] != '/') {
6328 6643 zerr(gettext("%s %s is not an absolute path."),
6329 6644 pt_to_str(PT_RAW),
6330 6645 in_progress_fstab.zone_fs_raw);
6331 6646 validation_failed = B_TRUE;
6332 6647 }
6333 6648
6334 6649 (void) end_check_reqd(in_progress_fstab.zone_fs_type, PT_TYPE,
6335 6650 &validation_failed);
6336 6651
6337 6652 if (validation_failed) {
6338 6653 saw_error = B_TRUE;
6339 6654 return;
6340 6655 }
6341 6656
6342 6657 if (end_op == CMD_ADD) {
6343 6658 /* Make sure there isn't already one like this. */
6344 6659 bzero(&tmp_fstab, sizeof (tmp_fstab));
6345 6660 (void) strlcpy(tmp_fstab.zone_fs_dir,
6346 6661 in_progress_fstab.zone_fs_dir,
6347 6662 sizeof (tmp_fstab.zone_fs_dir));
6348 6663 err = zonecfg_lookup_filesystem(handle, &tmp_fstab);
6349 6664 zonecfg_free_fs_option_list(tmp_fstab.zone_fs_options);
6350 6665 if (err == Z_OK) {
6351 6666 zerr(gettext("A %s resource "
6352 6667 "with the %s '%s' already exists."),
6353 6668 rt_to_str(RT_FS), pt_to_str(PT_DIR),
6354 6669 in_progress_fstab.zone_fs_dir);
6355 6670 saw_error = B_TRUE;
6356 6671 return;
6357 6672 }
6358 6673 err = zonecfg_add_filesystem(handle,
6359 6674 &in_progress_fstab);
6360 6675 } else {
6361 6676 err = zonecfg_modify_filesystem(handle, &old_fstab,
6362 6677 &in_progress_fstab);
6363 6678 }
6364 6679 zonecfg_free_fs_option_list(in_progress_fstab.zone_fs_options);
6365 6680 in_progress_fstab.zone_fs_options = NULL;
6366 6681 break;
6367 6682
6368 6683 case RT_NET:
6369 6684 /*
6370 6685 * First make sure everything was filled in.
6371 6686 * Since we don't know whether IP will be shared
6372 6687 * or exclusive here, some checks are deferred until
6373 6688 * the verify command.
6374 6689 */
6375 6690 (void) end_check_reqd(in_progress_nwiftab.zone_nwif_physical,
6376 6691 PT_PHYSICAL, &validation_failed);
6377 6692
6378 6693 if (validation_failed) {
6379 6694 saw_error = B_TRUE;
6380 6695 return;
6381 6696 }
6382 6697 if (end_op == CMD_ADD) {
6383 6698 /* Make sure there isn't already one like this. */
6384 6699 bzero(&tmp_nwiftab, sizeof (tmp_nwiftab));
6385 6700 (void) strlcpy(tmp_nwiftab.zone_nwif_physical,
6386 6701 in_progress_nwiftab.zone_nwif_physical,
6387 6702 sizeof (tmp_nwiftab.zone_nwif_physical));
6388 6703 (void) strlcpy(tmp_nwiftab.zone_nwif_address,
6389 6704 in_progress_nwiftab.zone_nwif_address,
6390 6705 sizeof (tmp_nwiftab.zone_nwif_address));
6391 6706 (void) strlcpy(tmp_nwiftab.zone_nwif_allowed_address,
6392 6707 in_progress_nwiftab.zone_nwif_allowed_address,
6393 6708 sizeof (tmp_nwiftab.zone_nwif_allowed_address));
6394 6709 (void) strlcpy(tmp_nwiftab.zone_nwif_defrouter,
6395 6710 in_progress_nwiftab.zone_nwif_defrouter,
6396 6711 sizeof (tmp_nwiftab.zone_nwif_defrouter));
6397 6712 if (zonecfg_lookup_nwif(handle, &tmp_nwiftab) == Z_OK) {
6398 6713 net_exists_error(in_progress_nwiftab);
6399 6714 saw_error = B_TRUE;
6400 6715 return;
6401 6716 }
6402 6717 err = zonecfg_add_nwif(handle, &in_progress_nwiftab);
6403 6718 } else {
6404 6719 err = zonecfg_modify_nwif(handle, &old_nwiftab,
6405 6720 &in_progress_nwiftab);
6406 6721 }
6407 6722 break;
6408 6723
6409 6724 case RT_DEVICE:
6410 6725 /* First make sure everything was filled in. */
6411 6726 (void) end_check_reqd(in_progress_devtab.zone_dev_match,
6412 6727 PT_MATCH, &validation_failed);
6413 6728
6414 6729 if (validation_failed) {
6415 6730 saw_error = B_TRUE;
6416 6731 return;
6417 6732 }
6418 6733
6419 6734 if (end_op == CMD_ADD) {
6420 6735 /* Make sure there isn't already one like this. */
6421 6736 (void) strlcpy(tmp_devtab.zone_dev_match,
6422 6737 in_progress_devtab.zone_dev_match,
6423 6738 sizeof (tmp_devtab.zone_dev_match));
6424 6739 if (zonecfg_lookup_dev(handle, &tmp_devtab) == Z_OK) {
6425 6740 zerr(gettext("A %s resource with the %s '%s' "
6426 6741 "already exists."), rt_to_str(RT_DEVICE),
6427 6742 pt_to_str(PT_MATCH),
6428 6743 in_progress_devtab.zone_dev_match);
6429 6744 saw_error = B_TRUE;
6430 6745 return;
6431 6746 }
6432 6747 err = zonecfg_add_dev(handle, &in_progress_devtab);
6433 6748 } else {
6434 6749 err = zonecfg_modify_dev(handle, &old_devtab,
6435 6750 &in_progress_devtab);
6436 6751 }
6437 6752 break;
6438 6753
6439 6754 case RT_RCTL:
6440 6755 /* First make sure everything was filled in. */
6441 6756 (void) end_check_reqd(in_progress_rctltab.zone_rctl_name,
6442 6757 PT_NAME, &validation_failed);
6443 6758
6444 6759 if (in_progress_rctltab.zone_rctl_valptr == NULL) {
6445 6760 zerr(gettext("no %s specified"), pt_to_str(PT_VALUE));
6446 6761 validation_failed = B_TRUE;
6447 6762 }
6448 6763
6449 6764 if (validation_failed) {
6450 6765 saw_error = B_TRUE;
6451 6766 return;
6452 6767 }
6453 6768
6454 6769 if (end_op == CMD_ADD) {
6455 6770 /* Make sure there isn't already one like this. */
6456 6771 (void) strlcpy(tmp_rctltab.zone_rctl_name,
6457 6772 in_progress_rctltab.zone_rctl_name,
6458 6773 sizeof (tmp_rctltab.zone_rctl_name));
6459 6774 tmp_rctltab.zone_rctl_valptr = NULL;
6460 6775 err = zonecfg_lookup_rctl(handle, &tmp_rctltab);
6461 6776 zonecfg_free_rctl_value_list(
6462 6777 tmp_rctltab.zone_rctl_valptr);
6463 6778 if (err == Z_OK) {
6464 6779 zerr(gettext("A %s resource "
6465 6780 "with the %s '%s' already exists."),
6466 6781 rt_to_str(RT_RCTL), pt_to_str(PT_NAME),
6467 6782 in_progress_rctltab.zone_rctl_name);
6468 6783 saw_error = B_TRUE;
6469 6784 return;
6470 6785 }
6471 6786 err = zonecfg_add_rctl(handle, &in_progress_rctltab);
6472 6787 } else {
6473 6788 err = zonecfg_modify_rctl(handle, &old_rctltab,
6474 6789 &in_progress_rctltab);
6475 6790 }
6476 6791 if (err == Z_OK) {
6477 6792 zonecfg_free_rctl_value_list(
6478 6793 in_progress_rctltab.zone_rctl_valptr);
6479 6794 in_progress_rctltab.zone_rctl_valptr = NULL;
6480 6795 }
6481 6796 break;
6482 6797
6483 6798 case RT_ATTR:
6484 6799 /* First make sure everything was filled in. */
6485 6800 (void) end_check_reqd(in_progress_attrtab.zone_attr_name,
6486 6801 PT_NAME, &validation_failed);
6487 6802 (void) end_check_reqd(in_progress_attrtab.zone_attr_type,
6488 6803 PT_TYPE, &validation_failed);
6489 6804 (void) end_check_reqd(in_progress_attrtab.zone_attr_value,
6490 6805 PT_VALUE, &validation_failed);
6491 6806
6492 6807 if (validate_attr_name(in_progress_attrtab.zone_attr_name) !=
6493 6808 Z_OK)
6494 6809 validation_failed = B_TRUE;
6495 6810
6496 6811 if (validate_attr_type_val(&in_progress_attrtab) != Z_OK)
6497 6812 validation_failed = B_TRUE;
6498 6813
6499 6814 if (validation_failed) {
6500 6815 saw_error = B_TRUE;
6501 6816 return;
6502 6817 }
6503 6818 if (end_op == CMD_ADD) {
6504 6819 /* Make sure there isn't already one like this. */
6505 6820 bzero(&tmp_attrtab, sizeof (tmp_attrtab));
6506 6821 (void) strlcpy(tmp_attrtab.zone_attr_name,
6507 6822 in_progress_attrtab.zone_attr_name,
6508 6823 sizeof (tmp_attrtab.zone_attr_name));
6509 6824 if (zonecfg_lookup_attr(handle, &tmp_attrtab) == Z_OK) {
6510 6825 zerr(gettext("An %s resource "
6511 6826 "with the %s '%s' already exists."),
6512 6827 rt_to_str(RT_ATTR), pt_to_str(PT_NAME),
6513 6828 in_progress_attrtab.zone_attr_name);
6514 6829 saw_error = B_TRUE;
6515 6830 return;
6516 6831 }
6517 6832 err = zonecfg_add_attr(handle, &in_progress_attrtab);
6518 6833 } else {
6519 6834 err = zonecfg_modify_attr(handle, &old_attrtab,
6520 6835 &in_progress_attrtab);
6521 6836 }
6522 6837 break;
6523 6838 case RT_DATASET:
6524 6839 /* First make sure everything was filled in. */
6525 6840 if (strlen(in_progress_dstab.zone_dataset_name) == 0) {
6526 6841 zerr("%s %s", pt_to_str(PT_NAME),
6527 6842 gettext("not specified"));
6528 6843 saw_error = B_TRUE;
6529 6844 validation_failed = B_TRUE;
6530 6845 }
6531 6846 if (validation_failed)
6532 6847 return;
6533 6848 if (end_op == CMD_ADD) {
6534 6849 /* Make sure there isn't already one like this. */
6535 6850 bzero(&tmp_dstab, sizeof (tmp_dstab));
6536 6851 (void) strlcpy(tmp_dstab.zone_dataset_name,
6537 6852 in_progress_dstab.zone_dataset_name,
6538 6853 sizeof (tmp_dstab.zone_dataset_name));
6539 6854 err = zonecfg_lookup_ds(handle, &tmp_dstab);
6540 6855 if (err == Z_OK) {
6541 6856 zerr(gettext("A %s resource "
6542 6857 "with the %s '%s' already exists."),
6543 6858 rt_to_str(RT_DATASET), pt_to_str(PT_NAME),
6544 6859 in_progress_dstab.zone_dataset_name);
6545 6860 saw_error = B_TRUE;
6546 6861 return;
6547 6862 }
6548 6863 err = zonecfg_add_ds(handle, &in_progress_dstab);
6549 6864 } else {
6550 6865 err = zonecfg_modify_ds(handle, &old_dstab,
6551 6866 &in_progress_dstab);
6552 6867 }
6553 6868 break;
6554 6869 case RT_DCPU:
6555 6870 /* Make sure everything was filled in. */
6556 6871 if (end_check_reqd(in_progress_psettab.zone_ncpu_min,
6557 6872 PT_NCPUS, &validation_failed) != Z_OK) {
6558 6873 saw_error = B_TRUE;
6559 6874 return;
6560 6875 }
6561 6876
6562 6877 if (end_op == CMD_ADD) {
6563 6878 err = zonecfg_add_pset(handle, &in_progress_psettab);
6564 6879 } else {
6565 6880 err = zonecfg_modify_pset(handle, &in_progress_psettab);
6566 6881 }
6567 6882 break;
6568 6883 case RT_PCAP:
6569 6884 /* Make sure everything was filled in. */
6570 6885 if (zonecfg_get_aliased_rctl(handle, ALIAS_CPUCAP, &proc_cap)
6571 6886 != Z_OK) {
6572 6887 zerr(gettext("%s not specified"), pt_to_str(PT_NCPUS));
6573 6888 saw_error = B_TRUE;
6574 6889 validation_failed = B_TRUE;
6575 6890 return;
6576 6891 }
6577 6892 err = Z_OK;
6578 6893 break;
6579 6894 case RT_MCAP:
6580 6895 /* Make sure everything was filled in. */
6581 6896 res1 = strlen(in_progress_mcaptab.zone_physmem_cap) == 0 ?
6582 6897 Z_ERR : Z_OK;
6583 6898 res2 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXSWAP,
6584 6899 &swap_limit);
6585 6900 res3 = zonecfg_get_aliased_rctl(handle, ALIAS_MAXLOCKEDMEM,
6586 6901 &locked_limit);
6587 6902
6588 6903 if (res1 != Z_OK && res2 != Z_OK && res3 != Z_OK) {
6589 6904 zerr(gettext("No property was specified. One of %s, "
6590 6905 "%s or %s is required."), pt_to_str(PT_PHYSICAL),
6591 6906 pt_to_str(PT_SWAP), pt_to_str(PT_LOCKED));
6592 6907 saw_error = B_TRUE;
6593 6908 return;
6594 6909 }
6595 6910
6596 6911 /* if phys & locked are both set, verify locked <= phys */
6597 6912 if (res1 == Z_OK && res3 == Z_OK) {
6598 6913 uint64_t phys_limit;
6599 6914 char *endp;
6600 6915
6601 6916 phys_limit = strtoull(
6602 6917 in_progress_mcaptab.zone_physmem_cap, &endp, 10);
6603 6918 if (phys_limit < locked_limit) {
6604 6919 zerr(gettext("The %s cap must be less than or "
6605 6920 "equal to the %s cap."),
6606 6921 pt_to_str(PT_LOCKED),
6607 6922 pt_to_str(PT_PHYSICAL));
6608 6923 saw_error = B_TRUE;
6609 6924 return;
6610 6925 }
6611 6926 }
6612 6927
6613 6928 err = Z_OK;
6614 6929 if (res1 == Z_OK) {
6615 6930 /*
6616 6931 * We could be ending from either an add operation
6617 6932 * or a select operation. Since all of the properties
6618 6933 * within this resource are optional, we always use
6619 6934 * modify on the mcap entry. zonecfg_modify_mcap()
6620 6935 * will handle both adding and modifying a memory cap.
6621 6936 */
6622 6937 err = zonecfg_modify_mcap(handle, &in_progress_mcaptab);
6623 6938 } else if (end_op == CMD_SELECT) {
6624 6939 /*
6625 6940 * If we're ending from a select and the physical
6626 6941 * memory cap is empty then the user could have cleared
6627 6942 * the physical cap value, so try to delete the entry.
6628 6943 */
6629 6944 (void) zonecfg_delete_mcap(handle);
6630 6945 }
6631 6946 break;
6632 6947 case RT_ADMIN:
6633 6948 /* First make sure everything was filled in. */
6634 6949 if (end_check_reqd(in_progress_admintab.zone_admin_user,
6635 6950 PT_USER, &validation_failed) == Z_OK) {
6636 6951 if (getpwnam(in_progress_admintab.zone_admin_user)
6637 6952 == NULL) {
6638 6953 zerr(gettext("%s %s is not a valid username"),
6639 6954 pt_to_str(PT_USER),
6640 6955 in_progress_admintab.zone_admin_user);
6641 6956 validation_failed = B_TRUE;
6642 6957 }
6643 6958 }
6644 6959
6645 6960 if (end_check_reqd(in_progress_admintab.zone_admin_auths,
6646 6961 PT_AUTHS, &validation_failed) == Z_OK) {
6647 6962 if (!zonecfg_valid_auths(
6648 6963 in_progress_admintab.zone_admin_auths,
6649 6964 zone)) {
6650 6965 validation_failed = B_TRUE;
6651 6966 }
6652 6967 }
6653 6968
6654 6969 if (validation_failed) {
6655 6970 saw_error = B_TRUE;
6656 6971 return;
6657 6972 }
6658 6973
6659 6974 if (end_op == CMD_ADD) {
6660 6975 /* Make sure there isn't already one like this. */
6661 6976 bzero(&tmp_admintab, sizeof (tmp_admintab));
6662 6977 (void) strlcpy(tmp_admintab.zone_admin_user,
6663 6978 in_progress_admintab.zone_admin_user,
6664 6979 sizeof (tmp_admintab.zone_admin_user));
6665 6980 err = zonecfg_lookup_admin(
6666 6981 handle, &tmp_admintab);
6667 6982 if (err == Z_OK) {
6668 6983 zerr(gettext("A %s resource "
6669 6984 "with the %s '%s' already exists."),
6670 6985 rt_to_str(RT_ADMIN),
6671 6986 pt_to_str(PT_USER),
6672 6987 in_progress_admintab.zone_admin_user);
6673 6988 saw_error = B_TRUE;
|
↓ open down ↓ |
569 lines elided |
↑ open up ↑ |
6674 6989 return;
6675 6990 }
6676 6991 err = zonecfg_add_admin(handle,
6677 6992 &in_progress_admintab, zone);
6678 6993 } else {
6679 6994 err = zonecfg_modify_admin(handle,
6680 6995 &old_admintab, &in_progress_admintab,
6681 6996 zone);
6682 6997 }
6683 6998 break;
6999 + case RT_SECFLAGS:
7000 + if (verify_secflags(&in_progress_secflagstab) != B_TRUE) {
7001 + saw_error = B_TRUE;
7002 + return;
7003 + }
7004 +
7005 + if (end_op == CMD_ADD) {
7006 + err = zonecfg_add_secflags(handle,
7007 + &in_progress_secflagstab);
7008 + } else {
7009 + err = zonecfg_modify_secflags(handle,
7010 + &old_secflagstab, &in_progress_secflagstab);
7011 + }
7012 + break;
6684 7013 default:
6685 7014 zone_perror(rt_to_str(resource_scope), Z_NO_RESOURCE_TYPE,
6686 7015 B_TRUE);
6687 7016 saw_error = B_TRUE;
6688 7017 return;
6689 7018 }
6690 7019
6691 7020 if (err != Z_OK) {
6692 7021 zone_perror(zone, err, B_TRUE);
6693 7022 } else {
6694 7023 need_to_commit = B_TRUE;
6695 7024 global_scope = B_TRUE;
6696 7025 end_op = -1;
6697 7026 }
6698 7027 }
6699 7028
6700 7029 void
6701 7030 commit_func(cmd_t *cmd)
6702 7031 {
6703 7032 int arg;
6704 7033 boolean_t arg_err = B_FALSE;
6705 7034
6706 7035 optind = 0;
6707 7036 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?")) != EOF) {
6708 7037 switch (arg) {
6709 7038 case '?':
6710 7039 longer_usage(CMD_COMMIT);
6711 7040 arg_err = B_TRUE;
6712 7041 break;
6713 7042 default:
6714 7043 short_usage(CMD_COMMIT);
6715 7044 arg_err = B_TRUE;
6716 7045 break;
6717 7046 }
6718 7047 }
6719 7048 if (arg_err)
6720 7049 return;
6721 7050
6722 7051 if (optind != cmd->cmd_argc) {
6723 7052 short_usage(CMD_COMMIT);
6724 7053 return;
6725 7054 }
6726 7055
6727 7056 if (zone_is_read_only(CMD_COMMIT))
6728 7057 return;
6729 7058
6730 7059 assert(cmd != NULL);
6731 7060
6732 7061 cmd->cmd_argc = 1;
6733 7062 /*
6734 7063 * cmd_arg normally comes from a strdup() in the lexer, and the
6735 7064 * whole cmd structure and its (char *) attributes are freed at
6736 7065 * the completion of each command, so the strdup() below is needed
6737 7066 * to match this and prevent a core dump from trying to free()
6738 7067 * something that can't be.
6739 7068 */
6740 7069 if ((cmd->cmd_argv[0] = strdup("save")) == NULL) {
6741 7070 zone_perror(zone, Z_NOMEM, B_TRUE);
6742 7071 exit(Z_ERR);
6743 7072 }
6744 7073 cmd->cmd_argv[1] = NULL;
6745 7074 verify_func(cmd);
6746 7075 }
6747 7076
6748 7077 void
6749 7078 revert_func(cmd_t *cmd)
6750 7079 {
6751 7080 char line[128]; /* enough to ask a question */
6752 7081 boolean_t force = B_FALSE;
6753 7082 boolean_t arg_err = B_FALSE;
6754 7083 int err, arg, answer;
6755 7084
6756 7085 optind = 0;
6757 7086 while ((arg = getopt(cmd->cmd_argc, cmd->cmd_argv, "?F")) != EOF) {
6758 7087 switch (arg) {
6759 7088 case '?':
6760 7089 longer_usage(CMD_REVERT);
6761 7090 arg_err = B_TRUE;
6762 7091 break;
6763 7092 case 'F':
6764 7093 force = B_TRUE;
6765 7094 break;
6766 7095 default:
6767 7096 short_usage(CMD_REVERT);
6768 7097 arg_err = B_TRUE;
6769 7098 break;
6770 7099 }
6771 7100 }
6772 7101 if (arg_err)
6773 7102 return;
6774 7103
6775 7104 if (optind != cmd->cmd_argc) {
6776 7105 short_usage(CMD_REVERT);
6777 7106 return;
6778 7107 }
6779 7108
6780 7109 if (zone_is_read_only(CMD_REVERT))
6781 7110 return;
6782 7111
6783 7112 if (!global_scope) {
6784 7113 zerr(gettext("You can only use %s in the global scope.\nUse"
6785 7114 " '%s' to cancel changes to a resource specification."),
6786 7115 cmd_to_str(CMD_REVERT), cmd_to_str(CMD_CANCEL));
6787 7116 saw_error = B_TRUE;
6788 7117 return;
6789 7118 }
6790 7119
6791 7120 if (zonecfg_check_handle(handle) != Z_OK) {
6792 7121 zerr(gettext("No changes to revert."));
6793 7122 saw_error = B_TRUE;
6794 7123 return;
6795 7124 }
6796 7125
6797 7126 if (!force) {
6798 7127 (void) snprintf(line, sizeof (line),
6799 7128 gettext("Are you sure you want to revert"));
6800 7129 if ((answer = ask_yesno(B_FALSE, line)) == -1) {
6801 7130 zerr(gettext("Input not from terminal and -F not "
6802 7131 "specified:\n%s command ignored, exiting."),
6803 7132 cmd_to_str(CMD_REVERT));
6804 7133 exit(Z_ERR);
6805 7134 }
6806 7135 if (answer != 1)
6807 7136 return;
6808 7137 }
6809 7138
6810 7139 /*
6811 7140 * Reset any pending admins that were
6812 7141 * removed from the previous zone
6813 7142 */
6814 7143 zonecfg_remove_userauths(handle, "", zone, B_FALSE);
6815 7144
6816 7145 /*
6817 7146 * Time for a new handle: finish the old one off first
6818 7147 * then get a new one properly to avoid leaks.
6819 7148 */
6820 7149 zonecfg_fini_handle(handle);
6821 7150 if ((handle = zonecfg_init_handle()) == NULL) {
6822 7151 zone_perror(execname, Z_NOMEM, B_TRUE);
6823 7152 exit(Z_ERR);
6824 7153 }
6825 7154
6826 7155 if ((err = zonecfg_get_handle(revert_zone, handle)) != Z_OK) {
6827 7156 saw_error = B_TRUE;
6828 7157 got_handle = B_FALSE;
6829 7158 if (err == Z_NO_ZONE)
6830 7159 zerr(gettext("%s: no such saved zone to revert to."),
6831 7160 revert_zone);
6832 7161 else
6833 7162 zone_perror(zone, err, B_TRUE);
6834 7163 }
6835 7164 (void) strlcpy(zone, revert_zone, sizeof (zone));
6836 7165 }
6837 7166
6838 7167 void
6839 7168 help_func(cmd_t *cmd)
6840 7169 {
6841 7170 int i;
6842 7171
6843 7172 assert(cmd != NULL);
6844 7173
6845 7174 if (cmd->cmd_argc == 0) {
6846 7175 usage(B_TRUE, global_scope ? HELP_SUBCMDS : HELP_RES_SCOPE);
6847 7176 return;
6848 7177 }
6849 7178 if (strcmp(cmd->cmd_argv[0], "usage") == 0) {
6850 7179 usage(B_TRUE, HELP_USAGE);
6851 7180 return;
6852 7181 }
6853 7182 if (strcmp(cmd->cmd_argv[0], "commands") == 0) {
6854 7183 usage(B_TRUE, HELP_SUBCMDS);
6855 7184 return;
6856 7185 }
6857 7186 if (strcmp(cmd->cmd_argv[0], "syntax") == 0) {
6858 7187 usage(B_TRUE, HELP_SYNTAX | HELP_RES_PROPS);
6859 7188 return;
6860 7189 }
6861 7190 if (strcmp(cmd->cmd_argv[0], "-?") == 0) {
6862 7191 longer_usage(CMD_HELP);
6863 7192 return;
6864 7193 }
6865 7194
6866 7195 for (i = 0; i <= CMD_MAX; i++) {
6867 7196 if (strcmp(cmd->cmd_argv[0], cmd_to_str(i)) == 0) {
6868 7197 longer_usage(i);
6869 7198 return;
6870 7199 }
6871 7200 }
6872 7201 /* We do not use zerr() here because we do not want its extra \n. */
6873 7202 (void) fprintf(stderr, gettext("Unknown help subject %s. "),
6874 7203 cmd->cmd_argv[0]);
6875 7204 usage(B_FALSE, HELP_META);
6876 7205 }
6877 7206
6878 7207 static int
6879 7208 string_to_yyin(char *string)
6880 7209 {
6881 7210 if ((yyin = tmpfile()) == NULL) {
6882 7211 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6883 7212 return (Z_ERR);
6884 7213 }
6885 7214 if (fwrite(string, strlen(string), 1, yyin) != 1) {
6886 7215 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6887 7216 return (Z_ERR);
6888 7217 }
6889 7218 if (fseek(yyin, 0, SEEK_SET) != 0) {
6890 7219 zone_perror(execname, Z_TEMP_FILE, B_TRUE);
6891 7220 return (Z_ERR);
6892 7221 }
6893 7222 return (Z_OK);
6894 7223 }
6895 7224
6896 7225 /* This is the back-end helper function for read_input() below. */
6897 7226
6898 7227 static int
6899 7228 cleanup()
6900 7229 {
6901 7230 int answer;
6902 7231 cmd_t *cmd;
6903 7232
6904 7233 if (!interactive_mode && !cmd_file_mode) {
6905 7234 /*
6906 7235 * If we're not in interactive mode, and we're not in command
6907 7236 * file mode, then we must be in commands-from-the-command-line
6908 7237 * mode. As such, we can't loop back and ask for more input.
6909 7238 * It was OK to prompt for such things as whether or not to
6910 7239 * really delete a zone in the command handler called from
6911 7240 * yyparse() above, but "really quit?" makes no sense in this
6912 7241 * context. So disable prompting.
6913 7242 */
6914 7243 ok_to_prompt = B_FALSE;
6915 7244 }
6916 7245 if (!global_scope) {
6917 7246 if (!time_to_exit) {
6918 7247 /*
6919 7248 * Just print a simple error message in the -1 case,
6920 7249 * since exit_func() already handles that case, and
6921 7250 * EOF means we are finished anyway.
6922 7251 */
6923 7252 answer = ask_yesno(B_FALSE,
6924 7253 gettext("Resource incomplete; really quit"));
6925 7254 if (answer == -1) {
6926 7255 zerr(gettext("Resource incomplete."));
6927 7256 return (Z_ERR);
6928 7257 }
6929 7258 if (answer != 1) {
6930 7259 yyin = stdin;
6931 7260 return (Z_REPEAT);
6932 7261 }
6933 7262 } else {
6934 7263 saw_error = B_TRUE;
6935 7264 }
6936 7265 }
6937 7266 /*
6938 7267 * Make sure we tried something and that the handle checks
6939 7268 * out, or we would get a false error trying to commit.
6940 7269 */
6941 7270 if (need_to_commit && zonecfg_check_handle(handle) == Z_OK) {
6942 7271 if ((cmd = alloc_cmd()) == NULL) {
6943 7272 zone_perror(zone, Z_NOMEM, B_TRUE);
6944 7273 return (Z_ERR);
6945 7274 }
6946 7275 cmd->cmd_argc = 0;
6947 7276 cmd->cmd_argv[0] = NULL;
6948 7277 commit_func(cmd);
6949 7278 free_cmd(cmd);
6950 7279 /*
6951 7280 * need_to_commit will get set back to FALSE if the
6952 7281 * configuration is saved successfully.
6953 7282 */
6954 7283 if (need_to_commit) {
6955 7284 if (force_exit) {
6956 7285 zerr(gettext("Configuration not saved."));
6957 7286 return (Z_ERR);
6958 7287 }
6959 7288 answer = ask_yesno(B_FALSE,
6960 7289 gettext("Configuration not saved; really quit"));
6961 7290 if (answer == -1) {
6962 7291 zerr(gettext("Configuration not saved."));
6963 7292 return (Z_ERR);
6964 7293 }
6965 7294 if (answer != 1) {
6966 7295 time_to_exit = B_FALSE;
6967 7296 yyin = stdin;
6968 7297 return (Z_REPEAT);
6969 7298 }
6970 7299 }
6971 7300 }
6972 7301 return ((need_to_commit || saw_error) ? Z_ERR : Z_OK);
6973 7302 }
6974 7303
6975 7304 /*
6976 7305 * read_input() is the driver of this program. It is a wrapper around
6977 7306 * yyparse(), printing appropriate prompts when needed, checking for
6978 7307 * exit conditions and reacting appropriately [the latter in its cleanup()
6979 7308 * helper function].
6980 7309 *
6981 7310 * Like most zonecfg functions, it returns Z_OK or Z_ERR, *or* Z_REPEAT
6982 7311 * so do_interactive() knows that we are not really done (i.e, we asked
6983 7312 * the user if we should really quit and the user said no).
6984 7313 */
6985 7314 static int
6986 7315 read_input()
6987 7316 {
6988 7317 boolean_t yyin_is_a_tty = isatty(fileno(yyin));
6989 7318 /*
6990 7319 * The prompt is "e:z> " or "e:z:r> " where e is execname, z is zone
6991 7320 * and r is resource_scope: 5 is for the two ":"s + "> " + terminator.
6992 7321 */
6993 7322 char prompt[MAXPATHLEN + ZONENAME_MAX + MAX_RT_STRLEN + 5], *line;
6994 7323
6995 7324 /* yyin should have been set to the appropriate (FILE *) if not stdin */
6996 7325 newline_terminated = B_TRUE;
6997 7326 for (;;) {
6998 7327 if (yyin_is_a_tty) {
6999 7328 if (newline_terminated) {
7000 7329 if (global_scope)
7001 7330 (void) snprintf(prompt, sizeof (prompt),
7002 7331 "%s:%s> ", execname, zone);
7003 7332 else
7004 7333 (void) snprintf(prompt, sizeof (prompt),
7005 7334 "%s:%s:%s> ", execname, zone,
7006 7335 rt_to_str(resource_scope));
7007 7336 }
7008 7337 /*
7009 7338 * If the user hits ^C then we want to catch it and
7010 7339 * start over. If the user hits EOF then we want to
7011 7340 * bail out.
7012 7341 */
7013 7342 line = gl_get_line(gl, prompt, NULL, -1);
7014 7343 if (gl_return_status(gl) == GLR_SIGNAL) {
7015 7344 gl_abandon_line(gl);
7016 7345 continue;
7017 7346 }
7018 7347 if (line == NULL)
7019 7348 break;
7020 7349 (void) string_to_yyin(line);
7021 7350 while (!feof(yyin))
7022 7351 yyparse();
7023 7352 } else {
7024 7353 yyparse();
7025 7354 }
7026 7355 /* Bail out on an error in command file mode. */
7027 7356 if (saw_error && cmd_file_mode && !interactive_mode)
7028 7357 time_to_exit = B_TRUE;
7029 7358 if (time_to_exit || (!yyin_is_a_tty && feof(yyin)))
7030 7359 break;
7031 7360 }
7032 7361 return (cleanup());
7033 7362 }
7034 7363
7035 7364 /*
7036 7365 * This function is used in the zonecfg-interactive-mode scenario: it just
7037 7366 * calls read_input() until we are done.
7038 7367 */
7039 7368
7040 7369 static int
7041 7370 do_interactive(void)
7042 7371 {
7043 7372 int err;
7044 7373
7045 7374 interactive_mode = B_TRUE;
7046 7375 if (!read_only_mode) {
7047 7376 /*
7048 7377 * Try to set things up proactively in interactive mode, so
7049 7378 * that if the zone in question does not exist yet, we can
7050 7379 * provide the user with a clue.
7051 7380 */
7052 7381 (void) initialize(B_FALSE);
7053 7382 }
7054 7383 do {
7055 7384 err = read_input();
7056 7385 } while (err == Z_REPEAT);
7057 7386 return (err);
7058 7387 }
7059 7388
7060 7389 /*
7061 7390 * cmd_file is slightly more complicated, as it has to open the command file
7062 7391 * and set yyin appropriately. Once that is done, though, it just calls
7063 7392 * read_input(), and only once, since prompting is not possible.
7064 7393 */
7065 7394
7066 7395 static int
7067 7396 cmd_file(char *file)
7068 7397 {
7069 7398 FILE *infile;
7070 7399 int err;
7071 7400 struct stat statbuf;
7072 7401 boolean_t using_real_file = (strcmp(file, "-") != 0);
7073 7402
7074 7403 if (using_real_file) {
7075 7404 /*
7076 7405 * zerr() prints a line number in cmd_file_mode, which we do
7077 7406 * not want here, so temporarily unset it.
7078 7407 */
7079 7408 cmd_file_mode = B_FALSE;
7080 7409 if ((infile = fopen(file, "r")) == NULL) {
7081 7410 zerr(gettext("could not open file %s: %s"),
7082 7411 file, strerror(errno));
7083 7412 return (Z_ERR);
7084 7413 }
7085 7414 if ((err = fstat(fileno(infile), &statbuf)) != 0) {
7086 7415 zerr(gettext("could not stat file %s: %s"),
7087 7416 file, strerror(errno));
7088 7417 err = Z_ERR;
7089 7418 goto done;
7090 7419 }
7091 7420 if (!S_ISREG(statbuf.st_mode)) {
7092 7421 zerr(gettext("%s is not a regular file."), file);
7093 7422 err = Z_ERR;
7094 7423 goto done;
7095 7424 }
7096 7425 yyin = infile;
7097 7426 cmd_file_mode = B_TRUE;
7098 7427 ok_to_prompt = B_FALSE;
7099 7428 } else {
7100 7429 /*
7101 7430 * "-f -" is essentially the same as interactive mode,
7102 7431 * so treat it that way.
7103 7432 */
7104 7433 interactive_mode = B_TRUE;
7105 7434 }
7106 7435 /* Z_REPEAT is for interactive mode; treat it like Z_ERR here. */
7107 7436 if ((err = read_input()) == Z_REPEAT)
7108 7437 err = Z_ERR;
7109 7438 done:
7110 7439 if (using_real_file)
7111 7440 (void) fclose(infile);
7112 7441 return (err);
7113 7442 }
7114 7443
7115 7444 /*
7116 7445 * Since yacc is based on reading from a (FILE *) whereas what we get from
7117 7446 * the command line is in argv format, we need to convert when the user
7118 7447 * gives us commands directly from the command line. That is done here by
7119 7448 * concatenating the argv list into a space-separated string, writing it
7120 7449 * to a temp file, and rewinding the file so yyin can be set to it. Then
7121 7450 * we call read_input(), and only once, since prompting about whether to
7122 7451 * continue or quit would make no sense in this context.
7123 7452 */
7124 7453
7125 7454 static int
7126 7455 one_command_at_a_time(int argc, char *argv[])
7127 7456 {
7128 7457 char *command;
7129 7458 size_t len = 2; /* terminal \n\0 */
7130 7459 int i, err;
7131 7460
7132 7461 for (i = 0; i < argc; i++)
7133 7462 len += strlen(argv[i]) + 1;
7134 7463 if ((command = malloc(len)) == NULL) {
7135 7464 zone_perror(execname, Z_NOMEM, B_TRUE);
7136 7465 return (Z_ERR);
7137 7466 }
7138 7467 (void) strlcpy(command, argv[0], len);
7139 7468 for (i = 1; i < argc; i++) {
7140 7469 (void) strlcat(command, " ", len);
7141 7470 (void) strlcat(command, argv[i], len);
7142 7471 }
7143 7472 (void) strlcat(command, "\n", len);
7144 7473 err = string_to_yyin(command);
7145 7474 free(command);
7146 7475 if (err != Z_OK)
7147 7476 return (err);
7148 7477 while (!feof(yyin))
7149 7478 yyparse();
7150 7479 return (cleanup());
7151 7480 }
7152 7481
7153 7482 static char *
7154 7483 get_execbasename(char *execfullname)
7155 7484 {
7156 7485 char *last_slash, *execbasename;
7157 7486
7158 7487 /* guard against '/' at end of command invocation */
7159 7488 for (;;) {
7160 7489 last_slash = strrchr(execfullname, '/');
7161 7490 if (last_slash == NULL) {
7162 7491 execbasename = execfullname;
7163 7492 break;
7164 7493 } else {
7165 7494 execbasename = last_slash + 1;
7166 7495 if (*execbasename == '\0') {
7167 7496 *last_slash = '\0';
7168 7497 continue;
7169 7498 }
7170 7499 break;
7171 7500 }
7172 7501 }
7173 7502 return (execbasename);
7174 7503 }
7175 7504
7176 7505 int
7177 7506 main(int argc, char *argv[])
7178 7507 {
7179 7508 int err, arg;
7180 7509 struct stat st;
7181 7510
7182 7511 /* This must be before anything goes to stdout. */
7183 7512 setbuf(stdout, NULL);
7184 7513
7185 7514 saw_error = B_FALSE;
7186 7515 cmd_file_mode = B_FALSE;
7187 7516 execname = get_execbasename(argv[0]);
7188 7517
7189 7518 (void) setlocale(LC_ALL, "");
7190 7519 (void) textdomain(TEXT_DOMAIN);
7191 7520
7192 7521 if (getzoneid() != GLOBAL_ZONEID) {
7193 7522 zerr(gettext("%s can only be run from the global zone."),
7194 7523 execname);
7195 7524 exit(Z_ERR);
7196 7525 }
7197 7526
7198 7527 if (argc < 2) {
7199 7528 usage(B_FALSE, HELP_USAGE | HELP_SUBCMDS);
7200 7529 exit(Z_USAGE);
7201 7530 }
7202 7531 if (strcmp(argv[1], cmd_to_str(CMD_HELP)) == 0) {
7203 7532 (void) one_command_at_a_time(argc - 1, &(argv[1]));
7204 7533 exit(Z_OK);
7205 7534 }
7206 7535
7207 7536 while ((arg = getopt(argc, argv, "?f:R:z:")) != EOF) {
7208 7537 switch (arg) {
7209 7538 case '?':
7210 7539 if (optopt == '?')
7211 7540 usage(B_TRUE, HELP_USAGE | HELP_SUBCMDS);
7212 7541 else
7213 7542 usage(B_FALSE, HELP_USAGE);
7214 7543 exit(Z_USAGE);
7215 7544 /* NOTREACHED */
7216 7545 case 'f':
7217 7546 cmd_file_name = optarg;
7218 7547 cmd_file_mode = B_TRUE;
7219 7548 break;
7220 7549 case 'R':
7221 7550 if (*optarg != '/') {
7222 7551 zerr(gettext("root path must be absolute: %s"),
7223 7552 optarg);
7224 7553 exit(Z_USAGE);
7225 7554 }
7226 7555 if (stat(optarg, &st) == -1 || !S_ISDIR(st.st_mode)) {
7227 7556 zerr(gettext(
7228 7557 "root path must be a directory: %s"),
7229 7558 optarg);
7230 7559 exit(Z_USAGE);
7231 7560 }
7232 7561 zonecfg_set_root(optarg);
7233 7562 break;
7234 7563 case 'z':
7235 7564 if (strcmp(optarg, GLOBAL_ZONENAME) == 0) {
7236 7565 global_zone = B_TRUE;
7237 7566 } else if (zonecfg_validate_zonename(optarg) != Z_OK) {
7238 7567 zone_perror(optarg, Z_BOGUS_ZONE_NAME, B_TRUE);
7239 7568 usage(B_FALSE, HELP_SYNTAX);
7240 7569 exit(Z_USAGE);
7241 7570 }
7242 7571 (void) strlcpy(zone, optarg, sizeof (zone));
7243 7572 (void) strlcpy(revert_zone, optarg, sizeof (zone));
7244 7573 break;
7245 7574 default:
7246 7575 usage(B_FALSE, HELP_USAGE);
7247 7576 exit(Z_USAGE);
7248 7577 }
7249 7578 }
7250 7579
7251 7580 if (optind > argc || strcmp(zone, "") == 0) {
7252 7581 usage(B_FALSE, HELP_USAGE);
7253 7582 exit(Z_USAGE);
7254 7583 }
7255 7584
7256 7585 if ((err = zonecfg_access(zone, W_OK)) == Z_OK) {
7257 7586 read_only_mode = B_FALSE;
7258 7587 } else if (err == Z_ACCES) {
7259 7588 read_only_mode = B_TRUE;
7260 7589 /* skip this message in one-off from command line mode */
7261 7590 if (optind == argc)
7262 7591 (void) fprintf(stderr, gettext("WARNING: you do not "
7263 7592 "have write access to this zone's configuration "
7264 7593 "file;\ngoing into read-only mode.\n"));
7265 7594 } else {
7266 7595 fprintf(stderr, "%s: Could not access zone configuration "
7267 7596 "store: %s\n", execname, zonecfg_strerror(err));
7268 7597 exit(Z_ERR);
7269 7598 }
7270 7599
7271 7600 if ((handle = zonecfg_init_handle()) == NULL) {
7272 7601 zone_perror(execname, Z_NOMEM, B_TRUE);
7273 7602 exit(Z_ERR);
7274 7603 }
7275 7604
7276 7605 /*
7277 7606 * This may get set back to FALSE again in cmd_file() if cmd_file_name
7278 7607 * is a "real" file as opposed to "-" (i.e. meaning use stdin).
7279 7608 */
7280 7609 if (isatty(STDIN_FILENO))
7281 7610 ok_to_prompt = B_TRUE;
7282 7611 if ((gl = new_GetLine(MAX_LINE_LEN, MAX_CMD_HIST)) == NULL)
7283 7612 exit(Z_ERR);
7284 7613 if (gl_customize_completion(gl, NULL, cmd_cpl_fn) != 0)
7285 7614 exit(Z_ERR);
7286 7615 (void) sigset(SIGINT, SIG_IGN);
7287 7616 if (optind == argc) {
7288 7617 if (!cmd_file_mode)
7289 7618 err = do_interactive();
7290 7619 else
7291 7620 err = cmd_file(cmd_file_name);
7292 7621 } else {
7293 7622 err = one_command_at_a_time(argc - optind, &(argv[optind]));
7294 7623 }
7295 7624 zonecfg_fini_handle(handle);
7296 7625 if (brand != NULL)
7297 7626 brand_close(brand);
7298 7627 (void) del_GetLine(gl);
7299 7628 return (err);
7300 7629 }
|
↓ open down ↓ |
607 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX