solaris10/zone/s10_boot.ksh

e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#!/bin/ksh -p
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# CDDL HEADER START
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# The contents of this file are subject to the terms of the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Common Development and Distribution License (the "License").
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# You may not use this file except in compliance with the License.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# or http://www.opensolaris.org/os/licensing.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# See the License for the specific language governing permissions
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# and limitations under the License.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# When distributing Covered Code, include this CDDL HEADER in each
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# If applicable, add the following below this CDDL HEADER, with the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# fields enclosed by brackets "[]" replaced with your own identifying
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# information: Portions Copyright [yyyy] [name of copyright owner]
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# CDDL HEADER END
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# s10 boot script.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# The arguments to this script are the zone name and the zonepath.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek. /usr/lib/brand/solaris10/common.ksh
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekZONENAME=$1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekZONEPATH=$2
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekZONEROOT=$ZONEPATH/root
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
470d303b1a2b5dd82fea111b8cb0f7bef480a055w_missing=$(gettext "Warning: \"%s\" is not installed in the global zone")
470d303b1a2b5dd82fea111b8cb0f7bef480a055
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekarch=`uname -p`
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekif [ "$arch" = "i386" ]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    ARCH32=i86
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        ARCH64=amd64
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekelif [ "$arch" = "sparc" ]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    # 32-bit SPARC not supported!
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    ARCH32=
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        ARCH64=sparcv9
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekelse
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        echo "Unsupported architecture: $arch"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        exit 2
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekfi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Run the s10_support boot hook.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek/usr/lib/brand/solaris10/s10_support boot $ZONENAME
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekif (( $? != 0 )) ; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        exit 1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekfi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekBRANDDIR=/.SUNWnative/usr/lib/brand/solaris10;
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekFILEDIR=$BRANDDIR/files;
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald JelinekEXIT_CODE=1
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Replace the specified file in the booting zone with a wrapper script that
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# invokes s10_isaexec_wrapper.  This is a convenience function that reduces
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# clutter and code duplication.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Parameters:
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#   $1  The full path of the file to replace (e.g., /sbin/ifconfig)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#   $2  The access mode of the replacement file in hex (e.g., 0555)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#   $3  The name of the replacement file's owner (e.g., root:bin)
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# NOTE: The checks performed in the 'if' statement below are not generic: they
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# depend on the success of the zone filesystem structure validation performed
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# above to ensure that intermediate directories exist and aren't symlinks.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekreplace_with_native() {
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    path_dname=$ZONEROOT/`dirname $1`
470d303b1a2b5dd82fea111b8cb0f7bef480a055
470d303b1a2b5dd82fea111b8cb0f7bef480a055    [ ! -f $1 ] && printf "$w_missing" "$1"
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    if [ ! -h $path_dname -a -d $path_dname ]; then
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek        safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek            remove
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek    fi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek}
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native_py() {
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2    path_dname=$ZONEROOT/`dirname $1`
470d303b1a2b5dd82fea111b8cb0f7bef480a055
470d303b1a2b5dd82fea111b8cb0f7bef480a055    [ ! -f $1 ] && printf "$w_missing" "$1"
470d303b1a2b5dd82fea111b8cb0f7bef480a055
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2    if [ ! -h $path_dname -a -d $path_dname ]; then
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2        safe_replace $ZONEROOT/$1 $BRANDDIR/s10_python_wrapper $2 $3 \
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2            remove
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2    fi
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2}
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Create a new wrapper script that invokes s10_isaexec_wrapper in the
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# brand (for a non-existing s10c file) pointing to the native brand file.
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Parameters:
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#   $1  The full path of the wrapper file to create
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#   $2  The access mode of the replacement file in hex (e.g., 0555)
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#   $3  The name of the replacement file's owner (e.g., root:bin)
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adamswrap_with_native() {
470d303b1a2b5dd82fea111b8cb0f7bef480a055
470d303b1a2b5dd82fea111b8cb0f7bef480a055    [ ! -f $1 ] && printf "$w_missing" "$1"
470d303b1a2b5dd82fea111b8cb0f7bef480a055
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    path_dname=$ZONEROOT/`dirname $1`
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre        safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    fi
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams}
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Before we boot we validate and fix, if necessary, the required files within
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# the zone.  These modifications can be lost if a patch is applied within the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# zone, so we validate and fix the zone every time it boots.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# BINARY REPLACEMENT
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# This section of the boot script is responsible for replacing Solaris 10
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# binaries within the booting zone with Nevada binaries.  This is a two-step
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# process: First, the directory structure of the zone is validated to ensure
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# that binary replacement will proceed safely.  Second, Solaris 10 binaries
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# are replaced with Nevada binaries.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Here's an example.  Suppose that you want to replace /usr/bin/zcat with the
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Nevada /usr/bin/zcat binary.  Then you should do the following:
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#   1.  Go to the section below labeled "STEP ONE" and add the following
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       two lines:
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       safe_dir /usr
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       safe_dir /usr/bin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       These lines ensure that both /usr and /usr/bin are directories
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       within the booting zone that can be safely accessed by the global
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       zone.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#   2.  Go to the section below labeled "STEP TWO" and add the following
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       line:
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#       replace_with_native /usr/bin/zcat 0555 root:bin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Details about the binary replacement procedure can be found in the Solaris 10
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Containers Developer Guide.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# STEP ONE
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Validate that the zone filesystem looks like we expect it to.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /lib
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /lib/svc
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /lib/svc/method
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /lib/svc/share
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_dir /usr
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /usr/bin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_dir /usr/lib
1022fd2a9aa2c967697116c2ca51a238a3c550acsafe_dir /usr/lib/autofs
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2safe_dir /usr/lib/fs
1022fd2a9aa2c967697116c2ca51a238a3c550acsafe_dir /usr/lib/fs/autofs
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2safe_dir /usr/lib/fs/ufs
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2safe_dir /usr/lib/fs/zfs
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /usr/lib/inet
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2safe_dir /usr/lib/zfs
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_dir /usr/sbin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkreif [ -n "$ARCH32" ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    safe_dir /usr/lib/ipf/$ARCH32
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    safe_dir /usr/sbin/$ARCH32
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefi
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkreif [ -n "$ARCH64" ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    safe_dir /usr/lib/ipf/$ARCH64
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    safe_dir /usr/sbin/$ARCH64
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefi
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_dir /sbin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /var
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /var/svc
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /var/svc/manifest
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /var/svc/manifest/network
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Some of the native networking daemons such as in.mpathd are
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# expected under /lib/inet
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkremkdir -m 0755 -p $ZONEROOT/lib/inet
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrechown root:bin $ZONEROOT/lib/inet
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_dir /lib/inet
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# STEP TWO
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Replace Solaris 10 binaries with Nevada binaries.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Replace various network-related programs with native wrappers.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /sbin/dhcpagent 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /sbin/dhcpinfo 0555 root:bin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekreplace_with_native /sbin/ifconfig 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/bin/netstat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/lib/inet/in.ndpd 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/sbin/in.routed 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/sbin/ndd 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/sbin/snoop 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrereplace_with_native /usr/sbin/if_mpadm 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Replace IPFilter commands with native wrappers
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkreif [ -n "$ARCH32" ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/lib/ipf/$ARCH32/ipftest 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ipf 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ipfs 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ipfstat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ipmon 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ipnat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH32/ippool 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefi
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkreif [ -n "$ARCH64" ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/lib/ipf/$ARCH64/ipftest 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ipf 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ipfs 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ipfstat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ipmon 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ipnat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    replace_with_native /usr/sbin/$ARCH64/ippool 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefi
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Replace in.mpathd daemon at /usr/lib/inet by native wrapper
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkreif [ ! -h $ZONEROOT/usr/lib/inet -a -d $ZONEROOT/usr/lib/inet ]; then
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    safe_replace $ZONEROOT/usr/lib/inet/in.mpathd \
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre        /lib/inet/in.mpathd 0555 root:bin remove
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefi
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Create wrapper at /lib/inet/in.mpathd as well because native ifconfig
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# looks up in.mpathd under /lib/inet.
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrewrap_with_native /lib/inet/in.mpathd 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Create native wrapper for /sbin/ipmpstat
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrewrap_with_native /sbin/ipmpstat 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# Create ipmgmtd wrapper to native binary in s10 container
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# and copy ipmgmt service manifest and method.
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrewrap_with_native /lib/inet/ipmgmtd 0555 root:bin
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_copy /lib/svc/manifest/network/network-ipmgmt.xml \
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    $ZONEROOT/var/svc/manifest/network/network-ipmgmt.xml
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_copy /lib/svc/method/net-ipmgmt \
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre    $ZONEROOT/lib/svc/method/net-ipmgmt
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# To handle certain IPMP configurations, we need updated
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre# net-physical method script and native net_include.sh
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkre#
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefilename=$ZONEROOT/lib/svc/method/net-physical
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_backup $filename $filename.pre_p2v
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_copy /usr/lib/brand/solaris10/s10_net_physical $filename
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkrefilename=$ZONEROOT/lib/svc/share/net_include.sh
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_backup $filename $filename.pre_p2v
6f773e29841ff1573612158ae130301164c2a24aBaban Kenkresafe_copy /lib/svc/share/net_include.sh $filename
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail#
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail# PSARC 2009/306 removed the ND_SET/ND_GET ioctl's for modifying
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail# IP/TCP/UDP/SCTP/ICMP tunables. If S10 ndd(1M) is used within an
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail# S10 container, the kernel will return EINVAL. So we need this.
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail#
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbailreplace_with_native /usr/sbin/ndd 0555 root:bin
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2#
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# Replace various ZFS-related programs with native wrappers.  These commands
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# either link with libzfs, dlopen libzfs or link with libraries that link
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# or dlopen libzfs.  Commands which fall into these categories but which can
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# only be used in the global zone are not wrapped.  The libdiskmgt dm_in_use
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# code uses libfs, but only the zpool_in_use() -> zpool_read_label() code path.
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2# That code does not issue ioctls on /dev/zfs and does not need wrapping.
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2#
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /sbin/zfs 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /sbin/zpool 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /usr/lib/fs/ufs/quota 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /usr/lib/fs/zfs/fstyp 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /usr/lib/zfs/availdevs 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /usr/sbin/df 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native /usr/sbin/zstreamdump 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2replace_with_native_py /usr/lib/zfs/pyzfs.py 0555 root:bin
f3680c6ce4e182fbab2b5d7ea0f9989e952b81d2
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Replace automount and automountd with native wrappers.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
1022fd2a9aa2c967697116c2ca51a238a3c550acreplace_with_native /usr/lib/fs/autofs/automount 0555 root:bin
1022fd2a9aa2c967697116c2ca51a238a3c550acreplace_with_native /usr/lib/autofs/automountd 0555 root:bin
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams#
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams# The class-specific dispadmin(1M) and priocntl(1) binaries must be native
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams# wrappers, and we must have all of the ones the native zone does.  This
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams# allows new scheduling classes to appear without causing dispadmin and
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams# priocntl to be unhappy.
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams#
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adamsrm -rf $ZONEROOT/usr/lib/class
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adamsmkdir $ZONEROOT/usr/lib/class || exit 1
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adamsfind /usr/lib/class -type d -o -type f | while read x; do
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams    [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams    [ -f $x ] && wrap_with_native $x 0555 root:bin
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adamsdone
ae1049320dd687abe67d8ed2ce29f4d478f64841Jonathan Adams
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# END OF STEP TWO
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# install or remove drivers will work.  NOTE: add_drv and rem_drv are hard
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# linked to isaexec so we want to remove the current executable and
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek# then copy true so that we don't clobber isaexec.
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek#
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekfilename=$ZONEROOT/usr/sbin/add_drv
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekrm -f $filename
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_copy $ZONEROOT/usr/bin/true $filename
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekfilename=$ZONEROOT/usr/sbin/rem_drv
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekrm -f $filename
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelineksafe_copy $ZONEROOT/usr/bin/true $filename
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinek
e71ca95ca6de23d33b54cb55cefdef30bc7c969bGerald Jelinekexit 0