2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * Functions to handle db interactions across zones. These functions were 2N/A * originally implemented in dlmgmtd; they were moved into this library as 2N/A * part of the merge of the ipmgmt, dlmgmt, and nwam repositories. 2N/A/* zone file callback */ 2N/A * Execute an operation on filename relative to zoneid's zone root. If the 2N/A * file is in the global zone, then the zfcb() callback will simply be called 2N/A * directly. If the file is in a non-global zone, then zfcb() will be called 2N/A * both from the global zone's context, and from the non-global zone's context 2N/A * (from a fork()'ed child that has entered the non-global zone). This is 2N/A * done to allow the callback to communicate with itself if needed (e.g. to 2N/A * pass back the file descriptor of an opened file). 2N/A * We need to access a file that isn't in the global zone, 2N/A * and we are running in the global zone. Accessing non- 2N/A * global zone files from the global zone is unsafe (due to 2N/A * symlink attacks); we'll need to fork a child that enters 2N/A * the zone in question and executes the callback that will 2N/A * operate on the file. 2N/A * Before we proceed with this zone tango, we need to create 2N/A * a new process contract for the child, as required by 2N/A * Elevate our privileges as zone_enter() requires all 2N/A * Determine the PERMITTED privilege set and elevate privileges to that set. 2N/A * This is used in for open(), rename() and unlink() relative to the zoneid 2N/A * calls after zone_enter(). We cannot use netcfg_elevate_privileges() here 2N/A * because it tries to add the "zone" privileges which is "all" privileges 2N/A * since we are in the global zone. However, setppriv() fails because the 2N/A * zone does not have "all" privileges in its PERMITTED set. 2N/A * If the caller just wants to open() the file, the oflags and mode 2N/A * args were passed in directly. For fopen(), we were passed a 2N/A * modestr that is used to set oflags and mode. In the latter case, 2N/A * we assume modestr is either 'r' or 'w'; i.e. we only ever open a 2N/A * file for reading or writing, not both. 2N/A /* Open the file if we're in the same zone as the file. */ 2N/A * First determine if we will be creating the file as part of 2N/A * opening it. If so, then we'll need to ensure that it has 2N/A * the proper ownership after having opened it. 2N/A * If we're not in the global zone, send the file-descriptor back to 2N/A * our parent in the global zone. 2N/A * At this point, we know we're in the global zone. If the file was 2N/A * in a non-global zone, receive the file-descriptor from our child in 2N/A * the non-global zone. 2N/A /* Parfait_ALLOW file-desc-leak fd is passed back to parent */ 2N/A * Same as open(2), except that it opens the file relative to zoneid's zone 2N/A * Same as fopen(3C), except that it opens the file relative to zoneid's zone 2N/A * Same as rename(2), except that old and new are relative to zoneid's zone 2N/A * Same as unlink(2), except that filename is relative to zoneid's zone root.