search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
419 zpool/zfs incosistencies inside a non-global zone
[unleashed.git] / usr / src / cmd / zoneadmd / vplat.c
blobdf81c54c96b9a3b6359a64f91e8224d2fd48f935
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * Copyright 2011 Nexenta Systems, Inc. All rights reserved.
28 */
29
30 /*
31 * This module contains functions used to bring up and tear down the
32 * Virtual Platform: [un]mounting file-systems, [un]plumbing network
33 * interfaces, [un]configuring devices, establishing resource controls,
34 * and creating/destroying the zone in the kernel. These actions, on
35 * the way up, ready the zone; on the way down, they halt the zone.
36 * See the much longer block comment at the beginning of zoneadmd.c
37 * for a bigger picture of how the whole program functions.
38 *
39 * This module also has primary responsibility for the layout of "scratch
40 * zones." These are mounted, but inactive, zones that are used during
41 * operating system upgrade and potentially other administrative action. The
42 * scratch zone environment is similar to the miniroot environment. The zone's
43 * actual root is mounted read-write on /a, and the standard paths (/usr,
44 * /sbin, /lib) all lead to read-only copies of the running system's binaries.
45 * This allows the administrative tools to manipulate the zone using "-R /a"
46 * without relying on any binaries in the zone itself.
47 *
48 * If the scratch zone is on an alternate root (Live Upgrade [LU] boot
49 * environment), then we must resolve the lofs mounts used there to uncover
50 * writable (unshared) resources. Shared resources, though, are always
51 * read-only. In addition, if the "same" zone with a different root path is
52 * currently running, then "/b" inside the zone points to the running zone's
53 * root. This allows LU to synchronize configuration files during the upgrade
54 * process.
55 *
56 * To construct this environment, this module creates a tmpfs mount on
57 * $ZONEPATH/lu. Inside this scratch area, the miniroot-like environment as
58 * described above is constructed on the fly. The zone is then created using
59 * $ZONEPATH/lu as the root.
60 *
61 * Note that scratch zones are inactive. The zone's bits are not running and
62 * likely cannot be run correctly until upgrade is done. Init is not running
63 * there, nor is SMF. Because of this, the "mounted" state of a scratch zone
64 * is not a part of the usual halt/ready/boot state machine.
65 */
66
67 #include <sys/param.h>
68 #include <sys/mount.h>
69 #include <sys/mntent.h>
70 #include <sys/socket.h>
71 #include <sys/utsname.h>
72 #include <sys/types.h>
73 #include <sys/stat.h>
74 #include <sys/sockio.h>
75 #include <sys/stropts.h>
76 #include <sys/conf.h>
77 #include <sys/systeminfo.h>
78
79 #include <libdlpi.h>
80 #include <libdllink.h>
81 #include <libdlvlan.h>
82
83 #include <inet/tcp.h>
84 #include <arpa/inet.h>
85 #include <netinet/in.h>
86 #include <net/route.h>
87
88 #include <stdio.h>
89 #include <errno.h>
90 #include <fcntl.h>
91 #include <unistd.h>
92 #include <rctl.h>
93 #include <stdlib.h>
94 #include <string.h>
95 #include <strings.h>
96 #include <wait.h>
97 #include <limits.h>
98 #include <libgen.h>
99 #include <libzfs.h>
100 #include <libdevinfo.h>
101 #include <zone.h>
102 #include <assert.h>
103 #include <libcontract.h>
104 #include <libcontract_priv.h>
105 #include <uuid/uuid.h>
106
107 #include <sys/mntio.h>
108 #include <sys/mnttab.h>
109 #include <sys/fs/autofs.h> /* for _autofssys() */
110 #include <sys/fs/lofs_info.h>
111 #include <sys/fs/zfs.h>
112
113 #include <pool.h>
114 #include <sys/pool.h>
115 #include <sys/priocntl.h>
116
117 #include <libbrand.h>
118 #include <sys/brand.h>
119 #include <libzonecfg.h>
120 #include <synch.h>
121
122 #include "zoneadmd.h"
123 #include <tsol/label.h>
124 #include <libtsnet.h>
125 #include <sys/priv.h>
126 #include <libinetutil.h>
127
128 #define V4_ADDR_LEN 32
129 #define V6_ADDR_LEN 128
130
131 #define RESOURCE_DEFAULT_OPTS \
132 MNTOPT_RO "," MNTOPT_LOFS_NOSUB "," MNTOPT_NODEVICES
133
134 #define DFSTYPES "/etc/dfs/fstypes"
135 #define MAXTNZLEN 2048
136
137 #define ALT_MOUNT(mount_cmd) ((mount_cmd) != Z_MNT_BOOT)
138
139 /* a reasonable estimate for the number of lwps per process */
140 #define LWPS_PER_PROCESS 10
141
142 /* for routing socket */
143 static int rts_seqno = 0;
144
145 /* mangled zone name when mounting in an alternate root environment */
146 static char kernzone[ZONENAME_MAX];
147
148 /* array of cached mount entries for resolve_lofs */
149 static struct mnttab *resolve_lofs_mnts, *resolve_lofs_mnt_max;
150
151 /* for Trusted Extensions */
152 static tsol_zcent_t *get_zone_label(zlog_t *, priv_set_t *);
153 static int tsol_mounts(zlog_t *, char *, char *);
154 static void tsol_unmounts(zlog_t *, char *);
155
156 static m_label_t *zlabel = NULL;
157 static m_label_t *zid_label = NULL;
158 static priv_set_t *zprivs = NULL;
159
160 /* from libsocket, not in any header file */
161 extern int getnetmaskbyaddr(struct in_addr, struct in_addr *);
162
163 /* from zoneadmd */
164 extern char query_hook[];
165
166 /*
167 * For each "net" resource configured in zonecfg, we track a zone_addr_list_t
168 * node in a linked list that is sorted by linkid. The list is constructed as
169 * the xml configuration file is parsed, and the information
170 * contained in each node is added to the kernel before the zone is
171 * booted, to be retrieved and applied from within the exclusive-IP NGZ
172 * on boot.
173 */
174 typedef struct zone_addr_list {
175 struct zone_addr_list *za_next;
176 datalink_id_t za_linkid; /* datalink_id_t of interface */
177 struct zone_nwiftab za_nwiftab; /* address, defrouter properties */
178 } zone_addr_list_t;
179
180 /*
181 * An optimization for build_mnttable: reallocate (and potentially copy the
182 * data) only once every N times through the loop.
183 */
184 #define MNTTAB_HUNK 32
185
186 /* some handy macros */
187 #define SIN(s) ((struct sockaddr_in *)s)
188 #define SIN6(s) ((struct sockaddr_in6 *)s)
189
190 /*
191 * Private autofs system call
192 */
193 extern int _autofssys(int, void *);
194
195 static int
196 autofs_cleanup(zoneid_t zoneid)
197 {
198 /*
199 * Ask autofs to unmount all trigger nodes in the given zone.
200 */
201 return (_autofssys(AUTOFS_UNMOUNTALL, (void *)zoneid));
202 }
203
204 static void
205 free_mnttable(struct mnttab *mnt_array, uint_t nelem)
206 {
207 uint_t i;
208
209 if (mnt_array == NULL)
210 return;
211 for (i = 0; i < nelem; i++) {
212 free(mnt_array[i].mnt_mountp);
213 free(mnt_array[i].mnt_fstype);
214 free(mnt_array[i].mnt_special);
215 free(mnt_array[i].mnt_mntopts);
216 assert(mnt_array[i].mnt_time == NULL);
217 }
218 free(mnt_array);
219 }
220
221 /*
222 * Build the mount table for the zone rooted at "zroot", storing the resulting
223 * array of struct mnttabs in "mnt_arrayp" and the number of elements in the
224 * array in "nelemp".
225 */
226 static int
227 build_mnttable(zlog_t *zlogp, const char *zroot, size_t zrootlen, FILE *mnttab,
228 struct mnttab **mnt_arrayp, uint_t *nelemp)
229 {
230 struct mnttab mnt;
231 struct mnttab *mnts;
232 struct mnttab *mnp;
233 uint_t nmnt;
234
235 rewind(mnttab);
236 resetmnttab(mnttab);
237 nmnt = 0;
238 mnts = NULL;
239 while (getmntent(mnttab, &mnt) == 0) {
240 struct mnttab *tmp_array;
241
242 if (strncmp(mnt.mnt_mountp, zroot, zrootlen) != 0)
243 continue;
244 if (nmnt % MNTTAB_HUNK == 0) {
245 tmp_array = realloc(mnts,
246 (nmnt + MNTTAB_HUNK) * sizeof (*mnts));
247 if (tmp_array == NULL) {
248 free_mnttable(mnts, nmnt);
249 return (-1);
250 }
251 mnts = tmp_array;
252 }
253 mnp = &mnts[nmnt++];
254
255 /*
256 * Zero out any fields we're not using.
257 */
258 (void) memset(mnp, 0, sizeof (*mnp));
259
260 if (mnt.mnt_special != NULL)
261 mnp->mnt_special = strdup(mnt.mnt_special);
262 if (mnt.mnt_mntopts != NULL)
263 mnp->mnt_mntopts = strdup(mnt.mnt_mntopts);
264 mnp->mnt_mountp = strdup(mnt.mnt_mountp);
265 mnp->mnt_fstype = strdup(mnt.mnt_fstype);
266 if ((mnt.mnt_special != NULL && mnp->mnt_special == NULL) ||
267 (mnt.mnt_mntopts != NULL && mnp->mnt_mntopts == NULL) ||
268 mnp->mnt_mountp == NULL || mnp->mnt_fstype == NULL) {
269 zerror(zlogp, B_TRUE, "memory allocation failed");
270 free_mnttable(mnts, nmnt);
271 return (-1);
272 }
273 }
274 *mnt_arrayp = mnts;
275 *nelemp = nmnt;
276 return (0);
277 }
278
279 /*
280 * This is an optimization. The resolve_lofs function is used quite frequently
281 * to manipulate file paths, and on a machine with a large number of zones,
282 * there will be a huge number of mounted file systems. Thus, we trigger a
283 * reread of the list of mount points
284 */
285 static void
286 lofs_discard_mnttab(void)
287 {
288 free_mnttable(resolve_lofs_mnts,
289 resolve_lofs_mnt_max - resolve_lofs_mnts);
290 resolve_lofs_mnts = resolve_lofs_mnt_max = NULL;
291 }
292
293 static int
294 lofs_read_mnttab(zlog_t *zlogp)
295 {
296 FILE *mnttab;
297 uint_t nmnts;
298
299 if ((mnttab = fopen(MNTTAB, "r")) == NULL)
300 return (-1);
301 if (build_mnttable(zlogp, "", 0, mnttab, &resolve_lofs_mnts,
302 &nmnts) == -1) {
303 (void) fclose(mnttab);
304 return (-1);
305 }
306 (void) fclose(mnttab);
307 resolve_lofs_mnt_max = resolve_lofs_mnts + nmnts;
308 return (0);
309 }
310
311 /*
312 * This function loops over potential loopback mounts and symlinks in a given
313 * path and resolves them all down to an absolute path.
314 */
315 void
316 resolve_lofs(zlog_t *zlogp, char *path, size_t pathlen)
317 {
318 int len, arlen;
319 const char *altroot;
320 char tmppath[MAXPATHLEN];
321 boolean_t outside_altroot;
322
323 if ((len = resolvepath(path, tmppath, sizeof (tmppath))) == -1)
324 return;
325 tmppath[len] = '\0';
326 (void) strlcpy(path, tmppath, sizeof (tmppath));
327
328 /* This happens once per zoneadmd operation. */
329 if (resolve_lofs_mnts == NULL && lofs_read_mnttab(zlogp) == -1)
330 return;
331
332 altroot = zonecfg_get_root();
333 arlen = strlen(altroot);
334 outside_altroot = B_FALSE;
335 for (;;) {
336 struct mnttab *mnp;
337
338 /* Search in reverse order to find longest match */
339 for (mnp = resolve_lofs_mnt_max - 1; mnp >= resolve_lofs_mnts;
340 mnp--) {
341 if (mnp->mnt_fstype == NULL ||
342 mnp->mnt_mountp == NULL ||
343 mnp->mnt_special == NULL)
344 continue;
345 len = strlen(mnp->mnt_mountp);
346 if (strncmp(mnp->mnt_mountp, path, len) == 0 &&
347 (path[len] == '/' || path[len] == '\0'))
348 break;
349 }
350 if (mnp < resolve_lofs_mnts)
351 break;
352 /* If it's not a lofs then we're done */
353 if (strcmp(mnp->mnt_fstype, MNTTYPE_LOFS) != 0)
354 break;
355 if (outside_altroot) {
356 char *cp;
357 int olen = sizeof (MNTOPT_RO) - 1;
358
359 /*
360 * If we run into a read-only mount outside of the
361 * alternate root environment, then the user doesn't
362 * want this path to be made read-write.
363 */
364 if (mnp->mnt_mntopts != NULL &&
365 (cp = strstr(mnp->mnt_mntopts, MNTOPT_RO)) !=
366 NULL &&
367 (cp == mnp->mnt_mntopts || cp[-1] == ',') &&
368 (cp[olen] == '\0' || cp[olen] == ',')) {
369 break;
370 }
371 } else if (arlen > 0 &&
372 (strncmp(mnp->mnt_special, altroot, arlen) != 0 ||
373 (mnp->mnt_special[arlen] != '\0' &&
374 mnp->mnt_special[arlen] != '/'))) {
375 outside_altroot = B_TRUE;
376 }
377 /* use temporary buffer because new path might be longer */
378 (void) snprintf(tmppath, sizeof (tmppath), "%s%s",
379 mnp->mnt_special, path + len);
380 if ((len = resolvepath(tmppath, path, pathlen)) == -1)
381 break;
382 path[len] = '\0';
383 }
384 }
385
386 /*
387 * For a regular mount, check if a replacement lofs mount is needed because the
388 * referenced device is already mounted somewhere.
389 */
390 static int
391 check_lofs_needed(zlog_t *zlogp, struct zone_fstab *fsptr)
392 {
393 struct mnttab *mnp;
394 zone_fsopt_t *optptr, *onext;
395
396 /* This happens once per zoneadmd operation. */
397 if (resolve_lofs_mnts == NULL && lofs_read_mnttab(zlogp) == -1)
398 return (-1);
399
400 /*
401 * If this special node isn't already in use, then it's ours alone;
402 * no need to worry about conflicting mounts.
403 */
404 for (mnp = resolve_lofs_mnts; mnp < resolve_lofs_mnt_max;
405 mnp++) {
406 if (strcmp(mnp->mnt_special, fsptr->zone_fs_special) == 0)
407 break;
408 }
409 if (mnp >= resolve_lofs_mnt_max)
410 return (0);
411
412 /*
413 * Convert this duplicate mount into a lofs mount.
414 */
415 (void) strlcpy(fsptr->zone_fs_special, mnp->mnt_mountp,
416 sizeof (fsptr->zone_fs_special));
417 (void) strlcpy(fsptr->zone_fs_type, MNTTYPE_LOFS,
418 sizeof (fsptr->zone_fs_type));
419 fsptr->zone_fs_raw[0] = '\0';
420
421 /*
422 * Discard all but one of the original options and set that to our
423 * default set of options used for resources.
424 */
425 optptr = fsptr->zone_fs_options;
426 if (optptr == NULL) {
427 optptr = malloc(sizeof (*optptr));
428 if (optptr == NULL) {
429 zerror(zlogp, B_TRUE, "cannot mount %s",
430 fsptr->zone_fs_dir);
431 return (-1);
432 }
433 } else {
434 while ((onext = optptr->zone_fsopt_next) != NULL) {
435 optptr->zone_fsopt_next = onext->zone_fsopt_next;
436 free(onext);
437 }
438 }
439 (void) strcpy(optptr->zone_fsopt_opt, RESOURCE_DEFAULT_OPTS);
440 optptr->zone_fsopt_next = NULL;
441 fsptr->zone_fs_options = optptr;
442 return (0);
443 }
444
445 int
446 make_one_dir(zlog_t *zlogp, const char *prefix, const char *subdir, mode_t mode,
447 uid_t userid, gid_t groupid)
448 {
449 char path[MAXPATHLEN];
450 struct stat st;
451
452 if (snprintf(path, sizeof (path), "%s%s", prefix, subdir) >
453 sizeof (path)) {
454 zerror(zlogp, B_FALSE, "pathname %s%s is too long", prefix,
455 subdir);
456 return (-1);
457 }
458
459 if (lstat(path, &st) == 0) {
460 /*
461 * We don't check the file mode since presumably the zone
462 * administrator may have had good reason to change the mode,
463 * and we don't need to second guess him.
464 */
465 if (!S_ISDIR(st.st_mode)) {
466 if (S_ISREG(st.st_mode)) {
467 /*
468 * Allow readonly mounts of /etc/ files; this
469 * is needed most by Trusted Extensions.
470 */
471 if (strncmp(subdir, "/etc/",
472 strlen("/etc/")) != 0) {
473 zerror(zlogp, B_FALSE,
474 "%s is not in /etc", path);
475 return (-1);
476 }
477 } else {
478 zerror(zlogp, B_FALSE,
479 "%s is not a directory", path);
480 return (-1);
481 }
482 }
483 return (0);
484 }
485
486 if (mkdirp(path, mode) != 0) {
487 if (errno == EROFS)
488 zerror(zlogp, B_FALSE, "Could not mkdir %s.\nIt is on "
489 "a read-only file system in this local zone.\nMake "
490 "sure %s exists in the global zone.", path, subdir);
491 else
492 zerror(zlogp, B_TRUE, "mkdirp of %s failed", path);
493 return (-1);
494 }
495
496 (void) chown(path, userid, groupid);
497 return (0);
498 }
499
500 static void
501 free_remote_fstypes(char **types)
502 {
503 uint_t i;
504
505 if (types == NULL)
506 return;
507 for (i = 0; types[i] != NULL; i++)
508 free(types[i]);
509 free(types);
510 }
511
512 static char **
513 get_remote_fstypes(zlog_t *zlogp)
514 {
515 char **types = NULL;
516 FILE *fp;
517 char buf[MAXPATHLEN];
518 char fstype[MAXPATHLEN];
519 uint_t lines = 0;
520 uint_t i;
521
522 if ((fp = fopen(DFSTYPES, "r")) == NULL) {
523 zerror(zlogp, B_TRUE, "failed to open %s", DFSTYPES);
524 return (NULL);
525 }
526 /*
527 * Count the number of lines
528 */
529 while (fgets(buf, sizeof (buf), fp) != NULL)
530 lines++;
531 if (lines == 0) /* didn't read anything; empty file */
532 goto out;
533 rewind(fp);
534 /*
535 * Allocate enough space for a NULL-terminated array.
536 */
537 types = calloc(lines + 1, sizeof (char *));
538 if (types == NULL) {
539 zerror(zlogp, B_TRUE, "memory allocation failed");
540 goto out;
541 }
542 i = 0;
543 while (fgets(buf, sizeof (buf), fp) != NULL) {
544 /* LINTED - fstype is big enough to hold buf */
545 if (sscanf(buf, "%s", fstype) == 0) {
546 zerror(zlogp, B_FALSE, "unable to parse %s", DFSTYPES);
547 free_remote_fstypes(types);
548 types = NULL;
549 goto out;
550 }
551 types[i] = strdup(fstype);
552 if (types[i] == NULL) {
553 zerror(zlogp, B_TRUE, "memory allocation failed");
554 free_remote_fstypes(types);
555 types = NULL;
556 goto out;
557 }
558 i++;
559 }
560 out:
561 (void) fclose(fp);
562 return (types);
563 }
564
565 static boolean_t
566 is_remote_fstype(const char *fstype, char *const *remote_fstypes)
567 {
568 uint_t i;
569
570 if (remote_fstypes == NULL)
571 return (B_FALSE);
572 for (i = 0; remote_fstypes[i] != NULL; i++) {
573 if (strcmp(remote_fstypes[i], fstype) == 0)
574 return (B_TRUE);
575 }
576 return (B_FALSE);
577 }
578
579 /*
580 * This converts a zone root path (normally of the form .../root) to a Live
581 * Upgrade scratch zone root (of the form .../lu).
582 */
583 static void
584 root_to_lu(zlog_t *zlogp, char *zroot, size_t zrootlen, boolean_t isresolved)
585 {
586 if (!isresolved && zonecfg_in_alt_root())
587 resolve_lofs(zlogp, zroot, zrootlen);
588 (void) strcpy(strrchr(zroot, '/') + 1, "lu");
589 }
590
591 /*
592 * The general strategy for unmounting filesystems is as follows:
593 *
594 * - Remote filesystems may be dead, and attempting to contact them as
595 * part of a regular unmount may hang forever; we want to always try to
596 * forcibly unmount such filesystems and only fall back to regular
597 * unmounts if the filesystem doesn't support forced unmounts.
598 *
599 * - We don't want to unnecessarily corrupt metadata on local
600 * filesystems (ie UFS), so we want to start off with graceful unmounts,
601 * and only escalate to doing forced unmounts if we get stuck.
602 *
603 * We start off walking backwards through the mount table. This doesn't
604 * give us strict ordering but ensures that we try to unmount submounts
605 * first. We thus limit the number of failed umount2(2) calls.
606 *
607 * The mechanism for determining if we're stuck is to count the number
608 * of failed unmounts each iteration through the mount table. This
609 * gives us an upper bound on the number of filesystems which remain
610 * mounted (autofs trigger nodes are dealt with separately). If at the
611 * end of one unmount+autofs_cleanup cycle we still have the same number
612 * of mounts that we started out with, we're stuck and try a forced
613 * unmount. If that fails (filesystem doesn't support forced unmounts)
614 * then we bail and are unable to teardown the zone. If it succeeds,
615 * we're no longer stuck so we continue with our policy of trying
616 * graceful mounts first.
617 *
618 * Zone must be down (ie, no processes or threads active).
619 */
620 static int
621 unmount_filesystems(zlog_t *zlogp, zoneid_t zoneid, boolean_t unmount_cmd)
622 {
623 int error = 0;
624 FILE *mnttab;
625 struct mnttab *mnts;
626 uint_t nmnt;
627 char zroot[MAXPATHLEN + 1];
628 size_t zrootlen;
629 uint_t oldcount = UINT_MAX;
630 boolean_t stuck = B_FALSE;
631 char **remote_fstypes = NULL;
632
633 if (zone_get_rootpath(zone_name, zroot, sizeof (zroot)) != Z_OK) {
634 zerror(zlogp, B_FALSE, "unable to determine zone root");
635 return (-1);
636 }
637 if (unmount_cmd)
638 root_to_lu(zlogp, zroot, sizeof (zroot), B_FALSE);
639
640 (void) strcat(zroot, "/");
641 zrootlen = strlen(zroot);
642
643 /*
644 * For Trusted Extensions unmount each higher level zone's mount
645 * of our zone's /export/home
646 */
647 if (!unmount_cmd)
648 tsol_unmounts(zlogp, zone_name);
649
650 if ((mnttab = fopen(MNTTAB, "r")) == NULL) {
651 zerror(zlogp, B_TRUE, "failed to open %s", MNTTAB);
652 return (-1);
653 }
654 /*
655 * Use our hacky mntfs ioctl so we see everything, even mounts with
656 * MS_NOMNTTAB.
657 */
658 if (ioctl(fileno(mnttab), MNTIOC_SHOWHIDDEN, NULL) < 0) {
659 zerror(zlogp, B_TRUE, "unable to configure %s", MNTTAB);
660 error++;
661 goto out;
662 }
663
664 /*
665 * Build the list of remote fstypes so we know which ones we
666 * should forcibly unmount.
667 */
668 remote_fstypes = get_remote_fstypes(zlogp);
669 for (; /* ever */; ) {
670 uint_t newcount = 0;
671 boolean_t unmounted;
672 struct mnttab *mnp;
673 char *path;
674 uint_t i;
675
676 mnts = NULL;
677 nmnt = 0;
678 /*
679 * MNTTAB gives us a way to walk through mounted
680 * filesystems; we need to be able to walk them in
681 * reverse order, so we build a list of all mounted
682 * filesystems.
683 */
684 if (build_mnttable(zlogp, zroot, zrootlen, mnttab, &mnts,
685 &nmnt) != 0) {
686 error++;
687 goto out;
688 }
689 for (i = 0; i < nmnt; i++) {
690 mnp = &mnts[nmnt - i - 1]; /* access in reverse order */
691 path = mnp->mnt_mountp;
692 unmounted = B_FALSE;
693 /*
694 * Try forced unmount first for remote filesystems.
695 *
696 * Not all remote filesystems support forced unmounts,
697 * so if this fails (ENOTSUP) we'll continue on
698 * and try a regular unmount.
699 */
700 if (is_remote_fstype(mnp->mnt_fstype, remote_fstypes)) {
701 if (umount2(path, MS_FORCE) == 0)
702 unmounted = B_TRUE;
703 }
704 /*
705 * Try forced unmount if we're stuck.
706 */
707 if (stuck) {
708 if (umount2(path, MS_FORCE) == 0) {
709 unmounted = B_TRUE;
710 stuck = B_FALSE;
711 } else {
712 /*
713 * The first failure indicates a
714 * mount we won't be able to get
715 * rid of automatically, so we
716 * bail.
717 */
718 error++;
719 zerror(zlogp, B_FALSE,
720 "unable to unmount '%s'", path);
721 free_mnttable(mnts, nmnt);
722 goto out;
723 }
724 }
725 /*
726 * Try regular unmounts for everything else.
727 */
728 if (!unmounted && umount2(path, 0) != 0)
729 newcount++;
730 }
731 free_mnttable(mnts, nmnt);
732
733 if (newcount == 0)
734 break;
735 if (newcount >= oldcount) {
736 /*
737 * Last round didn't unmount anything; we're stuck and
738 * should start trying forced unmounts.
739 */
740 stuck = B_TRUE;
741 }
742 oldcount = newcount;
743
744 /*
745 * Autofs doesn't let you unmount its trigger nodes from
746 * userland so we have to tell the kernel to cleanup for us.
747 */
748 if (autofs_cleanup(zoneid) != 0) {
749 zerror(zlogp, B_TRUE, "unable to remove autofs nodes");
750 error++;
751 goto out;
752 }
753 }
754
755 out:
756 free_remote_fstypes(remote_fstypes);
757 (void) fclose(mnttab);
758 return (error ? -1 : 0);
759 }
760
761 static int
762 fs_compare(const void *m1, const void *m2)
763 {
764 struct zone_fstab *i = (struct zone_fstab *)m1;
765 struct zone_fstab *j = (struct zone_fstab *)m2;
766
767 return (strcmp(i->zone_fs_dir, j->zone_fs_dir));
768 }
769
770 /*
771 * Fork and exec (and wait for) the mentioned binary with the provided
772 * arguments. Returns (-1) if something went wrong with fork(2) or exec(2),
773 * returns the exit status otherwise.
774 *
775 * If we were unable to exec the provided pathname (for whatever
776 * reason), we return the special token ZEXIT_EXEC. The current value
777 * of ZEXIT_EXEC doesn't conflict with legitimate exit codes of the
778 * consumers of this function; any future consumers must make sure this
779 * remains the case.
780 */
781 static int
782 forkexec(zlog_t *zlogp, const char *path, char *const argv[])
783 {
784 pid_t child_pid;
785 int child_status = 0;
786
787 /*
788 * Do not let another thread localize a message while we are forking.
789 */
790 (void) mutex_lock(&msglock);
791 child_pid = fork();
792 (void) mutex_unlock(&msglock);
793 if (child_pid == -1) {
794 zerror(zlogp, B_TRUE, "could not fork for %s", argv[0]);
795 return (-1);
796 } else if (child_pid == 0) {
797 closefrom(0);
798 /* redirect stdin, stdout & stderr to /dev/null */
799 (void) open("/dev/null", O_RDONLY); /* stdin */
800 (void) open("/dev/null", O_WRONLY); /* stdout */
801 (void) open("/dev/null", O_WRONLY); /* stderr */
802 (void) execv(path, argv);
803 /*
804 * Since we are in the child, there is no point calling zerror()
805 * since there is nobody waiting to consume it. So exit with a
806 * special code that the parent will recognize and call zerror()
807 * accordingly.
808 */
809
810 _exit(ZEXIT_EXEC);
811 } else {
812 (void) waitpid(child_pid, &child_status, 0);
813 }
814
815 if (WIFSIGNALED(child_status)) {
816 zerror(zlogp, B_FALSE, "%s unexpectedly terminated due to "
817 "signal %d", path, WTERMSIG(child_status));
818 return (-1);
819 }
820 assert(WIFEXITED(child_status));
821 if (WEXITSTATUS(child_status) == ZEXIT_EXEC) {
822 zerror(zlogp, B_FALSE, "failed to exec %s", path);
823 return (-1);
824 }
825 return (WEXITSTATUS(child_status));
826 }
827
828 static int
829 isregfile(const char *path)
830 {
831 struct stat64 st;
832
833 if (stat64(path, &st) == -1)
834 return (-1);
835
836 return (S_ISREG(st.st_mode));
837 }
838
839 static int
840 dofsck(zlog_t *zlogp, const char *fstype, const char *rawdev)
841 {
842 char cmdbuf[MAXPATHLEN];
843 char *argv[5];
844 int status;
845
846 /*
847 * We could alternatively have called /usr/sbin/fsck -F <fstype>, but
848 * that would cost us an extra fork/exec without buying us anything.
849 */
850 if (snprintf(cmdbuf, sizeof (cmdbuf), "/usr/lib/fs/%s/fsck", fstype)
851 >= sizeof (cmdbuf)) {
852 zerror(zlogp, B_FALSE, "file-system type %s too long", fstype);
853 return (-1);
854 }
855
856 /*
857 * If it doesn't exist, that's OK: we verified this previously
858 * in zoneadm.
859 */
860 if (isregfile(cmdbuf) == -1)
861 return (0);
862
863 argv[0] = "fsck";
864 argv[1] = "-o";
865 argv[2] = "p";
866 argv[3] = (char *)rawdev;
867 argv[4] = NULL;
868
869 status = forkexec(zlogp, cmdbuf, argv);
870 if (status == 0 || status == -1)
871 return (status);
872 zerror(zlogp, B_FALSE, "fsck of '%s' failed with exit status %d; "
873 "run fsck manually", rawdev, status);
874 return (-1);
875 }
876
877 static int
878 domount(zlog_t *zlogp, const char *fstype, const char *opts,
879 const char *special, const char *directory)
880 {
881 char cmdbuf[MAXPATHLEN];
882 char *argv[6];
883 int status;
884
885 /*
886 * We could alternatively have called /usr/sbin/mount -F <fstype>, but
887 * that would cost us an extra fork/exec without buying us anything.
888 */
889 if (snprintf(cmdbuf, sizeof (cmdbuf), "/usr/lib/fs/%s/mount", fstype)
890 >= sizeof (cmdbuf)) {
891 zerror(zlogp, B_FALSE, "file-system type %s too long", fstype);
892 return (-1);
893 }
894 argv[0] = "mount";
895 if (opts[0] == '\0') {
896 argv[1] = (char *)special;
897 argv[2] = (char *)directory;
898 argv[3] = NULL;
899 } else {
900 argv[1] = "-o";
901 argv[2] = (char *)opts;
902 argv[3] = (char *)special;
903 argv[4] = (char *)directory;
904 argv[5] = NULL;
905 }
906
907 status = forkexec(zlogp, cmdbuf, argv);
908 if (status == 0 || status == -1)
909 return (status);
910 if (opts[0] == '\0')
911 zerror(zlogp, B_FALSE, "\"%s %s %s\" "
912 "failed with exit code %d",
913 cmdbuf, special, directory, status);
914 else
915 zerror(zlogp, B_FALSE, "\"%s -o %s %s %s\" "
916 "failed with exit code %d",
917 cmdbuf, opts, special, directory, status);
918 return (-1);
919 }
920
921 /*
922 * Check if a given mount point path exists.
923 * If it does, make sure it doesn't contain any symlinks.
924 * Note that if "leaf" is false we're checking an intermediate
925 * component of the mount point path, so it must be a directory.
926 * If "leaf" is true, then we're checking the entire mount point
927 * path, so the mount point itself can be anything aside from a
928 * symbolic link.
929 *
930 * If the path is invalid then a negative value is returned. If the
931 * path exists and is a valid mount point path then 0 is returned.
932 * If the path doesn't exist return a positive value.
933 */
934 static int
935 valid_mount_point(zlog_t *zlogp, const char *path, const boolean_t leaf)
936 {
937 struct stat statbuf;
938 char respath[MAXPATHLEN];
939 int res;
940
941 if (lstat(path, &statbuf) != 0) {
942 if (errno == ENOENT)
943 return (1);
944 zerror(zlogp, B_TRUE, "can't stat %s", path);
945 return (-1);
946 }
947 if (S_ISLNK(statbuf.st_mode)) {
948 zerror(zlogp, B_FALSE, "%s is a symlink", path);
949 return (-1);
950 }
951 if (!leaf && !S_ISDIR(statbuf.st_mode)) {
952 zerror(zlogp, B_FALSE, "%s is not a directory", path);
953 return (-1);
954 }
955 if ((res = resolvepath(path, respath, sizeof (respath))) == -1) {
956 zerror(zlogp, B_TRUE, "unable to resolve path %s", path);
957 return (-1);
958 }
959 respath[res] = '\0';
960 if (strcmp(path, respath) != 0) {
961 /*
962 * We don't like ".."s, "."s, or "//"s throwing us off
963 */
964 zerror(zlogp, B_FALSE, "%s is not a canonical path", path);
965 return (-1);
966 }
967 return (0);
968 }
969
970 /*
971 * Validate a mount point path. A valid mount point path is an
972 * absolute path that either doesn't exist, or, if it does exists it
973 * must be an absolute canonical path that doesn't have any symbolic
974 * links in it. The target of a mount point path can be any filesystem
975 * object. (Different filesystems can support different mount points,
976 * for example "lofs" and "mntfs" both support files and directories
977 * while "ufs" just supports directories.)
978 *
979 * If the path is invalid then a negative value is returned. If the
980 * path exists and is a valid mount point path then 0 is returned.
981 * If the path doesn't exist return a positive value.
982 */
983 int
984 valid_mount_path(zlog_t *zlogp, const char *rootpath, const char *spec,
985 const char *dir, const char *fstype)
986 {
987 char abspath[MAXPATHLEN], *slashp, *slashp_next;
988 int rv;
989
990 /*
991 * Sanity check the target mount point path.
992 * It must be a non-null string that starts with a '/'.
993 */
994 if (dir[0] != '/') {
995 /* Something went wrong. */
996 zerror(zlogp, B_FALSE, "invalid mount directory, "
997 "type: \"%s\", special: \"%s\", dir: \"%s\"",
998 fstype, spec, dir);
999 return (-1);
1000 }
1001
1002 /*
1003 * Join rootpath and dir. Make sure abspath ends with '/', this
1004 * is added to all paths (even non-directory paths) to allow us
1005 * to detect the end of paths below. If the path already ends
1006 * in a '/', then that's ok too (although we'll fail the
1007 * cannonical path check in valid_mount_point()).
1008 */
1009 if (snprintf(abspath, sizeof (abspath),
1010 "%s%s/", rootpath, dir) >= sizeof (abspath)) {
1011 zerror(zlogp, B_FALSE, "pathname %s%s is too long",
1012 rootpath, dir);
1013 return (-1);
1014 }
1015
1016 /*
1017 * Starting with rootpath, verify the mount path one component
1018 * at a time. Continue until we've evaluated all of abspath.
1019 */
1020 slashp = &abspath[strlen(rootpath)];
1021 assert(*slashp == '/');
1022 do {
1023 slashp_next = strchr(slashp + 1, '/');
1024 *slashp = '\0';
1025 if (slashp_next != NULL) {
1026 /* This is an intermediary mount path component. */
1027 rv = valid_mount_point(zlogp, abspath, B_FALSE);
1028 } else {
1029 /* This is the last component of the mount path. */
1030 rv = valid_mount_point(zlogp, abspath, B_TRUE);
1031 }
1032 if (rv < 0)
1033 return (rv);
1034 *slashp = '/';
1035 } while ((slashp = slashp_next) != NULL);
1036 return (rv);
1037 }
1038
1039 static int
1040 mount_one_dev_device_cb(void *arg, const char *match, const char *name)
1041 {
1042 di_prof_t prof = arg;
1043
1044 if (name == NULL)
1045 return (di_prof_add_dev(prof, match));
1046 return (di_prof_add_map(prof, match, name));
1047 }
1048
1049 static int
1050 mount_one_dev_symlink_cb(void *arg, const char *source, const char *target)
1051 {
1052 di_prof_t prof = arg;
1053
1054 return (di_prof_add_symlink(prof, source, target));
1055 }
1056
1057 int
1058 vplat_get_iptype(zlog_t *zlogp, zone_iptype_t *iptypep)
1059 {
1060 zone_dochandle_t handle;
1061
1062 if ((handle = zonecfg_init_handle()) == NULL) {
1063 zerror(zlogp, B_TRUE, "getting zone configuration handle");
1064 return (-1);
1065 }
1066 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
1067 zerror(zlogp, B_FALSE, "invalid configuration");
1068 zonecfg_fini_handle(handle);
1069 return (-1);
1070 }
1071 if (zonecfg_get_iptype(handle, iptypep) != Z_OK) {
1072 zerror(zlogp, B_FALSE, "invalid ip-type configuration");
1073 zonecfg_fini_handle(handle);
1074 return (-1);
1075 }
1076 zonecfg_fini_handle(handle);
1077 return (0);
1078 }
1079
1080 /*
1081 * Apply the standard lists of devices/symlinks/mappings and the user-specified
1082 * list of devices (via zonecfg) to the /dev filesystem. The filesystem will
1083 * use these as a profile/filter to determine what exists in /dev.
1084 */
1085 static int
1086 mount_one_dev(zlog_t *zlogp, char *devpath, zone_mnt_t mount_cmd)
1087 {
1088 char brand[MAXNAMELEN];
1089 zone_dochandle_t handle = NULL;
1090 brand_handle_t bh = NULL;
1091 struct zone_devtab ztab;
1092 di_prof_t prof = NULL;
1093 int err;
1094 int retval = -1;
1095 zone_iptype_t iptype;
1096 const char *curr_iptype;
1097
1098 if (di_prof_init(devpath, &prof)) {
1099 zerror(zlogp, B_TRUE, "failed to initialize profile");
1100 goto cleanup;
1101 }
1102
1103 /*
1104 * Get a handle to the brand info for this zone.
1105 * If we are mounting the zone, then we must always use the default
1106 * brand device mounts.
1107 */
1108 if (ALT_MOUNT(mount_cmd)) {
1109 (void) strlcpy(brand, default_brand, sizeof (brand));
1110 } else {
1111 (void) strlcpy(brand, brand_name, sizeof (brand));
1112 }
1113
1114 if ((bh = brand_open(brand)) == NULL) {
1115 zerror(zlogp, B_FALSE, "unable to determine zone brand");
1116 goto cleanup;
1117 }
1118
1119 if (vplat_get_iptype(zlogp, &iptype) < 0) {
1120 zerror(zlogp, B_TRUE, "unable to determine ip-type");
1121 goto cleanup;
1122 }
1123 switch (iptype) {
1124 case ZS_SHARED:
1125 curr_iptype = "shared";
1126 break;
1127 case ZS_EXCLUSIVE:
1128 curr_iptype = "exclusive";
1129 break;
1130 }
1131
1132 if (brand_platform_iter_devices(bh, zone_name,
1133 mount_one_dev_device_cb, prof, curr_iptype) != 0) {
1134 zerror(zlogp, B_TRUE, "failed to add standard device");
1135 goto cleanup;
1136 }
1137
1138 if (brand_platform_iter_link(bh,
1139 mount_one_dev_symlink_cb, prof) != 0) {
1140 zerror(zlogp, B_TRUE, "failed to add standard symlink");
1141 goto cleanup;
1142 }
1143
1144 /* Add user-specified devices and directories */
1145 if ((handle = zonecfg_init_handle()) == NULL) {
1146 zerror(zlogp, B_FALSE, "can't initialize zone handle");
1147 goto cleanup;
1148 }
1149 if (err = zonecfg_get_handle(zone_name, handle)) {
1150 zerror(zlogp, B_FALSE, "can't get handle for zone "
1151 "%s: %s", zone_name, zonecfg_strerror(err));
1152 goto cleanup;
1153 }
1154 if (err = zonecfg_setdevent(handle)) {
1155 zerror(zlogp, B_FALSE, "%s: %s", zone_name,
1156 zonecfg_strerror(err));
1157 goto cleanup;
1158 }
1159 while (zonecfg_getdevent(handle, &ztab) == Z_OK) {
1160 if (di_prof_add_dev(prof, ztab.zone_dev_match)) {
1161 zerror(zlogp, B_TRUE, "failed to add "
1162 "user-specified device");
1163 goto cleanup;
1164 }
1165 }
1166 (void) zonecfg_enddevent(handle);
1167
1168 /* Send profile to kernel */
1169 if (di_prof_commit(prof)) {
1170 zerror(zlogp, B_TRUE, "failed to commit profile");
1171 goto cleanup;
1172 }
1173
1174 retval = 0;
1175
1176 cleanup:
1177 if (bh != NULL)
1178 brand_close(bh);
1179 if (handle != NULL)
1180 zonecfg_fini_handle(handle);
1181 if (prof)
1182 di_prof_fini(prof);
1183 return (retval);
1184 }
1185
1186 static int
1187 mount_one(zlog_t *zlogp, struct zone_fstab *fsptr, const char *rootpath,
1188 zone_mnt_t mount_cmd)
1189 {
1190 char path[MAXPATHLEN];
1191 char optstr[MAX_MNTOPT_STR];
1192 zone_fsopt_t *optptr;
1193 int rv;
1194
1195 if ((rv = valid_mount_path(zlogp, rootpath, fsptr->zone_fs_special,
1196 fsptr->zone_fs_dir, fsptr->zone_fs_type)) < 0) {
1197 zerror(zlogp, B_FALSE, "%s%s is not a valid mount point",
1198 rootpath, fsptr->zone_fs_dir);
1199 return (-1);
1200 } else if (rv > 0) {
1201 /* The mount point path doesn't exist, create it now. */
1202 if (make_one_dir(zlogp, rootpath, fsptr->zone_fs_dir,
1203 DEFAULT_DIR_MODE, DEFAULT_DIR_USER,
1204 DEFAULT_DIR_GROUP) != 0) {
1205 zerror(zlogp, B_FALSE, "failed to create mount point");
1206 return (-1);
1207 }
1208
1209 /*
1210 * Now this might seem weird, but we need to invoke
1211 * valid_mount_path() again. Why? Because it checks
1212 * to make sure that the mount point path is canonical,
1213 * which it can only do if the path exists, so now that
1214 * we've created the path we have to verify it again.
1215 */
1216 if ((rv = valid_mount_path(zlogp, rootpath,
1217 fsptr->zone_fs_special, fsptr->zone_fs_dir,
1218 fsptr->zone_fs_type)) < 0) {
1219 zerror(zlogp, B_FALSE,
1220 "%s%s is not a valid mount point",
1221 rootpath, fsptr->zone_fs_dir);
1222 return (-1);
1223 }
1224 }
1225
1226 (void) snprintf(path, sizeof (path), "%s%s", rootpath,
1227 fsptr->zone_fs_dir);
1228
1229 /*
1230 * In general the strategy here is to do just as much verification as
1231 * necessary to avoid crashing or otherwise doing something bad; if the
1232 * administrator initiated the operation via zoneadm(1m), he'll get
1233 * auto-verification which will let him know what's wrong. If he
1234 * modifies the zone configuration of a running zone and doesn't attempt
1235 * to verify that it's OK we won't crash but won't bother trying to be
1236 * too helpful either. zoneadm verify is only a couple keystrokes away.
1237 */
1238 if (!zonecfg_valid_fs_type(fsptr->zone_fs_type)) {
1239 zerror(zlogp, B_FALSE, "cannot mount %s on %s: "
1240 "invalid file-system type %s", fsptr->zone_fs_special,
1241 fsptr->zone_fs_dir, fsptr->zone_fs_type);
1242 return (-1);
1243 }
1244
1245 /*
1246 * If we're looking at an alternate root environment, then construct
1247 * read-only loopback mounts as necessary. Note that any special
1248 * paths for lofs zone mounts in an alternate root must have
1249 * already been pre-pended with any alternate root path by the
1250 * time we get here.
1251 */
1252 if (zonecfg_in_alt_root()) {
1253 struct stat64 st;
1254
1255 if (stat64(fsptr->zone_fs_special, &st) != -1 &&
1256 S_ISBLK(st.st_mode)) {
1257 /*
1258 * If we're going to mount a block device we need
1259 * to check if that device is already mounted
1260 * somewhere else, and if so, do a lofs mount
1261 * of the device instead of a direct mount
1262 */
1263 if (check_lofs_needed(zlogp, fsptr) == -1)
1264 return (-1);
1265 } else if (strcmp(fsptr->zone_fs_type, MNTTYPE_LOFS) == 0) {
1266 /*
1267 * For lofs mounts, the special node is inside the
1268 * alternate root. We need lofs resolution for
1269 * this case in order to get at the underlying
1270 * read-write path.
1271 */
1272 resolve_lofs(zlogp, fsptr->zone_fs_special,
1273 sizeof (fsptr->zone_fs_special));
1274 }
1275 }
1276
1277 /*
1278 * Run 'fsck -m' if there's a device to fsck.
1279 */
1280 if (fsptr->zone_fs_raw[0] != '\0' &&
1281 dofsck(zlogp, fsptr->zone_fs_type, fsptr->zone_fs_raw) != 0) {
1282 return (-1);
1283 } else if (isregfile(fsptr->zone_fs_special) == 1 &&
1284 dofsck(zlogp, fsptr->zone_fs_type, fsptr->zone_fs_special) != 0) {
1285 return (-1);
1286 }
1287
1288 /*
1289 * Build up mount option string.
1290 */
1291 optstr[0] = '\0';
1292 if (fsptr->zone_fs_options != NULL) {
1293 (void) strlcpy(optstr, fsptr->zone_fs_options->zone_fsopt_opt,
1294 sizeof (optstr));
1295 for (optptr = fsptr->zone_fs_options->zone_fsopt_next;
1296 optptr != NULL; optptr = optptr->zone_fsopt_next) {
1297 (void) strlcat(optstr, ",", sizeof (optstr));
1298 (void) strlcat(optstr, optptr->zone_fsopt_opt,
1299 sizeof (optstr));
1300 }
1301 }
1302
1303 if ((rv = domount(zlogp, fsptr->zone_fs_type, optstr,
1304 fsptr->zone_fs_special, path)) != 0)
1305 return (rv);
1306
1307 /*
1308 * The mount succeeded. If this was not a mount of /dev then
1309 * we're done.
1310 */
1311 if (strcmp(fsptr->zone_fs_type, MNTTYPE_DEV) != 0)
1312 return (0);
1313
1314 /*
1315 * We just mounted an instance of a /dev filesystem, so now we
1316 * need to configure it.
1317 */
1318 return (mount_one_dev(zlogp, path, mount_cmd));
1319 }
1320
1321 static void
1322 free_fs_data(struct zone_fstab *fsarray, uint_t nelem)
1323 {
1324 uint_t i;
1325
1326 if (fsarray == NULL)
1327 return;
1328 for (i = 0; i < nelem; i++)
1329 zonecfg_free_fs_option_list(fsarray[i].zone_fs_options);
1330 free(fsarray);
1331 }
1332
1333 /*
1334 * This function initiates the creation of a small Solaris Environment for
1335 * scratch zone. The Environment creation process is split up into two
1336 * functions(build_mounted_pre_var() and build_mounted_post_var()). It
1337 * is done this way because:
1338 * We need to have both /etc and /var in the root of the scratchzone.
1339 * We loopback mount zone's own /etc and /var into the root of the
1340 * scratch zone. Unlike /etc, /var can be a seperate filesystem. So we
1341 * need to delay the mount of /var till the zone's root gets populated.
1342 * So mounting of localdirs[](/etc and /var) have been moved to the
1343 * build_mounted_post_var() which gets called only after the zone
1344 * specific filesystems are mounted.
1345 *
1346 * Note that the scratch zone we set up for updating the zone (Z_MNT_UPDATE)
1347 * does not loopback mount the zone's own /etc and /var into the root of the
1348 * scratch zone.
1349 */
1350 static boolean_t
1351 build_mounted_pre_var(zlog_t *zlogp, char *rootpath,
1352 size_t rootlen, const char *zonepath, char *luroot, size_t lurootlen)
1353 {
1354 char tmp[MAXPATHLEN], fromdir[MAXPATHLEN];
1355 const char **cpp;
1356 static const char *mkdirs[] = {
1357 "/system", "/system/contract", "/system/object", "/proc",
1358 "/dev", "/tmp", "/a", NULL
1359 };
1360 char *altstr;
1361 FILE *fp;
1362 uuid_t uuid;
1363
1364 resolve_lofs(zlogp, rootpath, rootlen);
1365 (void) snprintf(luroot, lurootlen, "%s/lu", zonepath);
1366 resolve_lofs(zlogp, luroot, lurootlen);
1367 (void) snprintf(tmp, sizeof (tmp), "%s/bin", luroot);
1368 (void) symlink("./usr/bin", tmp);
1369
1370 /*
1371 * These are mostly special mount points; not handled here. (See
1372 * zone_mount_early.)
1373 */
1374 for (cpp = mkdirs; *cpp != NULL; cpp++) {
1375 (void) snprintf(tmp, sizeof (tmp), "%s%s", luroot, *cpp);
1376 if (mkdir(tmp, 0755) != 0) {
1377 zerror(zlogp, B_TRUE, "cannot create %s", tmp);
1378 return (B_FALSE);
1379 }
1380 }
1381 /*
1382 * This is here to support lucopy. If there's an instance of this same
1383 * zone on the current running system, then we mount its root up as
1384 * read-only inside the scratch zone.
1385 */
1386 (void) zonecfg_get_uuid(zone_name, uuid);
1387 altstr = strdup(zonecfg_get_root());
1388 if (altstr == NULL) {
1389 zerror(zlogp, B_TRUE, "memory allocation failed");
1390 return (B_FALSE);
1391 }
1392 zonecfg_set_root("");
1393 (void) strlcpy(tmp, zone_name, sizeof (tmp));
1394 (void) zonecfg_get_name_by_uuid(uuid, tmp, sizeof (tmp));
1395 if (zone_get_rootpath(tmp, fromdir, sizeof (fromdir)) == Z_OK &&
1396 strcmp(fromdir, rootpath) != 0) {
1397 (void) snprintf(tmp, sizeof (tmp), "%s/b", luroot);
1398 if (mkdir(tmp, 0755) != 0) {
1399 zerror(zlogp, B_TRUE, "cannot create %s", tmp);
1400 return (B_FALSE);
1401 }
1402 if (domount(zlogp, MNTTYPE_LOFS, RESOURCE_DEFAULT_OPTS, fromdir,
1403 tmp) != 0) {
1404 zerror(zlogp, B_TRUE, "cannot mount %s on %s", tmp,
1405 fromdir);
1406 return (B_FALSE);
1407 }
1408 }
1409 zonecfg_set_root(altstr);
1410 free(altstr);
1411
1412 if ((fp = zonecfg_open_scratch(luroot, B_TRUE)) == NULL) {
1413 zerror(zlogp, B_TRUE, "cannot open zone mapfile");
1414 return (B_FALSE);
1415 }
1416 (void) ftruncate(fileno(fp), 0);
1417 if (zonecfg_add_scratch(fp, zone_name, kernzone, "/") == -1) {
1418 zerror(zlogp, B_TRUE, "cannot add zone mapfile entry");
1419 }
1420 zonecfg_close_scratch(fp);
1421 (void) snprintf(tmp, sizeof (tmp), "%s/a", luroot);
1422 if (domount(zlogp, MNTTYPE_LOFS, "", rootpath, tmp) != 0)
1423 return (B_FALSE);
1424 (void) strlcpy(rootpath, tmp, rootlen);
1425 return (B_TRUE);
1426 }
1427
1428
1429 static boolean_t
1430 build_mounted_post_var(zlog_t *zlogp, zone_mnt_t mount_cmd, char *rootpath,
1431 const char *luroot)
1432 {
1433 char tmp[MAXPATHLEN], fromdir[MAXPATHLEN];
1434 const char **cpp;
1435 const char **loopdirs;
1436 const char **tmpdirs;
1437 static const char *localdirs[] = {
1438 "/etc", "/var", NULL
1439 };
1440 static const char *scr_loopdirs[] = {
1441 "/etc/lib", "/etc/fs", "/lib", "/sbin", "/platform",
1442 "/usr", NULL
1443 };
1444 static const char *upd_loopdirs[] = {
1445 "/etc", "/kernel", "/lib", "/opt", "/platform", "/sbin",
1446 "/usr", "/var", NULL
1447 };
1448 static const char *scr_tmpdirs[] = {
1449 "/tmp", "/var/run", NULL
1450 };
1451 static const char *upd_tmpdirs[] = {
1452 "/tmp", "/var/run", "/var/tmp", NULL
1453 };
1454 struct stat st;
1455
1456 if (mount_cmd == Z_MNT_SCRATCH) {
1457 /*
1458 * These are mounted read-write from the zone undergoing
1459 * upgrade. We must be careful not to 'leak' things from the
1460 * main system into the zone, and this accomplishes that goal.
1461 */
1462 for (cpp = localdirs; *cpp != NULL; cpp++) {
1463 (void) snprintf(tmp, sizeof (tmp), "%s%s", luroot,
1464 *cpp);
1465 (void) snprintf(fromdir, sizeof (fromdir), "%s%s",
1466 rootpath, *cpp);
1467 if (mkdir(tmp, 0755) != 0) {
1468 zerror(zlogp, B_TRUE, "cannot create %s", tmp);
1469 return (B_FALSE);
1470 }
1471 if (domount(zlogp, MNTTYPE_LOFS, "", fromdir, tmp)
1472 != 0) {
1473 zerror(zlogp, B_TRUE, "cannot mount %s on %s",
1474 tmp, *cpp);
1475 return (B_FALSE);
1476 }
1477 }
1478 }
1479
1480 if (mount_cmd == Z_MNT_UPDATE)
1481 loopdirs = upd_loopdirs;
1482 else
1483 loopdirs = scr_loopdirs;
1484
1485 /*
1486 * These are things mounted read-only from the running system because
1487 * they contain binaries that must match system.
1488 */
1489 for (cpp = loopdirs; *cpp != NULL; cpp++) {
1490 (void) snprintf(tmp, sizeof (tmp), "%s%s", luroot, *cpp);
1491 if (mkdir(tmp, 0755) != 0) {
1492 if (errno != EEXIST) {
1493 zerror(zlogp, B_TRUE, "cannot create %s", tmp);
1494 return (B_FALSE);
1495 }
1496 if (lstat(tmp, &st) != 0) {
1497 zerror(zlogp, B_TRUE, "cannot stat %s", tmp);
1498 return (B_FALSE);
1499 }
1500 /*
1501 * Ignore any non-directories encountered. These are
1502 * things that have been converted into symlinks
1503 * (/etc/fs and /etc/lib) and no longer need a lofs
1504 * fixup.
1505 */
1506 if (!S_ISDIR(st.st_mode))
1507 continue;
1508 }
1509 if (domount(zlogp, MNTTYPE_LOFS, RESOURCE_DEFAULT_OPTS, *cpp,
1510 tmp) != 0) {
1511 zerror(zlogp, B_TRUE, "cannot mount %s on %s", tmp,
1512 *cpp);
1513 return (B_FALSE);
1514 }
1515 }
1516
1517 if (mount_cmd == Z_MNT_UPDATE)
1518 tmpdirs = upd_tmpdirs;
1519 else
1520 tmpdirs = scr_tmpdirs;
1521
1522 /*
1523 * These are things with tmpfs mounted inside.
1524 */
1525 for (cpp = tmpdirs; *cpp != NULL; cpp++) {
1526 (void) snprintf(tmp, sizeof (tmp), "%s%s", luroot, *cpp);
1527 if (mount_cmd == Z_MNT_SCRATCH && mkdir(tmp, 0755) != 0 &&
1528 errno != EEXIST) {
1529 zerror(zlogp, B_TRUE, "cannot create %s", tmp);
1530 return (B_FALSE);
1531 }
1532
1533 /*
1534 * We could set the mode for /tmp when we do the mkdir but
1535 * since that can be modified by the umask we will just set
1536 * the correct mode for /tmp now.
1537 */
1538 if (strcmp(*cpp, "/tmp") == 0 && chmod(tmp, 01777) != 0) {
1539 zerror(zlogp, B_TRUE, "cannot chmod %s", tmp);
1540 return (B_FALSE);
1541 }
1542
1543 if (domount(zlogp, MNTTYPE_TMPFS, "", "swap", tmp) != 0) {
1544 zerror(zlogp, B_TRUE, "cannot mount swap on %s", *cpp);
1545 return (B_FALSE);
1546 }
1547 }
1548 return (B_TRUE);
1549 }
1550
1551 typedef struct plat_gmount_cb_data {
1552 zlog_t *pgcd_zlogp;
1553 struct zone_fstab **pgcd_fs_tab;
1554 int *pgcd_num_fs;
1555 } plat_gmount_cb_data_t;
1556
1557 /*
1558 * plat_gmount_cb() is a callback function invoked by libbrand to iterate
1559 * through all global brand platform mounts.
1560 */
1561 int
1562 plat_gmount_cb(void *data, const char *spec, const char *dir,
1563 const char *fstype, const char *opt)
1564 {
1565 plat_gmount_cb_data_t *cp = data;
1566 zlog_t *zlogp = cp->pgcd_zlogp;
1567 struct zone_fstab *fs_ptr = *cp->pgcd_fs_tab;
1568 int num_fs = *cp->pgcd_num_fs;
1569 struct zone_fstab *fsp, *tmp_ptr;
1570
1571 num_fs++;
1572 if ((tmp_ptr = realloc(fs_ptr, num_fs * sizeof (*tmp_ptr))) == NULL) {
1573 zerror(zlogp, B_TRUE, "memory allocation failed");
1574 return (-1);
1575 }
1576
1577 fs_ptr = tmp_ptr;
1578 fsp = &fs_ptr[num_fs - 1];
1579
1580 /* update the callback struct passed in */
1581 *cp->pgcd_fs_tab = fs_ptr;
1582 *cp->pgcd_num_fs = num_fs;
1583
1584 fsp->zone_fs_raw[0] = '\0';
1585 (void) strlcpy(fsp->zone_fs_special, spec,
1586 sizeof (fsp->zone_fs_special));
1587 (void) strlcpy(fsp->zone_fs_dir, dir, sizeof (fsp->zone_fs_dir));
1588 (void) strlcpy(fsp->zone_fs_type, fstype, sizeof (fsp->zone_fs_type));
1589 fsp->zone_fs_options = NULL;
1590 if ((opt != NULL) &&
1591 (zonecfg_add_fs_option(fsp, (char *)opt) != Z_OK)) {
1592 zerror(zlogp, B_FALSE, "error adding property");
1593 return (-1);
1594 }
1595
1596 return (0);
1597 }
1598
1599 static int
1600 mount_filesystems_fsent(zone_dochandle_t handle, zlog_t *zlogp,
1601 struct zone_fstab **fs_tabp, int *num_fsp, zone_mnt_t mount_cmd)
1602 {
1603 struct zone_fstab *tmp_ptr, *fs_ptr, *fsp, fstab;
1604 int num_fs;
1605
1606 num_fs = *num_fsp;
1607 fs_ptr = *fs_tabp;
1608
1609 if (zonecfg_setfsent(handle) != Z_OK) {
1610 zerror(zlogp, B_FALSE, "invalid configuration");
1611 return (-1);
1612 }
1613 while (zonecfg_getfsent(handle, &fstab) == Z_OK) {
1614 /*
1615 * ZFS filesystems will not be accessible under an alternate
1616 * root, since the pool will not be known. Ignore them in this
1617 * case.
1618 */
1619 if (ALT_MOUNT(mount_cmd) &&
1620 strcmp(fstab.zone_fs_type, MNTTYPE_ZFS) == 0)
1621 continue;
1622
1623 num_fs++;
1624 if ((tmp_ptr = realloc(fs_ptr,
1625 num_fs * sizeof (*tmp_ptr))) == NULL) {
1626 zerror(zlogp, B_TRUE, "memory allocation failed");
1627 (void) zonecfg_endfsent(handle);
1628 return (-1);
1629 }
1630 /* update the pointers passed in */
1631 *fs_tabp = tmp_ptr;
1632 *num_fsp = num_fs;
1633
1634 fs_ptr = tmp_ptr;
1635 fsp = &fs_ptr[num_fs - 1];
1636 (void) strlcpy(fsp->zone_fs_dir,
1637 fstab.zone_fs_dir, sizeof (fsp->zone_fs_dir));
1638 (void) strlcpy(fsp->zone_fs_raw, fstab.zone_fs_raw,
1639 sizeof (fsp->zone_fs_raw));
1640 (void) strlcpy(fsp->zone_fs_type, fstab.zone_fs_type,
1641 sizeof (fsp->zone_fs_type));
1642 fsp->zone_fs_options = fstab.zone_fs_options;
1643
1644 /*
1645 * For all lofs mounts, make sure that the 'special'
1646 * entry points inside the alternate root. The
1647 * source path for a lofs mount in a given zone needs
1648 * to be relative to the root of the boot environment
1649 * that contains the zone. Note that we don't do this
1650 * for non-lofs mounts since they will have a device
1651 * as a backing store and device paths must always be
1652 * specified relative to the current boot environment.
1653 */
1654 fsp->zone_fs_special[0] = '\0';
1655 if (strcmp(fsp->zone_fs_type, MNTTYPE_LOFS) == 0) {
1656 (void) strlcat(fsp->zone_fs_special, zonecfg_get_root(),
1657 sizeof (fsp->zone_fs_special));
1658 }
1659 (void) strlcat(fsp->zone_fs_special, fstab.zone_fs_special,
1660 sizeof (fsp->zone_fs_special));
1661 }
1662 (void) zonecfg_endfsent(handle);
1663 return (0);
1664 }
1665
1666 static int
1667 mount_filesystems(zlog_t *zlogp, zone_mnt_t mount_cmd)
1668 {
1669 char rootpath[MAXPATHLEN];
1670 char zonepath[MAXPATHLEN];
1671 char brand[MAXNAMELEN];
1672 char luroot[MAXPATHLEN];
1673 int i, num_fs = 0;
1674 struct zone_fstab *fs_ptr = NULL;
1675 zone_dochandle_t handle = NULL;
1676 zone_state_t zstate;
1677 brand_handle_t bh;
1678 plat_gmount_cb_data_t cb;
1679
1680 if (zone_get_state(zone_name, &zstate) != Z_OK ||
1681 (zstate != ZONE_STATE_READY && zstate != ZONE_STATE_MOUNTED)) {
1682 zerror(zlogp, B_FALSE,
1683 "zone must be in '%s' or '%s' state to mount file-systems",
1684 zone_state_str(ZONE_STATE_READY),
1685 zone_state_str(ZONE_STATE_MOUNTED));
1686 goto bad;
1687 }
1688
1689 if (zone_get_zonepath(zone_name, zonepath, sizeof (zonepath)) != Z_OK) {
1690 zerror(zlogp, B_TRUE, "unable to determine zone path");
1691 goto bad;
1692 }
1693
1694 if (zone_get_rootpath(zone_name, rootpath, sizeof (rootpath)) != Z_OK) {
1695 zerror(zlogp, B_TRUE, "unable to determine zone root");
1696 goto bad;
1697 }
1698
1699 if ((handle = zonecfg_init_handle()) == NULL) {
1700 zerror(zlogp, B_TRUE, "getting zone configuration handle");
1701 goto bad;
1702 }
1703 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK ||
1704 zonecfg_setfsent(handle) != Z_OK) {
1705 zerror(zlogp, B_FALSE, "invalid configuration");
1706 goto bad;
1707 }
1708
1709 /*
1710 * If we are mounting the zone, then we must always use the default
1711 * brand global mounts.
1712 */
1713 if (ALT_MOUNT(mount_cmd)) {
1714 (void) strlcpy(brand, default_brand, sizeof (brand));
1715 } else {
1716 (void) strlcpy(brand, brand_name, sizeof (brand));
1717 }
1718
1719 /* Get a handle to the brand info for this zone */
1720 if ((bh = brand_open(brand)) == NULL) {
1721 zerror(zlogp, B_FALSE, "unable to determine zone brand");
1722 zonecfg_fini_handle(handle);
1723 return (-1);
1724 }
1725
1726 /*
1727 * Get the list of global filesystems to mount from the brand
1728 * configuration.
1729 */
1730 cb.pgcd_zlogp = zlogp;
1731 cb.pgcd_fs_tab = &fs_ptr;
1732 cb.pgcd_num_fs = &num_fs;
1733 if (brand_platform_iter_gmounts(bh, zonepath,
1734 plat_gmount_cb, &cb) != 0) {
1735 zerror(zlogp, B_FALSE, "unable to mount filesystems");
1736 brand_close(bh);
1737 zonecfg_fini_handle(handle);
1738 return (-1);
1739 }
1740 brand_close(bh);
1741
1742 /*
1743 * Iterate through the rest of the filesystems. Sort them all,
1744 * then mount them in sorted order. This is to make sure the
1745 * higher level directories (e.g., /usr) get mounted before
1746 * any beneath them (e.g., /usr/local).
1747 */
1748 if (mount_filesystems_fsent(handle, zlogp, &fs_ptr, &num_fs,
1749 mount_cmd) != 0)
1750 goto bad;
1751
1752 zonecfg_fini_handle(handle);
1753 handle = NULL;
1754
1755 /*
1756 * Normally when we mount a zone all the zone filesystems
1757 * get mounted relative to rootpath, which is usually
1758 * <zonepath>/root. But when mounting a zone for administration
1759 * purposes via the zone "mount" state, build_mounted_pre_var()
1760 * updates rootpath to be <zonepath>/lu/a so we'll mount all
1761 * the zones filesystems there instead.
1762 *
1763 * build_mounted_pre_var() and build_mounted_post_var() will
1764 * also do some extra work to create directories and lofs mount
1765 * a bunch of global zone file system paths into <zonepath>/lu.
1766 *
1767 * This allows us to be able to enter the zone (now rooted at
1768 * <zonepath>/lu) and run the upgrade/patch tools that are in the
1769 * global zone and have them upgrade the to-be-modified zone's
1770 * files mounted on /a. (Which mirrors the existing standard
1771 * upgrade environment.)
1772 *
1773 * There is of course one catch. When doing the upgrade
1774 * we need <zoneroot>/lu/dev to be the /dev filesystem
1775 * for the zone and we don't want to have any /dev filesystem
1776 * mounted at <zoneroot>/lu/a/dev. Since /dev is specified
1777 * as a normal zone filesystem by default we'll try to mount
1778 * it at <zoneroot>/lu/a/dev, so we have to detect this
1779 * case and instead mount it at <zoneroot>/lu/dev.
1780 *
1781 * All this work is done in three phases:
1782 * 1) Create and populate lu directory (build_mounted_pre_var()).
1783 * 2) Mount the required filesystems as per the zone configuration.
1784 * 3) Set up the rest of the scratch zone environment
1785 * (build_mounted_post_var()).
1786 */
1787 if (ALT_MOUNT(mount_cmd) && !build_mounted_pre_var(zlogp,
1788 rootpath, sizeof (rootpath), zonepath, luroot, sizeof (luroot)))
1789 goto bad;
1790
1791 qsort(fs_ptr, num_fs, sizeof (*fs_ptr), fs_compare);
1792
1793 for (i = 0; i < num_fs; i++) {
1794 if (ALT_MOUNT(mount_cmd) &&
1795 strcmp(fs_ptr[i].zone_fs_dir, "/dev") == 0) {
1796 size_t slen = strlen(rootpath) - 2;
1797
1798 /*
1799 * By default we'll try to mount /dev as /a/dev
1800 * but /dev is special and always goes at the top
1801 * so strip the trailing '/a' from the rootpath.
1802 */
1803 assert(strcmp(&rootpath[slen], "/a") == 0);
1804 rootpath[slen] = '\0';
1805 if (mount_one(zlogp, &fs_ptr[i], rootpath, mount_cmd)
1806 != 0)
1807 goto bad;
1808 rootpath[slen] = '/';
1809 continue;
1810 }
1811 if (mount_one(zlogp, &fs_ptr[i], rootpath, mount_cmd) != 0)
1812 goto bad;
1813 }
1814 if (ALT_MOUNT(mount_cmd) &&
1815 !build_mounted_post_var(zlogp, mount_cmd, rootpath, luroot))
1816 goto bad;
1817
1818 /*
1819 * For Trusted Extensions cross-mount each lower level /export/home
1820 */
1821 if (mount_cmd == Z_MNT_BOOT &&
1822 tsol_mounts(zlogp, zone_name, rootpath) != 0)
1823 goto bad;
1824
1825 free_fs_data(fs_ptr, num_fs);
1826
1827 /*
1828 * Everything looks fine.
1829 */
1830 return (0);
1831
1832 bad:
1833 if (handle != NULL)
1834 zonecfg_fini_handle(handle);
1835 free_fs_data(fs_ptr, num_fs);
1836 return (-1);
1837 }
1838
1839 /* caller makes sure neither parameter is NULL */
1840 static int
1841 addr2netmask(char *prefixstr, int maxprefixlen, uchar_t *maskstr)
1842 {
1843 int prefixlen;
1844
1845 prefixlen = atoi(prefixstr);
1846 if (prefixlen < 0 || prefixlen > maxprefixlen)
1847 return (1);
1848 while (prefixlen > 0) {
1849 if (prefixlen >= 8) {
1850 *maskstr++ = 0xFF;
1851 prefixlen -= 8;
1852 continue;
1853 }
1854 *maskstr |= 1 << (8 - prefixlen);
1855 prefixlen--;
1856 }
1857 return (0);
1858 }
1859
1860 /*
1861 * Tear down all interfaces belonging to the given zone. This should
1862 * be called with the zone in a state other than "running", so that
1863 * interfaces can't be assigned to the zone after this returns.
1864 *
1865 * If anything goes wrong, log an error message and return an error.
1866 */
1867 static int
1868 unconfigure_shared_network_interfaces(zlog_t *zlogp, zoneid_t zone_id)
1869 {
1870 struct lifnum lifn;
1871 struct lifconf lifc;
1872 struct lifreq *lifrp, lifrl;
1873 int64_t lifc_flags = LIFC_NOXMIT | LIFC_ALLZONES;
1874 int num_ifs, s, i, ret_code = 0;
1875 uint_t bufsize;
1876 char *buf = NULL;
1877
1878 if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
1879 zerror(zlogp, B_TRUE, "could not get socket");
1880 ret_code = -1;
1881 goto bad;
1882 }
1883 lifn.lifn_family = AF_UNSPEC;
1884 lifn.lifn_flags = (int)lifc_flags;
1885 if (ioctl(s, SIOCGLIFNUM, (char *)&lifn) < 0) {
1886 zerror(zlogp, B_TRUE,
1887 "could not determine number of network interfaces");
1888 ret_code = -1;
1889 goto bad;
1890 }
1891 num_ifs = lifn.lifn_count;
1892 bufsize = num_ifs * sizeof (struct lifreq);
1893 if ((buf = malloc(bufsize)) == NULL) {
1894 zerror(zlogp, B_TRUE, "memory allocation failed");
1895 ret_code = -1;
1896 goto bad;
1897 }
1898 lifc.lifc_family = AF_UNSPEC;
1899 lifc.lifc_flags = (int)lifc_flags;
1900 lifc.lifc_len = bufsize;
1901 lifc.lifc_buf = buf;
1902 if (ioctl(s, SIOCGLIFCONF, (char *)&lifc) < 0) {
1903 zerror(zlogp, B_TRUE, "could not get configured network "
1904 "interfaces");
1905 ret_code = -1;
1906 goto bad;
1907 }
1908 lifrp = lifc.lifc_req;
1909 for (i = lifc.lifc_len / sizeof (struct lifreq); i > 0; i--, lifrp++) {
1910 (void) close(s);
1911 if ((s = socket(lifrp->lifr_addr.ss_family, SOCK_DGRAM, 0)) <
1912 0) {
1913 zerror(zlogp, B_TRUE, "%s: could not get socket",
1914 lifrl.lifr_name);
1915 ret_code = -1;
1916 continue;
1917 }
1918 (void) memset(&lifrl, 0, sizeof (lifrl));
1919 (void) strncpy(lifrl.lifr_name, lifrp->lifr_name,
1920 sizeof (lifrl.lifr_name));
1921 if (ioctl(s, SIOCGLIFZONE, (caddr_t)&lifrl) < 0) {
1922 if (errno == ENXIO)
1923 /*
1924 * Interface may have been removed by admin or
1925 * another zone halting.
1926 */
1927 continue;
1928 zerror(zlogp, B_TRUE,
1929 "%s: could not determine the zone to which this "
1930 "network interface is bound", lifrl.lifr_name);
1931 ret_code = -1;
1932 continue;
1933 }
1934 if (lifrl.lifr_zoneid == zone_id) {
1935 if (ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifrl) < 0) {
1936 zerror(zlogp, B_TRUE,
1937 "%s: could not remove network interface",
1938 lifrl.lifr_name);
1939 ret_code = -1;
1940 continue;
1941 }
1942 }
1943 }
1944 bad:
1945 if (s > 0)
1946 (void) close(s);
1947 if (buf)
1948 free(buf);
1949 return (ret_code);
1950 }
1951
1952 static union sockunion {
1953 struct sockaddr sa;
1954 struct sockaddr_in sin;
1955 struct sockaddr_dl sdl;
1956 struct sockaddr_in6 sin6;
1957 } so_dst, so_ifp;
1958
1959 static struct {
1960 struct rt_msghdr hdr;
1961 char space[512];
1962 } rtmsg;
1963
1964 static int
1965 salen(struct sockaddr *sa)
1966 {
1967 switch (sa->sa_family) {
1968 case AF_INET:
1969 return (sizeof (struct sockaddr_in));
1970 case AF_LINK:
1971 return (sizeof (struct sockaddr_dl));
1972 case AF_INET6:
1973 return (sizeof (struct sockaddr_in6));
1974 default:
1975 return (sizeof (struct sockaddr));
1976 }
1977 }
1978
1979 #define ROUNDUP_LONG(a) \
1980 ((a) > 0 ? (1 + (((a) - 1) | (sizeof (long) - 1))) : sizeof (long))
1981
1982 /*
1983 * Look up which zone is using a given IP address. The address in question
1984 * is expected to have been stuffed into the structure to which lifr points
1985 * via a previous SIOCGLIFADDR ioctl().
1986 *
1987 * This is done using black router socket magic.
1988 *
1989 * Return the name of the zone on success or NULL on failure.
1990 *
1991 * This is a lot of code for a simple task; a new ioctl request to take care
1992 * of this might be a useful RFE.
1993 */
1994
1995 static char *
1996 who_is_using(zlog_t *zlogp, struct lifreq *lifr)
1997 {
1998 static char answer[ZONENAME_MAX];
1999 pid_t pid;
2000 int s, rlen, l, i;
2001 char *cp = rtmsg.space;
2002 struct sockaddr_dl *ifp = NULL;
2003 struct sockaddr *sa;
2004 char save_if_name[LIFNAMSIZ];
2005
2006 answer[0] = '\0';
2007
2008 pid = getpid();
2009 if ((s = socket(PF_ROUTE, SOCK_RAW, 0)) < 0) {
2010 zerror(zlogp, B_TRUE, "could not get routing socket");
2011 return (NULL);
2012 }
2013
2014 if (lifr->lifr_addr.ss_family == AF_INET) {
2015 struct sockaddr_in *sin4;
2016
2017 so_dst.sa.sa_family = AF_INET;
2018 sin4 = (struct sockaddr_in *)&lifr->lifr_addr;
2019 so_dst.sin.sin_addr = sin4->sin_addr;
2020 } else {
2021 struct sockaddr_in6 *sin6;
2022
2023 so_dst.sa.sa_family = AF_INET6;
2024 sin6 = (struct sockaddr_in6 *)&lifr->lifr_addr;
2025 so_dst.sin6.sin6_addr = sin6->sin6_addr;
2026 }
2027
2028 so_ifp.sa.sa_family = AF_LINK;
2029
2030 (void) memset(&rtmsg, 0, sizeof (rtmsg));
2031 rtmsg.hdr.rtm_type = RTM_GET;
2032 rtmsg.hdr.rtm_flags = RTF_UP | RTF_HOST;
2033 rtmsg.hdr.rtm_version = RTM_VERSION;
2034 rtmsg.hdr.rtm_seq = ++rts_seqno;
2035 rtmsg.hdr.rtm_addrs = RTA_IFP | RTA_DST;
2036
2037 l = ROUNDUP_LONG(salen(&so_dst.sa));
2038 (void) memmove(cp, &(so_dst), l);
2039 cp += l;
2040 l = ROUNDUP_LONG(salen(&so_ifp.sa));
2041 (void) memmove(cp, &(so_ifp), l);
2042 cp += l;
2043
2044 rtmsg.hdr.rtm_msglen = l = cp - (char *)&rtmsg;
2045
2046 if ((rlen = write(s, &rtmsg, l)) < 0) {
2047 zerror(zlogp, B_TRUE, "writing to routing socket");
2048 return (NULL);
2049 } else if (rlen < (int)rtmsg.hdr.rtm_msglen) {
2050 zerror(zlogp, B_TRUE,
2051 "write to routing socket got only %d for len\n", rlen);
2052 return (NULL);
2053 }
2054 do {
2055 l = read(s, &rtmsg, sizeof (rtmsg));
2056 } while (l > 0 && (rtmsg.hdr.rtm_seq != rts_seqno ||
2057 rtmsg.hdr.rtm_pid != pid));
2058 if (l < 0) {
2059 zerror(zlogp, B_TRUE, "reading from routing socket");
2060 return (NULL);
2061 }
2062
2063 if (rtmsg.hdr.rtm_version != RTM_VERSION) {
2064 zerror(zlogp, B_FALSE,
2065 "routing message version %d not understood",
2066 rtmsg.hdr.rtm_version);
2067 return (NULL);
2068 }
2069 if (rtmsg.hdr.rtm_msglen != (ushort_t)l) {
2070 zerror(zlogp, B_FALSE, "message length mismatch, "
2071 "expected %d bytes, returned %d bytes",
2072 rtmsg.hdr.rtm_msglen, l);
2073 return (NULL);
2074 }
2075 if (rtmsg.hdr.rtm_errno != 0) {
2076 errno = rtmsg.hdr.rtm_errno;
2077 zerror(zlogp, B_TRUE, "RTM_GET routing socket message");
2078 return (NULL);
2079 }
2080 if ((rtmsg.hdr.rtm_addrs & RTA_IFP) == 0) {
2081 zerror(zlogp, B_FALSE, "network interface not found");
2082 return (NULL);
2083 }
2084 cp = ((char *)(&rtmsg.hdr + 1));
2085 for (i = 1; i != 0; i <<= 1) {
2086 /* LINTED E_BAD_PTR_CAST_ALIGN */
2087 sa = (struct sockaddr *)cp;
2088 if (i != RTA_IFP) {
2089 if ((i & rtmsg.hdr.rtm_addrs) != 0)
2090 cp += ROUNDUP_LONG(salen(sa));
2091 continue;
2092 }
2093 if (sa->sa_family == AF_LINK &&
2094 ((struct sockaddr_dl *)sa)->sdl_nlen != 0)
2095 ifp = (struct sockaddr_dl *)sa;
2096 break;
2097 }
2098 if (ifp == NULL) {
2099 zerror(zlogp, B_FALSE, "network interface could not be "
2100 "determined");
2101 return (NULL);
2102 }
2103
2104 /*
2105 * We need to set the I/F name to what we got above, then do the
2106 * appropriate ioctl to get its zone name. But lifr->lifr_name is
2107 * used by the calling function to do a REMOVEIF, so if we leave the
2108 * "good" zone's I/F name in place, *that* I/F will be removed instead
2109 * of the bad one. So we save the old (bad) I/F name before over-
2110 * writing it and doing the ioctl, then restore it after the ioctl.
2111 */
2112 (void) strlcpy(save_if_name, lifr->lifr_name, sizeof (save_if_name));
2113 (void) strncpy(lifr->lifr_name, ifp->sdl_data, ifp->sdl_nlen);
2114 lifr->lifr_name[ifp->sdl_nlen] = '\0';
2115 i = ioctl(s, SIOCGLIFZONE, lifr);
2116 (void) strlcpy(lifr->lifr_name, save_if_name, sizeof (save_if_name));
2117 if (i < 0) {
2118 zerror(zlogp, B_TRUE,
2119 "%s: could not determine the zone network interface "
2120 "belongs to", lifr->lifr_name);
2121 return (NULL);
2122 }
2123 if (getzonenamebyid(lifr->lifr_zoneid, answer, sizeof (answer)) < 0)
2124 (void) snprintf(answer, sizeof (answer), "%d",
2125 lifr->lifr_zoneid);
2126
2127 if (strlen(answer) > 0)
2128 return (answer);
2129 return (NULL);
2130 }
2131
2132 /*
2133 * Configures a single interface: a new virtual interface is added, based on
2134 * the physical interface nwiftabptr->zone_nwif_physical, with the address
2135 * specified in nwiftabptr->zone_nwif_address, for zone zone_id. Note that
2136 * the "address" can be an IPv6 address (with a /prefixlength required), an
2137 * IPv4 address (with a /prefixlength optional), or a name; for the latter,
2138 * an IPv4 name-to-address resolution will be attempted.
2139 *
2140 * If anything goes wrong, we log an detailed error message, attempt to tear
2141 * down whatever we set up and return an error.
2142 */
2143 static int
2144 configure_one_interface(zlog_t *zlogp, zoneid_t zone_id,
2145 struct zone_nwiftab *nwiftabptr)
2146 {
2147 struct lifreq lifr;
2148 struct sockaddr_in netmask4;
2149 struct sockaddr_in6 netmask6;
2150 struct sockaddr_storage laddr;
2151 struct in_addr in4;
2152 sa_family_t af;
2153 char *slashp = strchr(nwiftabptr->zone_nwif_address, '/');
2154 int s;
2155 boolean_t got_netmask = B_FALSE;
2156 boolean_t is_loopback = B_FALSE;
2157 char addrstr4[INET_ADDRSTRLEN];
2158 int res;
2159
2160 res = zonecfg_valid_net_address(nwiftabptr->zone_nwif_address, &lifr);
2161 if (res != Z_OK) {
2162 zerror(zlogp, B_FALSE, "%s: %s", zonecfg_strerror(res),
2163 nwiftabptr->zone_nwif_address);
2164 return (-1);
2165 }
2166 af = lifr.lifr_addr.ss_family;
2167 if (af == AF_INET)
2168 in4 = ((struct sockaddr_in *)(&lifr.lifr_addr))->sin_addr;
2169 if ((s = socket(af, SOCK_DGRAM, 0)) < 0) {
2170 zerror(zlogp, B_TRUE, "could not get socket");
2171 return (-1);
2172 }
2173
2174 /*
2175 * This is a similar kind of "hack" like in addif() to get around
2176 * the problem of SIOCLIFADDIF. The problem is that this ioctl
2177 * does not include the netmask when adding a logical interface.
2178 * To get around this problem, we first add the logical interface
2179 * with a 0 address. After that, we set the netmask if provided.
2180 * Finally we set the interface address.
2181 */
2182 laddr = lifr.lifr_addr;
2183 (void) strlcpy(lifr.lifr_name, nwiftabptr->zone_nwif_physical,
2184 sizeof (lifr.lifr_name));
2185 (void) memset(&lifr.lifr_addr, 0, sizeof (lifr.lifr_addr));
2186
2187 if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
2188 /*
2189 * Here, we know that the interface can't be brought up.
2190 * A similar warning message was already printed out to
2191 * the console by zoneadm(1M) so instead we log the
2192 * message to syslog and continue.
2193 */
2194 zerror(&logsys, B_TRUE, "WARNING: skipping network interface "
2195 "'%s' which may not be present/plumbed in the "
2196 "global zone.", lifr.lifr_name);
2197 (void) close(s);
2198 return (Z_OK);
2199 }
2200
2201 /* Preserve literal IPv4 address for later potential printing. */
2202 if (af == AF_INET)
2203 (void) inet_ntop(AF_INET, &in4, addrstr4, INET_ADDRSTRLEN);
2204
2205 lifr.lifr_zoneid = zone_id;
2206 if (ioctl(s, SIOCSLIFZONE, (caddr_t)&lifr) < 0) {
2207 zerror(zlogp, B_TRUE, "%s: could not place network interface "
2208 "into zone", lifr.lifr_name);
2209 goto bad;
2210 }
2211
2212 /*
2213 * Loopback interface will use the default netmask assigned, if no
2214 * netmask is found.
2215 */
2216 if (strcmp(nwiftabptr->zone_nwif_physical, "lo0") == 0) {
2217 is_loopback = B_TRUE;
2218 }
2219 if (af == AF_INET) {
2220 /*
2221 * The IPv4 netmask can be determined either
2222 * directly if a prefix length was supplied with
2223 * the address or via the netmasks database. Not
2224 * being able to determine it is a common failure,
2225 * but it often is not fatal to operation of the
2226 * interface. In that case, a warning will be
2227 * printed after the rest of the interface's
2228 * parameters have been configured.
2229 */
2230 (void) memset(&netmask4, 0, sizeof (netmask4));
2231 if (slashp != NULL) {
2232 if (addr2netmask(slashp + 1, V4_ADDR_LEN,
2233 (uchar_t *)&netmask4.sin_addr) != 0) {
2234 *slashp = '/';
2235 zerror(zlogp, B_FALSE,
2236 "%s: invalid prefix length in %s",
2237 lifr.lifr_name,
2238 nwiftabptr->zone_nwif_address);
2239 goto bad;
2240 }
2241 got_netmask = B_TRUE;
2242 } else if (getnetmaskbyaddr(in4,
2243 &netmask4.sin_addr) == 0) {
2244 got_netmask = B_TRUE;
2245 }
2246 if (got_netmask) {
2247 netmask4.sin_family = af;
2248 (void) memcpy(&lifr.lifr_addr, &netmask4,
2249 sizeof (netmask4));
2250 }
2251 } else {
2252 (void) memset(&netmask6, 0, sizeof (netmask6));
2253 if (addr2netmask(slashp + 1, V6_ADDR_LEN,
2254 (uchar_t *)&netmask6.sin6_addr) != 0) {
2255 *slashp = '/';
2256 zerror(zlogp, B_FALSE,
2257 "%s: invalid prefix length in %s",
2258 lifr.lifr_name,
2259 nwiftabptr->zone_nwif_address);
2260 goto bad;
2261 }
2262 got_netmask = B_TRUE;
2263 netmask6.sin6_family = af;
2264 (void) memcpy(&lifr.lifr_addr, &netmask6,
2265 sizeof (netmask6));
2266 }
2267 if (got_netmask &&
2268 ioctl(s, SIOCSLIFNETMASK, (caddr_t)&lifr) < 0) {
2269 zerror(zlogp, B_TRUE, "%s: could not set netmask",
2270 lifr.lifr_name);
2271 goto bad;
2272 }
2273
2274 /* Set the interface address */
2275 lifr.lifr_addr = laddr;
2276 if (ioctl(s, SIOCSLIFADDR, (caddr_t)&lifr) < 0) {
2277 zerror(zlogp, B_TRUE,
2278 "%s: could not set IP address to %s",
2279 lifr.lifr_name, nwiftabptr->zone_nwif_address);
2280 goto bad;
2281 }
2282
2283 if (ioctl(s, SIOCGLIFFLAGS, (caddr_t)&lifr) < 0) {
2284 zerror(zlogp, B_TRUE, "%s: could not get flags",
2285 lifr.lifr_name);
2286 goto bad;
2287 }
2288 lifr.lifr_flags |= IFF_UP;
2289 if (ioctl(s, SIOCSLIFFLAGS, (caddr_t)&lifr) < 0) {
2290 int save_errno = errno;
2291 char *zone_using;
2292
2293 /*
2294 * If we failed with something other than EADDRNOTAVAIL,
2295 * then skip to the end. Otherwise, look up our address,
2296 * then call a function to determine which zone is already
2297 * using that address.
2298 */
2299 if (errno != EADDRNOTAVAIL) {
2300 zerror(zlogp, B_TRUE,
2301 "%s: could not bring network interface up",
2302 lifr.lifr_name);
2303 goto bad;
2304 }
2305 if (ioctl(s, SIOCGLIFADDR, (caddr_t)&lifr) < 0) {
2306 zerror(zlogp, B_TRUE, "%s: could not get address",
2307 lifr.lifr_name);
2308 goto bad;
2309 }
2310 zone_using = who_is_using(zlogp, &lifr);
2311 errno = save_errno;
2312 if (zone_using == NULL)
2313 zerror(zlogp, B_TRUE,
2314 "%s: could not bring network interface up",
2315 lifr.lifr_name);
2316 else
2317 zerror(zlogp, B_TRUE, "%s: could not bring network "
2318 "interface up: address in use by zone '%s'",
2319 lifr.lifr_name, zone_using);
2320 goto bad;
2321 }
2322
2323 if (!got_netmask && !is_loopback) {
2324 /*
2325 * A common, but often non-fatal problem, is that the system
2326 * cannot find the netmask for an interface address. This is
2327 * often caused by it being only in /etc/inet/netmasks, but
2328 * /etc/nsswitch.conf says to use NIS or NIS+ and it's not
2329 * in that. This doesn't show up at boot because the netmask
2330 * is obtained from /etc/inet/netmasks when no network
2331 * interfaces are up, but isn't consulted when NIS/NIS+ is
2332 * available. We warn the user here that something like this
2333 * has happened and we're just running with a default and
2334 * possible incorrect netmask.
2335 */
2336 char buffer[INET6_ADDRSTRLEN];
2337 void *addr;
2338 const char *nomatch = "no matching subnet found in netmasks(4)";
2339
2340 if (af == AF_INET)
2341 addr = &((struct sockaddr_in *)
2342 (&lifr.lifr_addr))->sin_addr;
2343 else
2344 addr = &((struct sockaddr_in6 *)
2345 (&lifr.lifr_addr))->sin6_addr;
2346
2347 /*
2348 * Find out what netmask the interface is going to be using.
2349 * If we just brought up an IPMP data address on an underlying
2350 * interface above, the address will have already migrated, so
2351 * the SIOCGLIFNETMASK won't be able to find it (but we need
2352 * to bring the address up to get the actual netmask). Just
2353 * omit printing the actual netmask in this corner-case.
2354 */
2355 if (ioctl(s, SIOCGLIFNETMASK, (caddr_t)&lifr) < 0 ||
2356 inet_ntop(af, addr, buffer, sizeof (buffer)) == NULL) {
2357 zerror(zlogp, B_FALSE, "WARNING: %s; using default.",
2358 nomatch);
2359 } else {
2360 zerror(zlogp, B_FALSE,
2361 "WARNING: %s: %s: %s; using default of %s.",
2362 lifr.lifr_name, nomatch, addrstr4, buffer);
2363 }
2364 }
2365
2366 /*
2367 * If a default router was specified for this interface
2368 * set the route now. Ignore if already set.
2369 */
2370 if (strlen(nwiftabptr->zone_nwif_defrouter) > 0) {
2371 int status;
2372 char *argv[7];
2373
2374 argv[0] = "route";
2375 argv[1] = "add";
2376 argv[2] = "-ifp";
2377 argv[3] = nwiftabptr->zone_nwif_physical;
2378 argv[4] = "default";
2379 argv[5] = nwiftabptr->zone_nwif_defrouter;
2380 argv[6] = NULL;
2381
2382 status = forkexec(zlogp, "/usr/sbin/route", argv);
2383 if (status != 0 && status != EEXIST)
2384 zerror(zlogp, B_FALSE, "Unable to set route for "
2385 "interface %s to %s\n",
2386 nwiftabptr->zone_nwif_physical,
2387 nwiftabptr->zone_nwif_defrouter);
2388 }
2389
2390 (void) close(s);
2391 return (Z_OK);
2392 bad:
2393 (void) ioctl(s, SIOCLIFREMOVEIF, (caddr_t)&lifr);
2394 (void) close(s);
2395 return (-1);
2396 }
2397
2398 /*
2399 * Sets up network interfaces based on information from the zone configuration.
2400 * IPv4 and IPv6 loopback interfaces are set up "for free", modeling the global
2401 * system.
2402 *
2403 * If anything goes wrong, we log a general error message, attempt to tear down
2404 * whatever we set up, and return an error.
2405 */
2406 static int
2407 configure_shared_network_interfaces(zlog_t *zlogp)
2408 {
2409 zone_dochandle_t handle;
2410 struct zone_nwiftab nwiftab, loopback_iftab;
2411 zoneid_t zoneid;
2412
2413 if ((zoneid = getzoneidbyname(zone_name)) == ZONE_ID_UNDEFINED) {
2414 zerror(zlogp, B_TRUE, "unable to get zoneid");
2415 return (-1);
2416 }
2417
2418 if ((handle = zonecfg_init_handle()) == NULL) {
2419 zerror(zlogp, B_TRUE, "getting zone configuration handle");
2420 return (-1);
2421 }
2422 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
2423 zerror(zlogp, B_FALSE, "invalid configuration");
2424 zonecfg_fini_handle(handle);
2425 return (-1);
2426 }
2427 if (zonecfg_setnwifent(handle) == Z_OK) {
2428 for (;;) {
2429 if (zonecfg_getnwifent(handle, &nwiftab) != Z_OK)
2430 break;
2431 if (configure_one_interface(zlogp, zoneid, &nwiftab) !=
2432 Z_OK) {
2433 (void) zonecfg_endnwifent(handle);
2434 zonecfg_fini_handle(handle);
2435 return (-1);
2436 }
2437 }
2438 (void) zonecfg_endnwifent(handle);
2439 }
2440 zonecfg_fini_handle(handle);
2441 if (is_system_labeled()) {
2442 /*
2443 * Labeled zones share the loopback interface
2444 * so it is not plumbed for shared stack instances.
2445 */
2446 return (0);
2447 }
2448 (void) strlcpy(loopback_iftab.zone_nwif_physical, "lo0",
2449 sizeof (loopback_iftab.zone_nwif_physical));
2450 (void) strlcpy(loopback_iftab.zone_nwif_address, "127.0.0.1",
2451 sizeof (loopback_iftab.zone_nwif_address));
2452 loopback_iftab.zone_nwif_defrouter[0] = '\0';
2453 if (configure_one_interface(zlogp, zoneid, &loopback_iftab) != Z_OK)
2454 return (-1);
2455
2456 /* Always plumb up the IPv6 loopback interface. */
2457 (void) strlcpy(loopback_iftab.zone_nwif_address, "::1/128",
2458 sizeof (loopback_iftab.zone_nwif_address));
2459 if (configure_one_interface(zlogp, zoneid, &loopback_iftab) != Z_OK)
2460 return (-1);
2461 return (0);
2462 }
2463
2464 static void
2465 zdlerror(zlog_t *zlogp, dladm_status_t err, const char *dlname, const char *str)
2466 {
2467 char errmsg[DLADM_STRSIZE];
2468
2469 (void) dladm_status2str(err, errmsg);
2470 zerror(zlogp, B_FALSE, "%s '%s': %s", str, dlname, errmsg);
2471 }
2472
2473 static int
2474 add_datalink(zlog_t *zlogp, char *zone_name, datalink_id_t linkid, char *dlname)
2475 {
2476 dladm_status_t err;
2477 boolean_t cpuset, poolset;
2478 char *poolp;
2479
2480 /* First check if it's in use by global zone. */
2481 if (zonecfg_ifname_exists(AF_INET, dlname) ||
2482 zonecfg_ifname_exists(AF_INET6, dlname)) {
2483 zerror(zlogp, B_FALSE, "WARNING: skipping network interface "
2484 "'%s' which is used in the global zone", dlname);
2485 return (-1);
2486 }
2487
2488 /* Set zoneid of this link. */
2489 err = dladm_set_linkprop(dld_handle, linkid, "zone", &zone_name, 1,
2490 DLADM_OPT_ACTIVE);
2491 if (err != DLADM_STATUS_OK) {
2492 zdlerror(zlogp, err, dlname,
2493 "WARNING: unable to add network interface");
2494 return (-1);
2495 }
2496
2497 /*
2498 * Set the pool of this link if the zone has a pool and
2499 * neither the cpus nor the pool datalink property is
2500 * already set.
2501 */
2502 err = dladm_linkprop_is_set(dld_handle, linkid, DLADM_PROP_VAL_CURRENT,
2503 "cpus", &cpuset);
2504 if (err != DLADM_STATUS_OK) {
2505 zdlerror(zlogp, err, dlname,
2506 "WARNING: unable to check if cpus link property is set");
2507 }
2508 err = dladm_linkprop_is_set(dld_handle, linkid, DLADM_PROP_VAL_CURRENT,
2509 "pool", &poolset);
2510 if (err != DLADM_STATUS_OK) {
2511 zdlerror(zlogp, err, dlname,
2512 "WARNING: unable to check if pool link property is set");
2513 }
2514
2515 if ((strlen(pool_name) != 0) && !cpuset && !poolset) {
2516 poolp = pool_name;
2517 err = dladm_set_linkprop(dld_handle, linkid, "pool",
2518 &poolp, 1, DLADM_OPT_ACTIVE);
2519 if (err != DLADM_STATUS_OK) {
2520 zerror(zlogp, B_FALSE, "WARNING: unable to set "
2521 "pool %s to datalink %s", pool_name, dlname);
2522 bzero(pool_name, sizeof (pool_name));
2523 }
2524 } else {
2525 bzero(pool_name, sizeof (pool_name));
2526 }
2527 return (0);
2528 }
2529
2530 static boolean_t
2531 sockaddr_to_str(sa_family_t af, const struct sockaddr *sockaddr,
2532 char *straddr, size_t len)
2533 {
2534 struct sockaddr_in *sin;
2535 struct sockaddr_in6 *sin6;
2536 const char *str = NULL;
2537
2538 if (af == AF_INET) {
2539 /* LINTED E_BAD_PTR_CAST_ALIGN */
2540 sin = SIN(sockaddr);
2541 str = inet_ntop(AF_INET, (void *)&sin->sin_addr, straddr, len);
2542 } else if (af == AF_INET6) {
2543 /* LINTED E_BAD_PTR_CAST_ALIGN */
2544 sin6 = SIN6(sockaddr);
2545 str = inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, straddr,
2546 len);
2547 }
2548
2549 return (str != NULL);
2550 }
2551
2552 static int
2553 ipv4_prefixlen(struct sockaddr_in *sin)
2554 {
2555 struct sockaddr_in *m;
2556 struct sockaddr_storage mask;
2557
2558 m = SIN(&mask);
2559 m->sin_family = AF_INET;
2560 if (getnetmaskbyaddr(sin->sin_addr, &m->sin_addr) == 0) {
2561 return (mask2plen((struct sockaddr *)&mask));
2562 } else if (IN_CLASSA(htonl(sin->sin_addr.s_addr))) {
2563 return (8);
2564 } else if (IN_CLASSB(ntohl(sin->sin_addr.s_addr))) {
2565 return (16);
2566 } else if (IN_CLASSC(ntohl(sin->sin_addr.s_addr))) {
2567 return (24);
2568 }
2569 return (0);
2570 }
2571
2572 static int
2573 zone_setattr_network(int type, zoneid_t zoneid, datalink_id_t linkid,
2574 void *buf, size_t bufsize)
2575 {
2576 zone_net_data_t *zndata;
2577 size_t znsize;
2578 int err;
2579
2580 znsize = sizeof (*zndata) + bufsize;
2581 zndata = calloc(1, znsize);
2582 if (zndata == NULL)
2583 return (ENOMEM);
2584 zndata->zn_type = type;
2585 zndata->zn_len = bufsize;
2586 zndata->zn_linkid = linkid;
2587 bcopy(buf, zndata->zn_val, zndata->zn_len);
2588 err = zone_setattr(zoneid, ZONE_ATTR_NETWORK, zndata, znsize);
2589 free(zndata);
2590 return (err);
2591 }
2592
2593 static int
2594 add_net_for_linkid(zlog_t *zlogp, zoneid_t zoneid, zone_addr_list_t *start)
2595 {
2596 struct lifreq lifr;
2597 char **astr, *address;
2598 dladm_status_t dlstatus;
2599 char *ip_nospoof = "ip-nospoof";
2600 int nnet, naddr, err = 0, j;
2601 size_t zlen, cpleft;
2602 zone_addr_list_t *ptr, *end;
2603 char tmp[INET6_ADDRSTRLEN], *maskstr;
2604 char *zaddr, *cp;
2605 struct in6_addr *routes = NULL;
2606 boolean_t is_set;
2607 datalink_id_t linkid;
2608
2609 assert(start != NULL);
2610 naddr = 0; /* number of addresses */
2611 nnet = 0; /* number of net resources */
2612 linkid = start->za_linkid;
2613 for (ptr = start; ptr != NULL && ptr->za_linkid == linkid;
2614 ptr = ptr->za_next) {
2615 nnet++;
2616 }
2617 end = ptr;
2618 zlen = nnet * (INET6_ADDRSTRLEN + 1);
2619 astr = calloc(1, nnet * sizeof (uintptr_t));
2620 zaddr = calloc(1, zlen);
2621 if (astr == NULL || zaddr == NULL) {
2622 err = ENOMEM;
2623 goto done;
2624 }
2625 cp = zaddr;
2626 cpleft = zlen;
2627 j = 0;
2628 for (ptr = start; ptr != end; ptr = ptr->za_next) {
2629 address = ptr->za_nwiftab.zone_nwif_allowed_address;
2630 if (address[0] == '\0')
2631 continue;
2632 (void) snprintf(tmp, sizeof (tmp), "%s", address);
2633 /*
2634 * Validate the data. zonecfg_valid_net_address() clobbers
2635 * the /<mask> in the address string.
2636 */
2637 if (zonecfg_valid_net_address(address, &lifr) != Z_OK) {
2638 zerror(zlogp, B_FALSE, "invalid address [%s]\n",
2639 address);
2640 err = EINVAL;
2641 goto done;
2642 }
2643 /*
2644 * convert any hostnames to numeric address strings.
2645 */
2646 if (!sockaddr_to_str(lifr.lifr_addr.ss_family,
2647 (const struct sockaddr *)&lifr.lifr_addr, cp, cpleft)) {
2648 err = EINVAL;
2649 goto done;
2650 }
2651 /*
2652 * make a copy of the numeric string for the data needed
2653 * by the "allowed-ips" datalink property.
2654 */
2655 astr[j] = strdup(cp);
2656 if (astr[j] == NULL) {
2657 err = ENOMEM;
2658 goto done;
2659 }
2660 j++;
2661 /*
2662 * compute the default netmask from the address, if necessary
2663 */
2664 if ((maskstr = strchr(tmp, '/')) == NULL) {
2665 int prefixlen;
2666
2667 if (lifr.lifr_addr.ss_family == AF_INET) {
2668 prefixlen = ipv4_prefixlen(
2669 SIN(&lifr.lifr_addr));
2670 } else {
2671 struct sockaddr_in6 *sin6;
2672
2673 sin6 = SIN6(&lifr.lifr_addr);
2674 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
2675 prefixlen = 10;
2676 else
2677 prefixlen = 64;
2678 }
2679 (void) snprintf(tmp, sizeof (tmp), "%d", prefixlen);
2680 maskstr = tmp;
2681 } else {
2682 maskstr++;
2683 }
2684 /* append the "/<netmask>" */
2685 (void) strlcat(cp, "/", cpleft);
2686 (void) strlcat(cp, maskstr, cpleft);
2687 (void) strlcat(cp, ",", cpleft);
2688 cp += strnlen(cp, zlen);
2689 cpleft = &zaddr[INET6_ADDRSTRLEN] - cp;
2690 }
2691 naddr = j; /* the actual number of addresses in the net resource */
2692 assert(naddr <= nnet);
2693
2694 /*
2695 * zonecfg has already verified that the defrouter property can only
2696 * be set if there is at least one address defined for the net resource.
2697 * If j is 0, there are no addresses defined, and therefore no routers
2698 * to configure, and we are done at that point.
2699 */
2700 if (j == 0)
2701 goto done;
2702
2703 /* over-write last ',' with '\0' */
2704 zaddr[strnlen(zaddr, zlen) + 1] = '\0';
2705
2706 /*
2707 * First make sure L3 protection is not already set on the link.
2708 */
2709 dlstatus = dladm_linkprop_is_set(dld_handle, linkid, DLADM_OPT_ACTIVE,
2710 "protection", &is_set);
2711 if (dlstatus != DLADM_STATUS_OK) {
2712 err = EINVAL;
2713 zerror(zlogp, B_FALSE, "unable to check if protection is set");
2714 goto done;
2715 }
2716 if (is_set) {
2717 err = EINVAL;
2718 zerror(zlogp, B_FALSE, "Protection is already set");
2719 goto done;
2720 }
2721 dlstatus = dladm_linkprop_is_set(dld_handle, linkid, DLADM_OPT_ACTIVE,
2722 "allowed-ips", &is_set);
2723 if (dlstatus != DLADM_STATUS_OK) {
2724 err = EINVAL;
2725 zerror(zlogp, B_FALSE, "unable to check if allowed-ips is set");
2726 goto done;
2727 }
2728 if (is_set) {
2729 zerror(zlogp, B_FALSE, "allowed-ips is already set");
2730 err = EINVAL;
2731 goto done;
2732 }
2733
2734 /*
2735 * Enable ip-nospoof for the link, and add address to the allowed-ips
2736 * list.
2737 */
2738 dlstatus = dladm_set_linkprop(dld_handle, linkid, "protection",
2739 &ip_nospoof, 1, DLADM_OPT_ACTIVE);
2740 if (dlstatus != DLADM_STATUS_OK) {
2741 zerror(zlogp, B_FALSE, "could not set protection\n");
2742 err = EINVAL;
2743 goto done;
2744 }
2745 dlstatus = dladm_set_linkprop(dld_handle, linkid, "allowed-ips",
2746 astr, naddr, DLADM_OPT_ACTIVE);
2747 if (dlstatus != DLADM_STATUS_OK) {
2748 zerror(zlogp, B_FALSE, "could not set allowed-ips\n");
2749 err = EINVAL;
2750 goto done;
2751 }
2752
2753 /* now set the address in the data-store */
2754 err = zone_setattr_network(ZONE_NETWORK_ADDRESS, zoneid, linkid,
2755 zaddr, strnlen(zaddr, zlen) + 1);
2756 if (err != 0)
2757 goto done;
2758
2759 /*
2760 * add the defaultrouters
2761 */
2762 routes = calloc(1, nnet * sizeof (*routes));
2763 j = 0;
2764 for (ptr = start; ptr != end; ptr = ptr->za_next) {
2765 address = ptr->za_nwiftab.zone_nwif_defrouter;
2766 if (address[0] == '\0')
2767 continue;
2768 if (strchr(address, '/') == NULL && strchr(address, ':') != 0) {
2769 /*
2770 * zonecfg_valid_net_address() expects numeric IPv6
2771 * addresses to have a CIDR format netmask.
2772 */
2773 (void) snprintf(tmp, sizeof (tmp), "/%d", V6_ADDR_LEN);
2774 (void) strlcat(address, tmp, INET6_ADDRSTRLEN);
2775 }
2776 if (zonecfg_valid_net_address(address, &lifr) != Z_OK) {
2777 zerror(zlogp, B_FALSE,
2778 "invalid router [%s]\n", address);
2779 err = EINVAL;
2780 goto done;
2781 }
2782 if (lifr.lifr_addr.ss_family == AF_INET6) {
2783 routes[j] = SIN6(&lifr.lifr_addr)->sin6_addr;
2784 } else {
2785 IN6_INADDR_TO_V4MAPPED(&SIN(&lifr.lifr_addr)->sin_addr,
2786 &routes[j]);
2787 }
2788 j++;
2789 }
2790 assert(j <= nnet);
2791 if (j > 0) {
2792 err = zone_setattr_network(ZONE_NETWORK_DEFROUTER, zoneid,
2793 linkid, routes, j * sizeof (*routes));
2794 }
2795 done:
2796 free(routes);
2797 for (j = 0; j < naddr; j++)
2798 free(astr[j]);
2799 free(astr);
2800 free(zaddr);
2801 return (err);
2802
2803 }
2804
2805 static int
2806 add_net(zlog_t *zlogp, zoneid_t zoneid, zone_addr_list_t *zalist)
2807 {
2808 zone_addr_list_t *ptr;
2809 datalink_id_t linkid;
2810 int err;
2811
2812 if (zalist == NULL)
2813 return (0);
2814
2815 linkid = zalist->za_linkid;
2816
2817 err = add_net_for_linkid(zlogp, zoneid, zalist);
2818 if (err != 0)
2819 return (err);
2820
2821 for (ptr = zalist; ptr != NULL; ptr = ptr->za_next) {
2822 if (ptr->za_linkid == linkid)
2823 continue;
2824 linkid = ptr->za_linkid;
2825 err = add_net_for_linkid(zlogp, zoneid, ptr);
2826 if (err != 0)
2827 return (err);
2828 }
2829 return (0);
2830 }
2831
2832 /*
2833 * Add "new" to the list of network interfaces to be configured by
2834 * add_net on zone boot in "old". The list of interfaces in "old" is
2835 * sorted by datalink_id_t, with interfaces sorted FIFO for a given
2836 * datalink_id_t.
2837 *
2838 * Returns the merged list of IP interfaces containing "old" and "new"
2839 */
2840 static zone_addr_list_t *
2841 add_ip_interface(zone_addr_list_t *old, zone_addr_list_t *new)
2842 {
2843 zone_addr_list_t *ptr, *next;
2844 datalink_id_t linkid = new->za_linkid;
2845
2846 assert(old != new);
2847
2848 if (old == NULL)
2849 return (new);
2850 for (ptr = old; ptr != NULL; ptr = ptr->za_next) {
2851 if (ptr->za_linkid == linkid)
2852 break;
2853 }
2854 if (ptr == NULL) {
2855 /* linkid does not already exist, add to the beginning */
2856 new->za_next = old;
2857 return (new);
2858 }
2859 /*
2860 * adding to the middle of the list; ptr points at the first
2861 * occurrence of linkid. Find the last occurrence.
2862 */
2863 while ((next = ptr->za_next) != NULL) {
2864 if (next->za_linkid != linkid)
2865 break;
2866 ptr = next;
2867 }
2868 /* insert new after ptr */
2869 new->za_next = next;
2870 ptr->za_next = new;
2871 return (old);
2872 }
2873
2874 void
2875 free_ip_interface(zone_addr_list_t *zalist)
2876 {
2877 zone_addr_list_t *ptr, *new;
2878
2879 for (ptr = zalist; ptr != NULL; ) {
2880 new = ptr;
2881 ptr = ptr->za_next;
2882 free(new);
2883 }
2884 }
2885
2886 /*
2887 * Add the kernel access control information for the interface names.
2888 * If anything goes wrong, we log a general error message, attempt to tear down
2889 * whatever we set up, and return an error.
2890 */
2891 static int
2892 configure_exclusive_network_interfaces(zlog_t *zlogp, zoneid_t zoneid)
2893 {
2894 zone_dochandle_t handle;
2895 struct zone_nwiftab nwiftab;
2896 char rootpath[MAXPATHLEN];
2897 char path[MAXPATHLEN];
2898 datalink_id_t linkid;
2899 di_prof_t prof = NULL;
2900 boolean_t added = B_FALSE;
2901 zone_addr_list_t *zalist = NULL, *new;
2902
2903 if ((handle = zonecfg_init_handle()) == NULL) {
2904 zerror(zlogp, B_TRUE, "getting zone configuration handle");
2905 return (-1);
2906 }
2907 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
2908 zerror(zlogp, B_FALSE, "invalid configuration");
2909 zonecfg_fini_handle(handle);
2910 return (-1);
2911 }
2912
2913 if (zonecfg_setnwifent(handle) != Z_OK) {
2914 zonecfg_fini_handle(handle);
2915 return (0);
2916 }
2917
2918 for (;;) {
2919 if (zonecfg_getnwifent(handle, &nwiftab) != Z_OK)
2920 break;
2921
2922 if (prof == NULL) {
2923 if (zone_get_devroot(zone_name, rootpath,
2924 sizeof (rootpath)) != Z_OK) {
2925 (void) zonecfg_endnwifent(handle);
2926 zonecfg_fini_handle(handle);
2927 zerror(zlogp, B_TRUE,
2928 "unable to determine dev root");
2929 return (-1);
2930 }
2931 (void) snprintf(path, sizeof (path), "%s%s", rootpath,
2932 "/dev");
2933 if (di_prof_init(path, &prof) != 0) {
2934 (void) zonecfg_endnwifent(handle);
2935 zonecfg_fini_handle(handle);
2936 zerror(zlogp, B_TRUE,
2937 "failed to initialize profile");
2938 return (-1);
2939 }
2940 }
2941
2942 /*
2943 * Create the /dev entry for backward compatibility.
2944 * Only create the /dev entry if it's not in use.
2945 * Note that the zone still boots when the assigned
2946 * interface is inaccessible, used by others, etc.
2947 * Also, when vanity naming is used, some interface do
2948 * do not have corresponding /dev node names (for example,
2949 * vanity named aggregations). The /dev entry is not
2950 * created in that case. The /dev/net entry is always
2951 * accessible.
2952 */
2953 if (dladm_name2info(dld_handle, nwiftab.zone_nwif_physical,
2954 &linkid, NULL, NULL, NULL) == DLADM_STATUS_OK &&
2955 add_datalink(zlogp, zone_name, linkid,
2956 nwiftab.zone_nwif_physical) == 0) {
2957 added = B_TRUE;
2958 } else {
2959 (void) zonecfg_endnwifent(handle);
2960 zonecfg_fini_handle(handle);
2961 zerror(zlogp, B_TRUE, "failed to add network device");
2962 return (-1);
2963 }
2964 /* set up the new IP interface, and add them all later */
2965 new = malloc(sizeof (*new));
2966 if (new == NULL) {
2967 zerror(zlogp, B_TRUE, "no memory for %s",
2968 nwiftab.zone_nwif_physical);
2969 zonecfg_fini_handle(handle);
2970 free_ip_interface(zalist);
2971 }
2972 bzero(new, sizeof (*new));
2973 new->za_nwiftab = nwiftab;
2974 new->za_linkid = linkid;
2975 zalist = add_ip_interface(zalist, new);
2976 }
2977 if (zalist != NULL) {
2978 if ((errno = add_net(zlogp, zoneid, zalist)) != 0) {
2979 (void) zonecfg_endnwifent(handle);
2980 zonecfg_fini_handle(handle);
2981 zerror(zlogp, B_TRUE, "failed to add address");
2982 free_ip_interface(zalist);
2983 return (-1);
2984 }
2985 free_ip_interface(zalist);
2986 }
2987 (void) zonecfg_endnwifent(handle);
2988 zonecfg_fini_handle(handle);
2989
2990 if (prof != NULL && added) {
2991 if (di_prof_commit(prof) != 0) {
2992 zerror(zlogp, B_TRUE, "failed to commit profile");
2993 return (-1);
2994 }
2995 }
2996 if (prof != NULL)
2997 di_prof_fini(prof);
2998
2999 return (0);
3000 }
3001
3002 static int
3003 remove_datalink_pool(zlog_t *zlogp, zoneid_t zoneid)
3004 {
3005 ushort_t flags;
3006 zone_iptype_t iptype;
3007 int i, dlnum = 0;
3008 datalink_id_t *dllink, *dllinks = NULL;
3009 dladm_status_t err;
3010
3011 if (strlen(pool_name) == 0)
3012 return (0);
3013
3014 if (zone_getattr(zoneid, ZONE_ATTR_FLAGS, &flags,
3015 sizeof (flags)) < 0) {
3016 if (vplat_get_iptype(zlogp, &iptype) < 0) {
3017 zerror(zlogp, B_FALSE, "unable to determine ip-type");
3018 return (-1);
3019 }
3020 } else {
3021 if (flags & ZF_NET_EXCL)
3022 iptype = ZS_EXCLUSIVE;
3023 else
3024 iptype = ZS_SHARED;
3025 }
3026
3027 if (iptype == ZS_EXCLUSIVE) {
3028 /*
3029 * Get the datalink count and for each datalink,
3030 * attempt to clear the pool property and clear
3031 * the pool_name.
3032 */
3033 if (zone_list_datalink(zoneid, &dlnum, NULL) != 0) {
3034 zerror(zlogp, B_TRUE, "unable to count network "
3035 "interfaces");
3036 return (-1);
3037 }
3038
3039 if (dlnum == 0)
3040 return (0);
3041
3042 if ((dllinks = malloc(dlnum * sizeof (datalink_id_t)))
3043 == NULL) {
3044 zerror(zlogp, B_TRUE, "memory allocation failed");
3045 return (-1);
3046 }
3047 if (zone_list_datalink(zoneid, &dlnum, dllinks) != 0) {
3048 zerror(zlogp, B_TRUE, "unable to list network "
3049 "interfaces");
3050 return (-1);
3051 }
3052
3053 bzero(pool_name, sizeof (pool_name));
3054 for (i = 0, dllink = dllinks; i < dlnum; i++, dllink++) {
3055 err = dladm_set_linkprop(dld_handle, *dllink, "pool",
3056 NULL, 0, DLADM_OPT_ACTIVE);
3057 if (err != DLADM_STATUS_OK) {
3058 zerror(zlogp, B_TRUE,
3059 "WARNING: unable to clear pool");
3060 }
3061 }
3062 free(dllinks);
3063 }
3064 return (0);
3065 }
3066
3067 static int
3068 remove_datalink_protect(zlog_t *zlogp, zoneid_t zoneid)
3069 {
3070 ushort_t flags;
3071 zone_iptype_t iptype;
3072 int i, dlnum = 0;
3073 dladm_status_t dlstatus;
3074 datalink_id_t *dllink, *dllinks = NULL;
3075
3076 if (zone_getattr(zoneid, ZONE_ATTR_FLAGS, &flags,
3077 sizeof (flags)) < 0) {
3078 if (vplat_get_iptype(zlogp, &iptype) < 0) {
3079 zerror(zlogp, B_FALSE, "unable to determine ip-type");
3080 return (-1);
3081 }
3082 } else {
3083 if (flags & ZF_NET_EXCL)
3084 iptype = ZS_EXCLUSIVE;
3085 else
3086 iptype = ZS_SHARED;
3087 }
3088
3089 if (iptype != ZS_EXCLUSIVE)
3090 return (0);
3091
3092 /*
3093 * Get the datalink count and for each datalink,
3094 * attempt to clear the pool property and clear
3095 * the pool_name.
3096 */
3097 if (zone_list_datalink(zoneid, &dlnum, NULL) != 0) {
3098 zerror(zlogp, B_TRUE, "unable to count network interfaces");
3099 return (-1);
3100 }
3101
3102 if (dlnum == 0)
3103 return (0);
3104
3105 if ((dllinks = malloc(dlnum * sizeof (datalink_id_t))) == NULL) {
3106 zerror(zlogp, B_TRUE, "memory allocation failed");
3107 return (-1);
3108 }
3109 if (zone_list_datalink(zoneid, &dlnum, dllinks) != 0) {
3110 zerror(zlogp, B_TRUE, "unable to list network interfaces");
3111 free(dllinks);
3112 return (-1);
3113 }
3114
3115 for (i = 0, dllink = dllinks; i < dlnum; i++, dllink++) {
3116 char dlerr[DLADM_STRSIZE];
3117
3118 dlstatus = dladm_set_linkprop(dld_handle, *dllink,
3119 "protection", NULL, 0, DLADM_OPT_ACTIVE);
3120 if (dlstatus == DLADM_STATUS_NOTFOUND) {
3121 /* datalink does not belong to the GZ */
3122 continue;
3123 }
3124 if (dlstatus != DLADM_STATUS_OK) {
3125 zerror(zlogp, B_FALSE,
3126 dladm_status2str(dlstatus, dlerr));
3127 free(dllinks);
3128 return (-1);
3129 }
3130 dlstatus = dladm_set_linkprop(dld_handle, *dllink,
3131 "allowed-ips", NULL, 0, DLADM_OPT_ACTIVE);
3132 if (dlstatus != DLADM_STATUS_OK) {
3133 zerror(zlogp, B_FALSE,
3134 dladm_status2str(dlstatus, dlerr));
3135 free(dllinks);
3136 return (-1);
3137 }
3138 }
3139 free(dllinks);
3140 return (0);
3141 }
3142
3143 static int
3144 unconfigure_exclusive_network_interfaces(zlog_t *zlogp, zoneid_t zoneid)
3145 {
3146 int dlnum = 0;
3147
3148 /*
3149 * The kernel shutdown callback for the dls module should have removed
3150 * all datalinks from this zone. If any remain, then there's a
3151 * problem.
3152 */
3153 if (zone_list_datalink(zoneid, &dlnum, NULL) != 0) {
3154 zerror(zlogp, B_TRUE, "unable to list network interfaces");
3155 return (-1);
3156 }
3157 if (dlnum != 0) {
3158 zerror(zlogp, B_FALSE,
3159 "datalinks remain in zone after shutdown");
3160 return (-1);
3161 }
3162 return (0);
3163 }
3164
3165 static int
3166 tcp_abort_conn(zlog_t *zlogp, zoneid_t zoneid,
3167 const struct sockaddr_storage *local, const struct sockaddr_storage *remote)
3168 {
3169 int fd;
3170 struct strioctl ioc;
3171 tcp_ioc_abort_conn_t conn;
3172 int error;
3173
3174 conn.ac_local = *local;
3175 conn.ac_remote = *remote;
3176 conn.ac_start = TCPS_SYN_SENT;
3177 conn.ac_end = TCPS_TIME_WAIT;
3178 conn.ac_zoneid = zoneid;
3179
3180 ioc.ic_cmd = TCP_IOC_ABORT_CONN;
3181 ioc.ic_timout = -1; /* infinite timeout */
3182 ioc.ic_len = sizeof (conn);
3183 ioc.ic_dp = (char *)&conn;
3184
3185 if ((fd = open("/dev/tcp", O_RDONLY)) < 0) {
3186 zerror(zlogp, B_TRUE, "unable to open %s", "/dev/tcp");
3187 return (-1);
3188 }
3189
3190 error = ioctl(fd, I_STR, &ioc);
3191 (void) close(fd);
3192 if (error == 0 || errno == ENOENT) /* ENOENT is not an error */
3193 return (0);
3194 return (-1);
3195 }
3196
3197 static int
3198 tcp_abort_connections(zlog_t *zlogp, zoneid_t zoneid)
3199 {
3200 struct sockaddr_storage l, r;
3201 struct sockaddr_in *local, *remote;
3202 struct sockaddr_in6 *local6, *remote6;
3203 int error;
3204
3205 /*
3206 * Abort IPv4 connections.
3207 */
3208 bzero(&l, sizeof (*local));
3209 local = (struct sockaddr_in *)&l;
3210 local->sin_family = AF_INET;
3211 local->sin_addr.s_addr = INADDR_ANY;
3212 local->sin_port = 0;
3213
3214 bzero(&r, sizeof (*remote));
3215 remote = (struct sockaddr_in *)&r;
3216 remote->sin_family = AF_INET;
3217 remote->sin_addr.s_addr = INADDR_ANY;
3218 remote->sin_port = 0;
3219
3220 if ((error = tcp_abort_conn(zlogp, zoneid, &l, &r)) != 0)
3221 return (error);
3222
3223 /*
3224 * Abort IPv6 connections.
3225 */
3226 bzero(&l, sizeof (*local6));
3227 local6 = (struct sockaddr_in6 *)&l;
3228 local6->sin6_family = AF_INET6;
3229 local6->sin6_port = 0;
3230 local6->sin6_addr = in6addr_any;
3231
3232 bzero(&r, sizeof (*remote6));
3233 remote6 = (struct sockaddr_in6 *)&r;
3234 remote6->sin6_family = AF_INET6;
3235 remote6->sin6_port = 0;
3236 remote6->sin6_addr = in6addr_any;
3237
3238 if ((error = tcp_abort_conn(zlogp, zoneid, &l, &r)) != 0)
3239 return (error);
3240 return (0);
3241 }
3242
3243 static int
3244 get_privset(zlog_t *zlogp, priv_set_t *privs, zone_mnt_t mount_cmd)
3245 {
3246 int error = -1;
3247 zone_dochandle_t handle;
3248 char *privname = NULL;
3249
3250 if ((handle = zonecfg_init_handle()) == NULL) {
3251 zerror(zlogp, B_TRUE, "getting zone configuration handle");
3252 return (-1);
3253 }
3254 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
3255 zerror(zlogp, B_FALSE, "invalid configuration");
3256 zonecfg_fini_handle(handle);
3257 return (-1);
3258 }
3259
3260 if (ALT_MOUNT(mount_cmd)) {
3261 zone_iptype_t iptype;
3262 const char *curr_iptype;
3263
3264 if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
3265 zerror(zlogp, B_TRUE, "unable to determine ip-type");
3266 zonecfg_fini_handle(handle);
3267 return (-1);
3268 }
3269
3270 switch (iptype) {
3271 case ZS_SHARED:
3272 curr_iptype = "shared";
3273 break;
3274 case ZS_EXCLUSIVE:
3275 curr_iptype = "exclusive";
3276 break;
3277 }
3278
3279 if (zonecfg_default_privset(privs, curr_iptype) == Z_OK) {
3280 zonecfg_fini_handle(handle);
3281 return (0);
3282 }
3283 zerror(zlogp, B_FALSE,
3284 "failed to determine the zone's default privilege set");
3285 zonecfg_fini_handle(handle);
3286 return (-1);
3287 }
3288
3289 switch (zonecfg_get_privset(handle, privs, &privname)) {
3290 case Z_OK:
3291 error = 0;
3292 break;
3293 case Z_PRIV_PROHIBITED:
3294 zerror(zlogp, B_FALSE, "privilege \"%s\" is not permitted "
3295 "within the zone's privilege set", privname);
3296 break;
3297 case Z_PRIV_REQUIRED:
3298 zerror(zlogp, B_FALSE, "required privilege \"%s\" is missing "
3299 "from the zone's privilege set", privname);
3300 break;
3301 case Z_PRIV_UNKNOWN:
3302 zerror(zlogp, B_FALSE, "unknown privilege \"%s\" specified "
3303 "in the zone's privilege set", privname);
3304 break;
3305 default:
3306 zerror(zlogp, B_FALSE, "failed to determine the zone's "
3307 "privilege set");
3308 break;
3309 }
3310
3311 free(privname);
3312 zonecfg_fini_handle(handle);
3313 return (error);
3314 }
3315
3316 static int
3317 get_rctls(zlog_t *zlogp, char **bufp, size_t *bufsizep)
3318 {
3319 nvlist_t *nvl = NULL;
3320 char *nvl_packed = NULL;
3321 size_t nvl_size = 0;
3322 nvlist_t **nvlv = NULL;
3323 int rctlcount = 0;
3324 int error = -1;
3325 zone_dochandle_t handle;
3326 struct zone_rctltab rctltab;
3327 rctlblk_t *rctlblk = NULL;
3328 uint64_t maxlwps;
3329 uint64_t maxprocs;
3330
3331 *bufp = NULL;
3332 *bufsizep = 0;
3333
3334 if ((handle = zonecfg_init_handle()) == NULL) {
3335 zerror(zlogp, B_TRUE, "getting zone configuration handle");
3336 return (-1);
3337 }
3338 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
3339 zerror(zlogp, B_FALSE, "invalid configuration");
3340 zonecfg_fini_handle(handle);
3341 return (-1);
3342 }
3343
3344 rctltab.zone_rctl_valptr = NULL;
3345 if (nvlist_alloc(&nvl, NV_UNIQUE_NAME, 0) != 0) {
3346 zerror(zlogp, B_TRUE, "%s failed", "nvlist_alloc");
3347 goto out;
3348 }
3349
3350 /*
3351 * Allow the administrator to control both the maximum number of
3352 * process table slots and the maximum number of lwps with just the
3353 * max-processes property. If only the max-processes property is set,
3354 * we add a max-lwps property with a limit derived from max-processes.
3355 */
3356 if (zonecfg_get_aliased_rctl(handle, ALIAS_MAXPROCS, &maxprocs)
3357 == Z_OK &&
3358 zonecfg_get_aliased_rctl(handle, ALIAS_MAXLWPS, &maxlwps)
3359 == Z_NO_ENTRY) {
3360 if (zonecfg_set_aliased_rctl(handle, ALIAS_MAXLWPS,
3361 maxprocs * LWPS_PER_PROCESS) != Z_OK) {
3362 zerror(zlogp, B_FALSE, "unable to set max-lwps alias");
3363 goto out;
3364 }
3365 }
3366
3367 if (zonecfg_setrctlent(handle) != Z_OK) {
3368 zerror(zlogp, B_FALSE, "%s failed", "zonecfg_setrctlent");
3369 goto out;
3370 }
3371
3372 if ((rctlblk = malloc(rctlblk_size())) == NULL) {
3373 zerror(zlogp, B_TRUE, "memory allocation failed");
3374 goto out;
3375 }
3376 while (zonecfg_getrctlent(handle, &rctltab) == Z_OK) {
3377 struct zone_rctlvaltab *rctlval;
3378 uint_t i, count;
3379 const char *name = rctltab.zone_rctl_name;
3380
3381 /* zoneadm should have already warned about unknown rctls. */
3382 if (!zonecfg_is_rctl(name)) {
3383 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3384 rctltab.zone_rctl_valptr = NULL;
3385 continue;
3386 }
3387 count = 0;
3388 for (rctlval = rctltab.zone_rctl_valptr; rctlval != NULL;
3389 rctlval = rctlval->zone_rctlval_next) {
3390 count++;
3391 }
3392 if (count == 0) { /* ignore */
3393 continue; /* Nothing to free */
3394 }
3395 if ((nvlv = malloc(sizeof (*nvlv) * count)) == NULL)
3396 goto out;
3397 i = 0;
3398 for (rctlval = rctltab.zone_rctl_valptr; rctlval != NULL;
3399 rctlval = rctlval->zone_rctlval_next, i++) {
3400 if (nvlist_alloc(&nvlv[i], NV_UNIQUE_NAME, 0) != 0) {
3401 zerror(zlogp, B_TRUE, "%s failed",
3402 "nvlist_alloc");
3403 goto out;
3404 }
3405 if (zonecfg_construct_rctlblk(rctlval, rctlblk)
3406 != Z_OK) {
3407 zerror(zlogp, B_FALSE, "invalid rctl value: "
3408 "(priv=%s,limit=%s,action=%s)",
3409 rctlval->zone_rctlval_priv,
3410 rctlval->zone_rctlval_limit,
3411 rctlval->zone_rctlval_action);
3412 goto out;
3413 }
3414 if (!zonecfg_valid_rctl(name, rctlblk)) {
3415 zerror(zlogp, B_FALSE,
3416 "(priv=%s,limit=%s,action=%s) is not a "
3417 "valid value for rctl '%s'",
3418 rctlval->zone_rctlval_priv,
3419 rctlval->zone_rctlval_limit,
3420 rctlval->zone_rctlval_action,
3421 name);
3422 goto out;
3423 }
3424 if (nvlist_add_uint64(nvlv[i], "privilege",
3425 rctlblk_get_privilege(rctlblk)) != 0) {
3426 zerror(zlogp, B_FALSE, "%s failed",
3427 "nvlist_add_uint64");
3428 goto out;
3429 }
3430 if (nvlist_add_uint64(nvlv[i], "limit",
3431 rctlblk_get_value(rctlblk)) != 0) {
3432 zerror(zlogp, B_FALSE, "%s failed",
3433 "nvlist_add_uint64");
3434 goto out;
3435 }
3436 if (nvlist_add_uint64(nvlv[i], "action",
3437 (uint_t)rctlblk_get_local_action(rctlblk, NULL))
3438 != 0) {
3439 zerror(zlogp, B_FALSE, "%s failed",
3440 "nvlist_add_uint64");
3441 goto out;
3442 }
3443 }
3444 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3445 rctltab.zone_rctl_valptr = NULL;
3446 if (nvlist_add_nvlist_array(nvl, (char *)name, nvlv, count)
3447 != 0) {
3448 zerror(zlogp, B_FALSE, "%s failed",
3449 "nvlist_add_nvlist_array");
3450 goto out;
3451 }
3452 for (i = 0; i < count; i++)
3453 nvlist_free(nvlv[i]);
3454 free(nvlv);
3455 nvlv = NULL;
3456 rctlcount++;
3457 }
3458 (void) zonecfg_endrctlent(handle);
3459
3460 if (rctlcount == 0) {
3461 error = 0;
3462 goto out;
3463 }
3464 if (nvlist_pack(nvl, &nvl_packed, &nvl_size, NV_ENCODE_NATIVE, 0)
3465 != 0) {
3466 zerror(zlogp, B_FALSE, "%s failed", "nvlist_pack");
3467 goto out;
3468 }
3469
3470 error = 0;
3471 *bufp = nvl_packed;
3472 *bufsizep = nvl_size;
3473
3474 out:
3475 free(rctlblk);
3476 zonecfg_free_rctl_value_list(rctltab.zone_rctl_valptr);
3477 if (error && nvl_packed != NULL)
3478 free(nvl_packed);
3479 if (nvl != NULL)
3480 nvlist_free(nvl);
3481 if (nvlv != NULL)
3482 free(nvlv);
3483 if (handle != NULL)
3484 zonecfg_fini_handle(handle);
3485 return (error);
3486 }
3487
3488 static int
3489 get_implicit_datasets(zlog_t *zlogp, char **retstr)
3490 {
3491 char cmdbuf[2 * MAXPATHLEN];
3492
3493 if (query_hook[0] == '\0')
3494 return (0);
3495
3496 if (snprintf(cmdbuf, sizeof (cmdbuf), "%s datasets", query_hook)
3497 > sizeof (cmdbuf))
3498 return (-1);
3499
3500 if (do_subproc(zlogp, cmdbuf, retstr) != 0)
3501 return (-1);
3502
3503 return (0);
3504 }
3505
3506 static int
3507 get_datasets(zlog_t *zlogp, char **bufp, size_t *bufsizep)
3508 {
3509 zone_dochandle_t handle;
3510 struct zone_dstab dstab;
3511 size_t total, offset, len;
3512 int error = -1;
3513 char *str = NULL;
3514 char *implicit_datasets = NULL;
3515 int implicit_len = 0;
3516
3517 *bufp = NULL;
3518 *bufsizep = 0;
3519
3520 if ((handle = zonecfg_init_handle()) == NULL) {
3521 zerror(zlogp, B_TRUE, "getting zone configuration handle");
3522 return (-1);
3523 }
3524 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
3525 zerror(zlogp, B_FALSE, "invalid configuration");
3526 zonecfg_fini_handle(handle);
3527 return (-1);
3528 }
3529
3530 if (get_implicit_datasets(zlogp, &implicit_datasets) != 0) {
3531 zerror(zlogp, B_FALSE, "getting implicit datasets failed");
3532 goto out;
3533 }
3534
3535 if (zonecfg_setdsent(handle) != Z_OK) {
3536 zerror(zlogp, B_FALSE, "%s failed", "zonecfg_setdsent");
3537 goto out;
3538 }
3539
3540 total = 0;
3541 while (zonecfg_getdsent(handle, &dstab) == Z_OK)
3542 total += strlen(dstab.zone_dataset_name) + 1;
3543 (void) zonecfg_enddsent(handle);
3544
3545 if (implicit_datasets != NULL)
3546 implicit_len = strlen(implicit_datasets);
3547 if (implicit_len > 0)
3548 total += implicit_len + 1;
3549
3550 if (total == 0) {
3551 error = 0;
3552 goto out;
3553 }
3554
3555 if ((str = malloc(total)) == NULL) {
3556 zerror(zlogp, B_TRUE, "memory allocation failed");
3557 goto out;
3558 }
3559
3560 if (zonecfg_setdsent(handle) != Z_OK) {
3561 zerror(zlogp, B_FALSE, "%s failed", "zonecfg_setdsent");
3562 goto out;
3563 }
3564 offset = 0;
3565 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
3566 len = strlen(dstab.zone_dataset_name);
3567 (void) strlcpy(str + offset, dstab.zone_dataset_name,
3568 total - offset);
3569 offset += len;
3570 if (offset < total - 1)
3571 str[offset++] = ',';
3572 }
3573 (void) zonecfg_enddsent(handle);
3574
3575 if (implicit_len > 0)
3576 (void) strlcpy(str + offset, implicit_datasets, total - offset);
3577
3578 error = 0;
3579 *bufp = str;
3580 *bufsizep = total;
3581
3582 out:
3583 if (error != 0 && str != NULL)
3584 free(str);
3585 if (handle != NULL)
3586 zonecfg_fini_handle(handle);
3587 if (implicit_datasets != NULL)
3588 free(implicit_datasets);
3589
3590 return (error);
3591 }
3592
3593 static int
3594 validate_datasets(zlog_t *zlogp)
3595 {
3596 zone_dochandle_t handle;
3597 struct zone_dstab dstab;
3598 zfs_handle_t *zhp;
3599 libzfs_handle_t *hdl;
3600
3601 if ((handle = zonecfg_init_handle()) == NULL) {
3602 zerror(zlogp, B_TRUE, "getting zone configuration handle");
3603 return (-1);
3604 }
3605 if (zonecfg_get_snapshot_handle(zone_name, handle) != Z_OK) {
3606 zerror(zlogp, B_FALSE, "invalid configuration");
3607 zonecfg_fini_handle(handle);
3608 return (-1);
3609 }
3610
3611 if (zonecfg_setdsent(handle) != Z_OK) {
3612 zerror(zlogp, B_FALSE, "invalid configuration");
3613 zonecfg_fini_handle(handle);
3614 return (-1);
3615 }
3616
3617 if ((hdl = libzfs_init()) == NULL) {
3618 zerror(zlogp, B_FALSE, "opening ZFS library");
3619 zonecfg_fini_handle(handle);
3620 return (-1);
3621 }
3622
3623 while (zonecfg_getdsent(handle, &dstab) == Z_OK) {
3624
3625 if ((zhp = zfs_open(hdl, dstab.zone_dataset_name,
3626 ZFS_TYPE_FILESYSTEM)) == NULL) {
3627 zerror(zlogp, B_FALSE, "cannot open ZFS dataset '%s'",
3628 dstab.zone_dataset_name);
3629 zonecfg_fini_handle(handle);
3630 libzfs_fini(hdl);
3631 return (-1);
3632 }
3633
3634 /*
3635 * Automatically set the 'zoned' property. We check the value
3636 * first because we'll get EPERM if it is already set.
3637 */
3638 if (!zfs_prop_get_int(zhp, ZFS_PROP_ZONED) &&
3639 zfs_prop_set(zhp, zfs_prop_to_name(ZFS_PROP_ZONED),
3640 "on") != 0) {
3641 zerror(zlogp, B_FALSE, "cannot set 'zoned' "
3642 "property for ZFS dataset '%s'\n",
3643 dstab.zone_dataset_name);
3644 zonecfg_fini_handle(handle);
3645 zfs_close(zhp);
3646 libzfs_fini(hdl);
3647 return (-1);
3648 }
3649
3650 zfs_close(zhp);
3651 }
3652 (void) zonecfg_enddsent(handle);
3653
3654 zonecfg_fini_handle(handle);
3655 libzfs_fini(hdl);
3656
3657 return (0);
3658 }
3659
3660 /*
3661 * Return true if the path is its own zfs file system. We determine this
3662 * by stat-ing the path to see if it is zfs and stat-ing the parent to see
3663 * if it is a different fs.
3664 */
3665 boolean_t
3666 is_zonepath_zfs(char *zonepath)
3667 {
3668 int res;
3669 char *path;
3670 char *parent;
3671 struct statvfs64 buf1, buf2;
3672
3673 if (statvfs64(zonepath, &buf1) != 0)
3674 return (B_FALSE);
3675
3676 if (strcmp(buf1.f_basetype, "zfs") != 0)
3677 return (B_FALSE);
3678
3679 if ((path = strdup(zonepath)) == NULL)
3680 return (B_FALSE);
3681
3682 parent = dirname(path);
3683 res = statvfs64(parent, &buf2);
3684 free(path);
3685
3686 if (res != 0)
3687 return (B_FALSE);
3688
3689 if (buf1.f_fsid == buf2.f_fsid)
3690 return (B_FALSE);
3691
3692 return (B_TRUE);
3693 }
3694
3695 /*
3696 * Verify the MAC label in the root dataset for the zone.
3697 * If the label exists, it must match the label configured for the zone.
3698 * Otherwise if there's no label on the dataset, create one here.
3699 */
3700
3701 static int
3702 validate_rootds_label(zlog_t *zlogp, char *rootpath, m_label_t *zone_sl)
3703 {
3704 int error = -1;
3705 zfs_handle_t *zhp;
3706 libzfs_handle_t *hdl;
3707 m_label_t ds_sl;
3708 char zonepath[MAXPATHLEN];
3709 char ds_hexsl[MAXNAMELEN];
3710
3711 if (!is_system_labeled())
3712 return (0);
3713
3714 if (zone_get_zonepath(zone_name, zonepath, sizeof (zonepath)) != Z_OK) {
3715 zerror(zlogp, B_TRUE, "unable to determine zone path");
3716 return (-1);
3717 }
3718
3719 if (!is_zonepath_zfs(zonepath))
3720 return (0);
3721
3722 if ((hdl = libzfs_init()) == NULL) {
3723 zerror(zlogp, B_FALSE, "opening ZFS library");
3724 return (-1);
3725 }
3726
3727 if ((zhp = zfs_path_to_zhandle(hdl, rootpath,
3728 ZFS_TYPE_FILESYSTEM)) == NULL) {
3729 zerror(zlogp, B_FALSE, "cannot open ZFS dataset for path '%s'",
3730 rootpath);
3731 libzfs_fini(hdl);
3732 return (-1);
3733 }
3734
3735 /* Get the mlslabel property if it exists. */
3736 if ((zfs_prop_get(zhp, ZFS_PROP_MLSLABEL, ds_hexsl, MAXNAMELEN,
3737 NULL, NULL, 0, B_TRUE) != 0) ||
3738 (strcmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) == 0)) {
3739 char *str2 = NULL;
3740
3741 /*
3742 * No label on the dataset (or default only); create one.
3743 * (Only do this automatic labeling for the labeled brand.)
3744 */
3745 if (strcmp(brand_name, LABELED_BRAND_NAME) != 0) {
3746 error = 0;
3747 goto out;
3748 }
3749
3750 error = l_to_str_internal(zone_sl, &str2);
3751 if (error)
3752 goto out;
3753 if (str2 == NULL) {
3754 error = -1;
3755 goto out;
3756 }
3757 if ((error = zfs_prop_set(zhp,
3758 zfs_prop_to_name(ZFS_PROP_MLSLABEL), str2)) != 0) {
3759 zerror(zlogp, B_FALSE, "cannot set 'mlslabel' "
3760 "property for root dataset at '%s'\n", rootpath);
3761 }
3762 free(str2);
3763 goto out;
3764 }
3765
3766 /* Convert the retrieved dataset label to binary form. */
3767 error = hexstr_to_label(ds_hexsl, &ds_sl);
3768 if (error) {
3769 zerror(zlogp, B_FALSE, "invalid 'mlslabel' "
3770 "property on root dataset at '%s'\n", rootpath);
3771 goto out; /* exit with error */
3772 }
3773
3774 /*
3775 * Perform a MAC check by comparing the zone label with the
3776 * dataset label.
3777 */
3778 error = (!blequal(zone_sl, &ds_sl));
3779 if (error)
3780 zerror(zlogp, B_FALSE, "Rootpath dataset has mismatched label");
3781 out:
3782 zfs_close(zhp);
3783 libzfs_fini(hdl);
3784
3785 return (error);
3786 }
3787
3788 /*
3789 * Mount lower level home directories into/from current zone
3790 * Share exported directories specified in dfstab for zone
3791 */
3792 static int
3793 tsol_mounts(zlog_t *zlogp, char *zone_name, char *rootpath)
3794 {
3795 zoneid_t *zids = NULL;
3796 priv_set_t *zid_privs;
3797 const priv_impl_info_t *ip = NULL;
3798 uint_t nzents_saved;
3799 uint_t nzents;
3800 int i;
3801 char readonly[] = "ro";
3802 struct zone_fstab lower_fstab;
3803 char *argv[4];
3804
3805 if (!is_system_labeled())
3806 return (0);
3807
3808 if (zid_label == NULL) {
3809 zid_label = m_label_alloc(MAC_LABEL);
3810 if (zid_label == NULL)
3811 return (-1);
3812 }
3813
3814 /* Make sure our zone has an /export/home dir */
3815 (void) make_one_dir(zlogp, rootpath, "/export/home",
3816 DEFAULT_DIR_MODE, DEFAULT_DIR_USER, DEFAULT_DIR_GROUP);
3817
3818 lower_fstab.zone_fs_raw[0] = '\0';
3819 (void) strlcpy(lower_fstab.zone_fs_type, MNTTYPE_LOFS,
3820 sizeof (lower_fstab.zone_fs_type));
3821 lower_fstab.zone_fs_options = NULL;
3822 (void) zonecfg_add_fs_option(&lower_fstab, readonly);
3823
3824 /*
3825 * Get the list of zones from the kernel
3826 */
3827 if (zone_list(NULL, &nzents) != 0) {
3828 zerror(zlogp, B_TRUE, "unable to list zones");
3829 zonecfg_free_fs_option_list(lower_fstab.zone_fs_options);
3830 return (-1);
3831 }
3832 again:
3833 if (nzents == 0) {
3834 zonecfg_free_fs_option_list(lower_fstab.zone_fs_options);
3835 return (-1);
3836 }
3837
3838 zids = malloc(nzents * sizeof (zoneid_t));
3839 if (zids == NULL) {
3840 zerror(zlogp, B_TRUE, "memory allocation failed");
3841 return (-1);
3842 }
3843 nzents_saved = nzents;
3844
3845 if (zone_list(zids, &nzents) != 0) {
3846 zerror(zlogp, B_TRUE, "unable to list zones");
3847 zonecfg_free_fs_option_list(lower_fstab.zone_fs_options);
3848 free(zids);
3849 return (-1);
3850 }
3851 if (nzents != nzents_saved) {
3852 /* list changed, try again */
3853 free(zids);
3854 goto again;
3855 }
3856
3857 ip = getprivimplinfo();
3858 if ((zid_privs = priv_allocset()) == NULL) {
3859 zerror(zlogp, B_TRUE, "%s failed", "priv_allocset");
3860 zonecfg_free_fs_option_list(
3861 lower_fstab.zone_fs_options);
3862 free(zids);
3863 return (-1);
3864 }
3865
3866 for (i = 0; i < nzents; i++) {
3867 char zid_name[ZONENAME_MAX];
3868 zone_state_t zid_state;
3869 char zid_rpath[MAXPATHLEN];
3870 struct stat stat_buf;
3871
3872 if (zids[i] == GLOBAL_ZONEID)
3873 continue;
3874
3875 if (getzonenamebyid(zids[i], zid_name, ZONENAME_MAX) == -1)
3876 continue;
3877
3878 /*
3879 * Do special setup for the zone we are booting
3880 */
3881 if (strcmp(zid_name, zone_name) == 0) {
3882 struct zone_fstab autofs_fstab;
3883 char map_path[MAXPATHLEN];
3884 int fd;
3885
3886 /*
3887 * Create auto_home_<zone> map for this zone
3888 * in the global zone. The non-global zone entry
3889 * will be created by automount when the zone
3890 * is booted.
3891 */
3892
3893 (void) snprintf(autofs_fstab.zone_fs_special,
3894 MAXPATHLEN, "auto_home_%s", zid_name);
3895
3896 (void) snprintf(autofs_fstab.zone_fs_dir, MAXPATHLEN,
3897 "/zone/%s/home", zid_name);
3898
3899 (void) snprintf(map_path, sizeof (map_path),
3900 "/etc/%s", autofs_fstab.zone_fs_special);
3901 /*
3902 * If the map file doesn't exist create a template
3903 */
3904 if ((fd = open(map_path, O_RDWR | O_CREAT | O_EXCL,
3905 S_IRUSR | S_IWUSR | S_IRGRP| S_IROTH)) != -1) {
3906 int len;
3907 char map_rec[MAXPATHLEN];
3908
3909 len = snprintf(map_rec, sizeof (map_rec),
3910 "+%s\n*\t-fstype=lofs\t:%s/export/home/&\n",
3911 autofs_fstab.zone_fs_special, rootpath);
3912 (void) write(fd, map_rec, len);
3913 (void) close(fd);
3914 }
3915
3916 /*
3917 * Mount auto_home_<zone> in the global zone if absent.
3918 * If it's already of type autofs, then
3919 * don't mount it again.
3920 */
3921 if ((stat(autofs_fstab.zone_fs_dir, &stat_buf) == -1) ||
3922 strcmp(stat_buf.st_fstype, MNTTYPE_AUTOFS) != 0) {
3923 char optstr[] = "indirect,ignore,nobrowse";
3924
3925 (void) make_one_dir(zlogp, "",
3926 autofs_fstab.zone_fs_dir, DEFAULT_DIR_MODE,
3927 DEFAULT_DIR_USER, DEFAULT_DIR_GROUP);
3928
3929 /*
3930 * Mount will fail if automounter has already
3931 * processed the auto_home_<zonename> map
3932 */
3933 (void) domount(zlogp, MNTTYPE_AUTOFS, optstr,
3934 autofs_fstab.zone_fs_special,
3935 autofs_fstab.zone_fs_dir);
3936 }
3937 continue;
3938 }
3939
3940
3941 if (zone_get_state(zid_name, &zid_state) != Z_OK ||
3942 (zid_state != ZONE_STATE_READY &&
3943 zid_state != ZONE_STATE_RUNNING))
3944 /* Skip over zones without mounted filesystems */
3945 continue;
3946
3947 if (zone_getattr(zids[i], ZONE_ATTR_SLBL, zid_label,
3948 sizeof (m_label_t)) < 0)
3949 /* Skip over zones with unspecified label */
3950 continue;
3951
3952 if (zone_getattr(zids[i], ZONE_ATTR_ROOT, zid_rpath,
3953 sizeof (zid_rpath)) == -1)
3954 /* Skip over zones with bad path */
3955 continue;
3956
3957 if (zone_getattr(zids[i], ZONE_ATTR_PRIVSET, zid_privs,
3958 sizeof (priv_chunk_t) * ip->priv_setsize) == -1)
3959 /* Skip over zones with bad privs */
3960 continue;
3961
3962 /*
3963 * Reading down is valid according to our label model
3964 * but some customers want to disable it because it
3965 * allows execute down and other possible attacks.
3966 * Therefore, we restrict this feature to zones that
3967 * have the NET_MAC_AWARE privilege which is required
3968 * for NFS read-down semantics.
3969 */
3970 if ((bldominates(zlabel, zid_label)) &&
3971 (priv_ismember(zprivs, PRIV_NET_MAC_AWARE))) {
3972 /*
3973 * Our zone dominates this one.
3974 * Create a lofs mount from lower zone's /export/home
3975 */
3976 (void) snprintf(lower_fstab.zone_fs_dir, MAXPATHLEN,
3977 "%s/zone/%s/export/home", rootpath, zid_name);
3978
3979 /*
3980 * If the target is already an LOFS mount
3981 * then don't do it again.
3982 */
3983 if ((stat(lower_fstab.zone_fs_dir, &stat_buf) == -1) ||
3984 strcmp(stat_buf.st_fstype, MNTTYPE_LOFS) != 0) {
3985
3986 if (snprintf(lower_fstab.zone_fs_special,
3987 MAXPATHLEN, "%s/export",
3988 zid_rpath) > MAXPATHLEN)
3989 continue;
3990
3991 /*
3992 * Make sure the lower-level home exists
3993 */
3994 if (make_one_dir(zlogp,
3995 lower_fstab.zone_fs_special, "/home",
3996 DEFAULT_DIR_MODE, DEFAULT_DIR_USER,
3997 DEFAULT_DIR_GROUP) != 0)
3998 continue;
3999
4000 (void) strlcat(lower_fstab.zone_fs_special,
4001 "/home", MAXPATHLEN);
4002
4003 /*
4004 * Mount can fail because the lower-level
4005 * zone may have already done a mount up.
4006 */
4007 (void) mount_one(zlogp, &lower_fstab, "",
4008 Z_MNT_BOOT);
4009 }
4010 } else if ((bldominates(zid_label, zlabel)) &&
4011 (priv_ismember(zid_privs, PRIV_NET_MAC_AWARE))) {
4012 /*
4013 * This zone dominates our zone.
4014 * Create a lofs mount from our zone's /export/home
4015 */
4016 if (snprintf(lower_fstab.zone_fs_dir, MAXPATHLEN,
4017 "%s/zone/%s/export/home", zid_rpath,
4018 zone_name) > MAXPATHLEN)
4019 continue;
4020
4021 /*
4022 * If the target is already an LOFS mount
4023 * then don't do it again.
4024 */
4025 if ((stat(lower_fstab.zone_fs_dir, &stat_buf) == -1) ||
4026 strcmp(stat_buf.st_fstype, MNTTYPE_LOFS) != 0) {
4027
4028 (void) snprintf(lower_fstab.zone_fs_special,
4029 MAXPATHLEN, "%s/export/home", rootpath);
4030
4031 /*
4032 * Mount can fail because the higher-level
4033 * zone may have already done a mount down.
4034 */
4035 (void) mount_one(zlogp, &lower_fstab, "",
4036 Z_MNT_BOOT);
4037 }
4038 }
4039 }
4040 zonecfg_free_fs_option_list(lower_fstab.zone_fs_options);
4041 priv_freeset(zid_privs);
4042 free(zids);
4043
4044 /*
4045 * Now share any exported directories from this zone.
4046 * Each zone can have its own dfstab.
4047 */
4048
4049 argv[0] = "zoneshare";
4050 argv[1] = "-z";
4051 argv[2] = zone_name;
4052 argv[3] = NULL;
4053
4054 (void) forkexec(zlogp, "/usr/lib/zones/zoneshare", argv);
4055 /* Don't check for errors since they don't affect the zone */
4056
4057 return (0);
4058 }
4059
4060 /*
4061 * Unmount lofs mounts from higher level zones
4062 * Unshare nfs exported directories
4063 */
4064 static void
4065 tsol_unmounts(zlog_t *zlogp, char *zone_name)
4066 {
4067 zoneid_t *zids = NULL;
4068 uint_t nzents_saved;
4069 uint_t nzents;
4070 int i;
4071 char *argv[4];
4072 char path[MAXPATHLEN];
4073
4074 if (!is_system_labeled())
4075 return;
4076
4077 /*
4078 * Get the list of zones from the kernel
4079 */
4080 if (zone_list(NULL, &nzents) != 0) {
4081 return;
4082 }
4083
4084 if (zid_label == NULL) {
4085 zid_label = m_label_alloc(MAC_LABEL);
4086 if (zid_label == NULL)
4087 return;
4088 }
4089
4090 again:
4091 if (nzents == 0)
4092 return;
4093
4094 zids = malloc(nzents * sizeof (zoneid_t));
4095 if (zids == NULL) {
4096 zerror(zlogp, B_TRUE, "memory allocation failed");
4097 return;
4098 }
4099 nzents_saved = nzents;
4100
4101 if (zone_list(zids, &nzents) != 0) {
4102 free(zids);
4103 return;
4104 }
4105 if (nzents != nzents_saved) {
4106 /* list changed, try again */
4107 free(zids);
4108 goto again;
4109 }
4110
4111 for (i = 0; i < nzents; i++) {
4112 char zid_name[ZONENAME_MAX];
4113 zone_state_t zid_state;
4114 char zid_rpath[MAXPATHLEN];
4115
4116 if (zids[i] == GLOBAL_ZONEID)
4117 continue;
4118
4119 if (getzonenamebyid(zids[i], zid_name, ZONENAME_MAX) == -1)
4120 continue;
4121
4122 /*
4123 * Skip the zone we are halting
4124 */
4125 if (strcmp(zid_name, zone_name) == 0)
4126 continue;
4127
4128 if ((zone_getattr(zids[i], ZONE_ATTR_STATUS, &zid_state,
4129 sizeof (zid_state)) < 0) ||
4130 (zid_state < ZONE_IS_READY))
4131 /* Skip over zones without mounted filesystems */
4132 continue;
4133
4134 if (zone_getattr(zids[i], ZONE_ATTR_SLBL, zid_label,
4135 sizeof (m_label_t)) < 0)
4136 /* Skip over zones with unspecified label */
4137 continue;
4138
4139 if (zone_getattr(zids[i], ZONE_ATTR_ROOT, zid_rpath,
4140 sizeof (zid_rpath)) == -1)
4141 /* Skip over zones with bad path */
4142 continue;
4143
4144 if (zlabel != NULL && bldominates(zid_label, zlabel)) {
4145 /*
4146 * This zone dominates our zone.
4147 * Unmount the lofs mount of our zone's /export/home
4148 */
4149
4150 if (snprintf(path, MAXPATHLEN,
4151 "%s/zone/%s/export/home", zid_rpath,
4152 zone_name) > MAXPATHLEN)
4153 continue;
4154
4155 /* Skip over mount failures */
4156 (void) umount(path);
4157 }
4158 }
4159 free(zids);
4160
4161 /*
4162 * Unmount global zone autofs trigger for this zone
4163 */
4164 (void) snprintf(path, MAXPATHLEN, "/zone/%s/home", zone_name);
4165 /* Skip over mount failures */
4166 (void) umount(path);
4167
4168 /*
4169 * Next unshare any exported directories from this zone.
4170 */
4171
4172 argv[0] = "zoneunshare";
4173 argv[1] = "-z";
4174 argv[2] = zone_name;
4175 argv[3] = NULL;
4176
4177 (void) forkexec(zlogp, "/usr/lib/zones/zoneunshare", argv);
4178 /* Don't check for errors since they don't affect the zone */
4179
4180 /*
4181 * Finally, deallocate any devices in the zone.
4182 */
4183
4184 argv[0] = "deallocate";
4185 argv[1] = "-Isz";
4186 argv[2] = zone_name;
4187 argv[3] = NULL;
4188
4189 (void) forkexec(zlogp, "/usr/sbin/deallocate", argv);
4190 /* Don't check for errors since they don't affect the zone */
4191 }
4192
4193 /*
4194 * Fetch the Trusted Extensions label and multi-level ports (MLPs) for
4195 * this zone.
4196 */
4197 static tsol_zcent_t *
4198 get_zone_label(zlog_t *zlogp, priv_set_t *privs)
4199 {
4200 FILE *fp;
4201 tsol_zcent_t *zcent = NULL;
4202 char line[MAXTNZLEN];
4203
4204 if ((fp = fopen(TNZONECFG_PATH, "r")) == NULL) {
4205 zerror(zlogp, B_TRUE, "%s", TNZONECFG_PATH);
4206 return (NULL);
4207 }
4208
4209 while (fgets(line, sizeof (line), fp) != NULL) {
4210 /*
4211 * Check for malformed database
4212 */
4213 if (strlen(line) == MAXTNZLEN - 1)
4214 break;
4215 if ((zcent = tsol_sgetzcent(line, NULL, NULL)) == NULL)
4216 continue;
4217 if (strcmp(zcent->zc_name, zone_name) == 0)
4218 break;
4219 tsol_freezcent(zcent);
4220 zcent = NULL;
4221 }
4222 (void) fclose(fp);
4223
4224 if (zcent == NULL) {
4225 zerror(zlogp, B_FALSE, "zone requires a label assignment. "
4226 "See tnzonecfg(4)");
4227 } else {
4228 if (zlabel == NULL)
4229 zlabel = m_label_alloc(MAC_LABEL);
4230 /*
4231 * Save this zone's privileges for later read-down processing
4232 */
4233 if ((zprivs = priv_allocset()) == NULL) {
4234 zerror(zlogp, B_TRUE, "%s failed", "priv_allocset");
4235 return (NULL);
4236 } else {
4237 priv_copyset(privs, zprivs);
4238 }
4239 }
4240 return (zcent);
4241 }
4242
4243 /*
4244 * Add the Trusted Extensions multi-level ports for this zone.
4245 */
4246 static void
4247 set_mlps(zlog_t *zlogp, zoneid_t zoneid, tsol_zcent_t *zcent)
4248 {
4249 tsol_mlp_t *mlp;
4250 tsol_mlpent_t tsme;
4251
4252 if (!is_system_labeled())
4253 return;
4254
4255 tsme.tsme_zoneid = zoneid;
4256 tsme.tsme_flags = 0;
4257 for (mlp = zcent->zc_private_mlp; !TSOL_MLP_END(mlp); mlp++) {
4258 tsme.tsme_mlp = *mlp;
4259 if (tnmlp(TNDB_LOAD, &tsme) != 0) {
4260 zerror(zlogp, B_TRUE, "cannot set zone-specific MLP "
4261 "on %d-%d/%d", mlp->mlp_port,
4262 mlp->mlp_port_upper, mlp->mlp_ipp);
4263 }
4264 }
4265
4266 tsme.tsme_flags = TSOL_MEF_SHARED;
4267 for (mlp = zcent->zc_shared_mlp; !TSOL_MLP_END(mlp); mlp++) {
4268 tsme.tsme_mlp = *mlp;
4269 if (tnmlp(TNDB_LOAD, &tsme) != 0) {
4270 zerror(zlogp, B_TRUE, "cannot set shared MLP "
4271 "on %d-%d/%d", mlp->mlp_port,
4272 mlp->mlp_port_upper, mlp->mlp_ipp);
4273 }
4274 }
4275 }
4276
4277 static void
4278 remove_mlps(zlog_t *zlogp, zoneid_t zoneid)
4279 {
4280 tsol_mlpent_t tsme;
4281
4282 if (!is_system_labeled())
4283 return;
4284
4285 (void) memset(&tsme, 0, sizeof (tsme));
4286 tsme.tsme_zoneid = zoneid;
4287 if (tnmlp(TNDB_FLUSH, &tsme) != 0)
4288 zerror(zlogp, B_TRUE, "cannot flush MLPs");
4289 }
4290
4291 int
4292 prtmount(const struct mnttab *fs, void *x) {
4293 zerror((zlog_t *)x, B_FALSE, " %s", fs->mnt_mountp);
4294 return (0);
4295 }
4296
4297 /*
4298 * Look for zones running on the main system that are using this root (or any
4299 * subdirectory of it). Return B_TRUE and print an error if a conflicting zone
4300 * is found or if we can't tell.
4301 */
4302 static boolean_t
4303 duplicate_zone_root(zlog_t *zlogp, const char *rootpath)
4304 {
4305 zoneid_t *zids = NULL;
4306 uint_t nzids = 0;
4307 boolean_t retv;
4308 int rlen, zlen;
4309 char zroot[MAXPATHLEN];
4310 char zonename[ZONENAME_MAX];
4311
4312 for (;;) {
4313 nzids += 10;
4314 zids = malloc(nzids * sizeof (*zids));
4315 if (zids == NULL) {
4316 zerror(zlogp, B_TRUE, "memory allocation failed");
4317 return (B_TRUE);
4318 }
4319 if (zone_list(zids, &nzids) == 0)
4320 break;
4321 free(zids);
4322 }
4323 retv = B_FALSE;
4324 rlen = strlen(rootpath);
4325 while (nzids > 0) {
4326 /*
4327 * Ignore errors; they just mean that the zone has disappeared
4328 * while we were busy.
4329 */
4330 if (zone_getattr(zids[--nzids], ZONE_ATTR_ROOT, zroot,
4331 sizeof (zroot)) == -1)
4332 continue;
4333 zlen = strlen(zroot);
4334 if (zlen > rlen)
4335 zlen = rlen;
4336 if (strncmp(rootpath, zroot, zlen) == 0 &&
4337 (zroot[zlen] == '\0' || zroot[zlen] == '/') &&
4338 (rootpath[zlen] == '\0' || rootpath[zlen] == '/')) {
4339 if (getzonenamebyid(zids[nzids], zonename,
4340 sizeof (zonename)) == -1)
4341 (void) snprintf(zonename, sizeof (zonename),
4342 "id %d", (int)zids[nzids]);
4343 zerror(zlogp, B_FALSE,
4344 "zone root %s already in use by zone %s",
4345 rootpath, zonename);
4346 retv = B_TRUE;
4347 break;
4348 }
4349 }
4350 free(zids);
4351 return (retv);
4352 }
4353
4354 /*
4355 * Search for loopback mounts that use this same source node (same device and
4356 * inode). Return B_TRUE if there is one or if we can't tell.
4357 */
4358 static boolean_t
4359 duplicate_reachable_path(zlog_t *zlogp, const char *rootpath)
4360 {
4361 struct stat64 rst, zst;
4362 struct mnttab *mnp;
4363
4364 if (stat64(rootpath, &rst) == -1) {
4365 zerror(zlogp, B_TRUE, "can't stat %s", rootpath);
4366 return (B_TRUE);
4367 }
4368 if (resolve_lofs_mnts == NULL && lofs_read_mnttab(zlogp) == -1)
4369 return (B_TRUE);
4370 for (mnp = resolve_lofs_mnts; mnp < resolve_lofs_mnt_max; mnp++) {
4371 if (mnp->mnt_fstype == NULL ||
4372 strcmp(MNTTYPE_LOFS, mnp->mnt_fstype) != 0)
4373 continue;
4374 /* We're looking at a loopback mount. Stat it. */
4375 if (mnp->mnt_special != NULL &&
4376 stat64(mnp->mnt_special, &zst) != -1 &&
4377 rst.st_dev == zst.st_dev && rst.st_ino == zst.st_ino) {
4378 zerror(zlogp, B_FALSE,
4379 "zone root %s is reachable through %s",
4380 rootpath, mnp->mnt_mountp);
4381 return (B_TRUE);
4382 }
4383 }
4384 return (B_FALSE);
4385 }
4386
4387 /*
4388 * Set memory cap and pool info for the zone's resource management
4389 * configuration.
4390 */
4391 static int
4392 setup_zone_rm(zlog_t *zlogp, char *zone_name, zoneid_t zoneid)
4393 {
4394 int res;
4395 uint64_t tmp;
4396 struct zone_mcaptab mcap;
4397 char sched[MAXNAMELEN];
4398 zone_dochandle_t handle = NULL;
4399 char pool_err[128];
4400
4401 if ((handle = zonecfg_init_handle()) == NULL) {
4402 zerror(zlogp, B_TRUE, "getting zone configuration handle");
4403 return (Z_BAD_HANDLE);
4404 }
4405
4406 if ((res = zonecfg_get_snapshot_handle(zone_name, handle)) != Z_OK) {
4407 zerror(zlogp, B_FALSE, "invalid configuration");
4408 zonecfg_fini_handle(handle);
4409 return (res);
4410 }
4411
4412 /*
4413 * If a memory cap is configured, set the cap in the kernel using
4414 * zone_setattr() and make sure the rcapd SMF service is enabled.
4415 */
4416 if (zonecfg_getmcapent(handle, &mcap) == Z_OK) {
4417 uint64_t num;
4418 char smf_err[128];
4419
4420 num = (uint64_t)strtoull(mcap.zone_physmem_cap, NULL, 10);
4421 if (zone_setattr(zoneid, ZONE_ATTR_PHYS_MCAP, &num, 0) == -1) {
4422 zerror(zlogp, B_TRUE, "could not set zone memory cap");
4423 zonecfg_fini_handle(handle);
4424 return (Z_INVAL);
4425 }
4426
4427 if (zonecfg_enable_rcapd(smf_err, sizeof (smf_err)) != Z_OK) {
4428 zerror(zlogp, B_FALSE, "enabling system/rcap service "
4429 "failed: %s", smf_err);
4430 zonecfg_fini_handle(handle);
4431 return (Z_INVAL);
4432 }
4433 }
4434
4435 /* Get the scheduling class set in the zone configuration. */
4436 if (zonecfg_get_sched_class(handle, sched, sizeof (sched)) == Z_OK &&
4437 strlen(sched) > 0) {
4438 if (zone_setattr(zoneid, ZONE_ATTR_SCHED_CLASS, sched,
4439 strlen(sched)) == -1)
4440 zerror(zlogp, B_TRUE, "WARNING: unable to set the "
4441 "default scheduling class");
4442
4443 } else if (zonecfg_get_aliased_rctl(handle, ALIAS_SHARES, &tmp)
4444 == Z_OK) {
4445 /*
4446 * If the zone has the zone.cpu-shares rctl set then we want to
4447 * use the Fair Share Scheduler (FSS) for processes in the
4448 * zone. Check what scheduling class the zone would be running
4449 * in by default so we can print a warning and modify the class
4450 * if we wouldn't be using FSS.
4451 */
4452 char class_name[PC_CLNMSZ];
4453
4454 if (zonecfg_get_dflt_sched_class(handle, class_name,
4455 sizeof (class_name)) != Z_OK) {
4456 zerror(zlogp, B_FALSE, "WARNING: unable to determine "
4457 "the zone's scheduling class");
4458
4459 } else if (strcmp("FSS", class_name) != 0) {
4460 zerror(zlogp, B_FALSE, "WARNING: The zone.cpu-shares "
4461 "rctl is set but\nFSS is not the default "
4462 "scheduling class for\nthis zone. FSS will be "
4463 "used for processes\nin the zone but to get the "
4464 "full benefit of FSS,\nit should be the default "
4465 "scheduling class.\nSee dispadmin(1M) for more "
4466 "details.");
4467
4468 if (zone_setattr(zoneid, ZONE_ATTR_SCHED_CLASS, "FSS",
4469 strlen("FSS")) == -1)
4470 zerror(zlogp, B_TRUE, "WARNING: unable to set "
4471 "zone scheduling class to FSS");
4472 }
4473 }
4474
4475 /*
4476 * The next few blocks of code attempt to set up temporary pools as
4477 * well as persistent pools. In all cases we call the functions
4478 * unconditionally. Within each funtion the code will check if the
4479 * zone is actually configured for a temporary pool or persistent pool
4480 * and just return if there is nothing to do.
4481 *
4482 * If we are rebooting we want to attempt to reuse any temporary pool
4483 * that was previously set up. zonecfg_bind_tmp_pool() will do the
4484 * right thing in all cases (reuse or create) based on the current
4485 * zonecfg.
4486 */
4487 if ((res = zonecfg_bind_tmp_pool(handle, zoneid, pool_err,
4488 sizeof (pool_err))) != Z_OK) {
4489 if (res == Z_POOL || res == Z_POOL_CREATE || res == Z_POOL_BIND)
4490 zerror(zlogp, B_FALSE, "%s: %s\ndedicated-cpu setting "
4491 "cannot be instantiated", zonecfg_strerror(res),
4492 pool_err);
4493 else
4494 zerror(zlogp, B_FALSE, "could not bind zone to "
4495 "temporary pool: %s", zonecfg_strerror(res));
4496 zonecfg_fini_handle(handle);
4497 return (Z_POOL_BIND);
4498 }
4499
4500 /*
4501 * Check if we need to warn about poold not being enabled.
4502 */
4503 if (zonecfg_warn_poold(handle)) {
4504 zerror(zlogp, B_FALSE, "WARNING: A range of dedicated-cpus has "
4505 "been specified\nbut the dynamic pool service is not "
4506 "enabled.\nThe system will not dynamically adjust the\n"
4507 "processor allocation within the specified range\n"
4508 "until svc:/system/pools/dynamic is enabled.\n"
4509 "See poold(1M).");
4510 }
4511
4512 /* The following is a warning, not an error. */
4513 if ((res = zonecfg_bind_pool(handle, zoneid, pool_err,
4514 sizeof (pool_err))) != Z_OK) {
4515 if (res == Z_POOL_BIND)
4516 zerror(zlogp, B_FALSE, "WARNING: unable to bind to "
4517 "pool '%s'; using default pool.", pool_err);
4518 else if (res == Z_POOL)
4519 zerror(zlogp, B_FALSE, "WARNING: %s: %s",
4520 zonecfg_strerror(res), pool_err);
4521 else
4522 zerror(zlogp, B_FALSE, "WARNING: %s",
4523 zonecfg_strerror(res));
4524 }
4525
4526 /* Update saved pool name in case it has changed */
4527 (void) zonecfg_get_poolname(handle, zone_name, pool_name,
4528 sizeof (pool_name));
4529
4530 zonecfg_fini_handle(handle);
4531 return (Z_OK);
4532 }
4533
4534 static void
4535 report_prop_err(zlog_t *zlogp, const char *name, const char *value, int res)
4536 {
4537 switch (res) {
4538 case Z_TOO_BIG:
4539 zerror(zlogp, B_FALSE, "%s property value is too large.", name);
4540 break;
4541
4542 case Z_INVALID_PROPERTY:
4543 zerror(zlogp, B_FALSE, "%s property value \"%s\" is not valid",
4544 name, value);
4545 break;
4546
4547 default:
4548 zerror(zlogp, B_TRUE, "fetching property %s: %d", name, res);
4549 break;
4550 }
4551 }
4552
4553 /*
4554 * Sets the hostid of the new zone based on its configured value. The zone's
4555 * zone_t structure must already exist in kernel memory. 'zlogp' refers to the
4556 * log used to report errors and warnings and must be non-NULL. 'zone_namep'
4557 * is the name of the new zone and must be non-NULL. 'zoneid' is the numeric
4558 * ID of the new zone.
4559 *
4560 * This function returns zero on success and a nonzero error code on failure.
4561 */
4562 static int
4563 setup_zone_hostid(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid)
4564 {
4565 int res;
4566 char hostidp[HW_HOSTID_LEN];
4567 unsigned int hostid;
4568
4569 res = zonecfg_get_hostid(handle, hostidp, sizeof (hostidp));
4570
4571 if (res == Z_BAD_PROPERTY) {
4572 return (Z_OK);
4573 } else if (res != Z_OK) {
4574 report_prop_err(zlogp, "hostid", hostidp, res);
4575 return (res);
4576 }
4577
4578 hostid = (unsigned int)strtoul(hostidp, NULL, 16);
4579 if ((res = zone_setattr(zoneid, ZONE_ATTR_HOSTID, &hostid,
4580 sizeof (hostid))) != 0) {
4581 zerror(zlogp, B_TRUE,
4582 "zone hostid is not valid: %s: %d", hostidp, res);
4583 return (Z_SYSTEM);
4584 }
4585
4586 return (res);
4587 }
4588
4589 static int
4590 setup_zone_fs_allowed(zone_dochandle_t handle, zlog_t *zlogp, zoneid_t zoneid)
4591 {
4592 char fsallowedp[ZONE_FS_ALLOWED_MAX];
4593 int res;
4594
4595 res = zonecfg_get_fs_allowed(handle, fsallowedp, sizeof (fsallowedp));
4596
4597 if (res == Z_BAD_PROPERTY) {
4598 return (Z_OK);
4599 } else if (res != Z_OK) {
4600 report_prop_err(zlogp, "fs-allowed", fsallowedp, res);
4601 return (res);
4602 }
4603
4604 if (zone_setattr(zoneid, ZONE_ATTR_FS_ALLOWED, &fsallowedp,
4605 sizeof (fsallowedp)) != 0) {
4606 zerror(zlogp, B_TRUE,
4607 "fs-allowed couldn't be set: %s: %d", fsallowedp, res);
4608 return (Z_SYSTEM);
4609 }
4610
4611 return (res);
4612 }
4613
4614 static int
4615 setup_zone_attrs(zlog_t *zlogp, char *zone_namep, zoneid_t zoneid)
4616 {
4617 zone_dochandle_t handle;
4618 int res = Z_OK;
4619
4620 if ((handle = zonecfg_init_handle()) == NULL) {
4621 zerror(zlogp, B_TRUE, "getting zone configuration handle");
4622 return (Z_BAD_HANDLE);
4623 }
4624 if ((res = zonecfg_get_snapshot_handle(zone_namep, handle)) != Z_OK) {
4625 zerror(zlogp, B_FALSE, "invalid configuration");
4626 goto out;
4627 }
4628
4629 if ((res = setup_zone_hostid(handle, zlogp, zoneid)) != Z_OK)
4630 goto out;
4631
4632 if ((res = setup_zone_fs_allowed(handle, zlogp, zoneid)) != Z_OK)
4633 goto out;
4634
4635 out:
4636 zonecfg_fini_handle(handle);
4637 return (res);
4638 }
4639
4640 zoneid_t
4641 vplat_create(zlog_t *zlogp, zone_mnt_t mount_cmd)
4642 {
4643 zoneid_t rval = -1;
4644 priv_set_t *privs;
4645 char rootpath[MAXPATHLEN];
4646 char *rctlbuf = NULL;
4647 size_t rctlbufsz = 0;
4648 char *zfsbuf = NULL;
4649 size_t zfsbufsz = 0;
4650 zoneid_t zoneid = -1;
4651 int xerr;
4652 char *kzone;
4653 FILE *fp = NULL;
4654 tsol_zcent_t *zcent = NULL;
4655 int match = 0;
4656 int doi = 0;
4657 int flags;
4658 zone_iptype_t iptype;
4659
4660 if (zone_get_rootpath(zone_name, rootpath, sizeof (rootpath)) != Z_OK) {
4661 zerror(zlogp, B_TRUE, "unable to determine zone root");
4662 return (-1);
4663 }
4664 if (zonecfg_in_alt_root())
4665 resolve_lofs(zlogp, rootpath, sizeof (rootpath));
4666
4667 if (vplat_get_iptype(zlogp, &iptype) < 0) {
4668 zerror(zlogp, B_TRUE, "unable to determine ip-type");
4669 return (-1);
4670 }
4671 switch (iptype) {
4672 case ZS_SHARED:
4673 flags = 0;
4674 break;
4675 case ZS_EXCLUSIVE:
4676 flags = ZCF_NET_EXCL;
4677 break;
4678 }
4679
4680 if ((privs = priv_allocset()) == NULL) {
4681 zerror(zlogp, B_TRUE, "%s failed", "priv_allocset");
4682 return (-1);
4683 }
4684 priv_emptyset(privs);
4685 if (get_privset(zlogp, privs, mount_cmd) != 0)
4686 goto error;
4687
4688 if (mount_cmd == Z_MNT_BOOT &&
4689 get_rctls(zlogp, &rctlbuf, &rctlbufsz) != 0) {
4690 zerror(zlogp, B_FALSE, "Unable to get list of rctls");
4691 goto error;
4692 }
4693
4694 if (get_datasets(zlogp, &zfsbuf, &zfsbufsz) != 0) {
4695 zerror(zlogp, B_FALSE, "Unable to get list of ZFS datasets");
4696 goto error;
4697 }
4698
4699 if (mount_cmd == Z_MNT_BOOT && is_system_labeled()) {
4700 zcent = get_zone_label(zlogp, privs);
4701 if (zcent != NULL) {
4702 match = zcent->zc_match;
4703 doi = zcent->zc_doi;
4704 *zlabel = zcent->zc_label;
4705 } else {
4706 goto error;
4707 }
4708 if (validate_rootds_label(zlogp, rootpath, zlabel) != 0)
4709 goto error;
4710 }
4711
4712 kzone = zone_name;
4713
4714 /*
4715 * We must do this scan twice. First, we look for zones running on the
4716 * main system that are using this root (or any subdirectory of it).
4717 * Next, we reduce to the shortest path and search for loopback mounts
4718 * that use this same source node (same device and inode).
4719 */
4720 if (duplicate_zone_root(zlogp, rootpath))
4721 goto error;
4722 if (duplicate_reachable_path(zlogp, rootpath))
4723 goto error;
4724
4725 if (ALT_MOUNT(mount_cmd)) {
4726 root_to_lu(zlogp, rootpath, sizeof (rootpath), B_TRUE);
4727
4728 /*
4729 * Forge up a special root for this zone. When a zone is
4730 * mounted, we can't let the zone have its own root because the
4731 * tools that will be used in this "scratch zone" need access
4732 * to both the zone's resources and the running machine's
4733 * executables.
4734 *
4735 * Note that the mkdir here also catches read-only filesystems.
4736 */
4737 if (mkdir(rootpath, 0755) != 0 && errno != EEXIST) {
4738 zerror(zlogp, B_TRUE, "cannot create %s", rootpath);
4739 goto error;
4740 }
4741 if (domount(zlogp, "tmpfs", "", "swap", rootpath) != 0)
4742 goto error;
4743 }
4744
4745 if (zonecfg_in_alt_root()) {
4746 /*
4747 * If we are mounting up a zone in an alternate root partition,
4748 * then we have some additional work to do before starting the
4749 * zone. First, resolve the root path down so that we're not
4750 * fooled by duplicates. Then forge up an internal name for
4751 * the zone.
4752 */
4753 if ((fp = zonecfg_open_scratch("", B_TRUE)) == NULL) {
4754 zerror(zlogp, B_TRUE, "cannot open mapfile");
4755 goto error;
4756 }
4757 if (zonecfg_lock_scratch(fp) != 0) {
4758 zerror(zlogp, B_TRUE, "cannot lock mapfile");
4759 goto error;
4760 }
4761 if (zonecfg_find_scratch(fp, zone_name, zonecfg_get_root(),
4762 NULL, 0) == 0) {
4763 zerror(zlogp, B_FALSE, "scratch zone already running");
4764 goto error;
4765 }
4766 /* This is the preferred name */
4767 (void) snprintf(kernzone, sizeof (kernzone), "SUNWlu-%s",
4768 zone_name);
4769 srandom(getpid());
4770 while (zonecfg_reverse_scratch(fp, kernzone, NULL, 0, NULL,
4771 0) == 0) {
4772 /* This is just an arbitrary name; note "." usage */
4773 (void) snprintf(kernzone, sizeof (kernzone),
4774 "SUNWlu.%08lX%08lX", random(), random());
4775 }
4776 kzone = kernzone;
4777 }
4778
4779 xerr = 0;
4780 if ((zoneid = zone_create(kzone, rootpath, privs, rctlbuf,
4781 rctlbufsz, zfsbuf, zfsbufsz, &xerr, match, doi, zlabel,
4782 flags)) == -1) {
4783 if (xerr == ZE_AREMOUNTS) {
4784 if (zonecfg_find_mounts(rootpath, NULL, NULL) < 1) {
4785 zerror(zlogp, B_FALSE,
4786 "An unknown file-system is mounted on "
4787 "a subdirectory of %s", rootpath);
4788 } else {
4789
4790 zerror(zlogp, B_FALSE,
4791 "These file-systems are mounted on "
4792 "subdirectories of %s:", rootpath);
4793 (void) zonecfg_find_mounts(rootpath,
4794 prtmount, zlogp);
4795 }
4796 } else if (xerr == ZE_CHROOTED) {
4797 zerror(zlogp, B_FALSE, "%s: "
4798 "cannot create a zone from a chrooted "
4799 "environment", "zone_create");
4800 } else if (xerr == ZE_LABELINUSE) {
4801 char zonename[ZONENAME_MAX];
4802 (void) getzonenamebyid(getzoneidbylabel(zlabel),
4803 zonename, ZONENAME_MAX);
4804 zerror(zlogp, B_FALSE, "The zone label is already "
4805 "used by the zone '%s'.", zonename);
4806 } else {
4807 zerror(zlogp, B_TRUE, "%s failed", "zone_create");
4808 }
4809 goto error;
4810 }
4811
4812 if (zonecfg_in_alt_root() &&
4813 zonecfg_add_scratch(fp, zone_name, kernzone,
4814 zonecfg_get_root()) == -1) {
4815 zerror(zlogp, B_TRUE, "cannot add mapfile entry");
4816 goto error;
4817 }
4818
4819 /*
4820 * The following actions are not performed when merely mounting a zone
4821 * for administrative use.
4822 */
4823 if (mount_cmd == Z_MNT_BOOT) {
4824 brand_handle_t bh;
4825 struct brand_attr attr;
4826 char modname[MAXPATHLEN];
4827
4828 if (setup_zone_attrs(zlogp, zone_name, zoneid) != Z_OK)
4829 goto error;
4830
4831 if ((bh = brand_open(brand_name)) == NULL) {
4832 zerror(zlogp, B_FALSE,
4833 "unable to determine brand name");
4834 goto error;
4835 }
4836
4837 if (!is_system_labeled() &&
4838 (strcmp(brand_name, LABELED_BRAND_NAME) == 0)) {
4839 brand_close(bh);
4840 zerror(zlogp, B_FALSE,
4841 "cannot boot labeled zone on unlabeled system");
4842 goto error;
4843 }
4844
4845 /*
4846 * If this brand requires any kernel support, now is the time to
4847 * get it loaded and initialized.
4848 */
4849 if (brand_get_modname(bh, modname, MAXPATHLEN) < 0) {
4850 brand_close(bh);
4851 zerror(zlogp, B_FALSE,
4852 "unable to determine brand kernel module");
4853 goto error;
4854 }
4855 brand_close(bh);
4856
4857 if (strlen(modname) > 0) {
4858 (void) strlcpy(attr.ba_brandname, brand_name,
4859 sizeof (attr.ba_brandname));
4860 (void) strlcpy(attr.ba_modname, modname,
4861 sizeof (attr.ba_modname));
4862 if (zone_setattr(zoneid, ZONE_ATTR_BRAND, &attr,
4863 sizeof (attr) != 0)) {
4864 zerror(zlogp, B_TRUE,
4865 "could not set zone brand attribute.");
4866 goto error;
4867 }
4868 }
4869
4870 if (setup_zone_rm(zlogp, zone_name, zoneid) != Z_OK)
4871 goto error;
4872
4873 set_mlps(zlogp, zoneid, zcent);
4874 }
4875
4876 rval = zoneid;
4877 zoneid = -1;
4878
4879 error:
4880 if (zoneid != -1) {
4881 (void) zone_shutdown(zoneid);
4882 (void) zone_destroy(zoneid);
4883 }
4884 if (rctlbuf != NULL)
4885 free(rctlbuf);
4886 priv_freeset(privs);
4887 if (fp != NULL)
4888 zonecfg_close_scratch(fp);
4889 lofs_discard_mnttab();
4890 if (zcent != NULL)
4891 tsol_freezcent(zcent);
4892 return (rval);
4893 }
4894
4895 /*
4896 * Enter the zone and write a /etc/zones/index file there. This allows
4897 * libzonecfg (and thus zoneadm) to report the UUID and potentially other zone
4898 * details from inside the zone.
4899 */
4900 static void
4901 write_index_file(zoneid_t zoneid)
4902 {
4903 FILE *zef;
4904 FILE *zet;
4905 struct zoneent *zep;
4906 pid_t child;
4907 int tmpl_fd;
4908 ctid_t ct;
4909 int fd;
4910 char uuidstr[UUID_PRINTABLE_STRING_LENGTH];
4911
4912 /* Locate the zone entry in the global zone's index file */
4913 if ((zef = setzoneent()) == NULL)
4914 return;
4915 while ((zep = getzoneent_private(zef)) != NULL) {
4916 if (strcmp(zep->zone_name, zone_name) == 0)
4917 break;
4918 free(zep);
4919 }
4920 endzoneent(zef);
4921 if (zep == NULL)
4922 return;
4923
4924 if ((tmpl_fd = init_template()) == -1) {
4925 free(zep);
4926 return;
4927 }
4928
4929 if ((child = fork()) == -1) {
4930 (void) ct_tmpl_clear(tmpl_fd);
4931 (void) close(tmpl_fd);
4932 free(zep);
4933 return;
4934 }
4935
4936 /* parent waits for child to finish */
4937 if (child != 0) {
4938 free(zep);
4939 if (contract_latest(&ct) == -1)
4940 ct = -1;
4941 (void) ct_tmpl_clear(tmpl_fd);
4942 (void) close(tmpl_fd);
4943 (void) waitpid(child, NULL, 0);
4944 (void) contract_abandon_id(ct);
4945 return;
4946 }
4947
4948 /* child enters zone and sets up index file */
4949 (void) ct_tmpl_clear(tmpl_fd);
4950 if (zone_enter(zoneid) != -1) {
4951 (void) mkdir(ZONE_CONFIG_ROOT, ZONE_CONFIG_MODE);
4952 (void) chown(ZONE_CONFIG_ROOT, ZONE_CONFIG_UID,
4953 ZONE_CONFIG_GID);
4954 fd = open(ZONE_INDEX_FILE, O_WRONLY|O_CREAT|O_TRUNC,
4955 ZONE_INDEX_MODE);
4956 if (fd != -1 && (zet = fdopen(fd, "w")) != NULL) {
4957 (void) fchown(fd, ZONE_INDEX_UID, ZONE_INDEX_GID);
4958 if (uuid_is_null(zep->zone_uuid))
4959 uuidstr[0] = '\0';
4960 else
4961 uuid_unparse(zep->zone_uuid, uuidstr);
4962 (void) fprintf(zet, "%s:%s:/:%s\n", zep->zone_name,
4963 zone_state_str(zep->zone_state),
4964 uuidstr);
4965 (void) fclose(zet);
4966 }
4967 }
4968 _exit(0);
4969 }
4970
4971 int
4972 vplat_bringup(zlog_t *zlogp, zone_mnt_t mount_cmd, zoneid_t zoneid)
4973 {
4974 char zonepath[MAXPATHLEN];
4975
4976 if (mount_cmd == Z_MNT_BOOT && validate_datasets(zlogp) != 0) {
4977 lofs_discard_mnttab();
4978 return (-1);
4979 }
4980
4981 /*
4982 * Before we try to mount filesystems we need to create the
4983 * attribute backing store for /dev
4984 */
4985 if (zone_get_zonepath(zone_name, zonepath, sizeof (zonepath)) != Z_OK) {
4986 lofs_discard_mnttab();
4987 return (-1);
4988 }
4989 resolve_lofs(zlogp, zonepath, sizeof (zonepath));
4990
4991 /* Make /dev directory owned by root, grouped sys */
4992 if (make_one_dir(zlogp, zonepath, "/dev", DEFAULT_DIR_MODE,
4993 0, 3) != 0) {
4994 lofs_discard_mnttab();
4995 return (-1);
4996 }
4997
4998 if (mount_filesystems(zlogp, mount_cmd) != 0) {
4999 lofs_discard_mnttab();
5000 return (-1);
5001 }
5002
5003 if (mount_cmd == Z_MNT_BOOT) {
5004 zone_iptype_t iptype;
5005
5006 if (vplat_get_iptype(zlogp, &iptype) < 0) {
5007 zerror(zlogp, B_TRUE, "unable to determine ip-type");
5008 lofs_discard_mnttab();
5009 return (-1);
5010 }
5011
5012 switch (iptype) {
5013 case ZS_SHARED:
5014 /* Always do this to make lo0 get configured */
5015 if (configure_shared_network_interfaces(zlogp) != 0) {
5016 lofs_discard_mnttab();
5017 return (-1);
5018 }
5019 break;
5020 case ZS_EXCLUSIVE:
5021 if (configure_exclusive_network_interfaces(zlogp,
5022 zoneid) !=
5023 0) {
5024 lofs_discard_mnttab();
5025 return (-1);
5026 }
5027 break;
5028 }
5029 }
5030
5031 write_index_file(zoneid);
5032
5033 lofs_discard_mnttab();
5034 return (0);
5035 }
5036
5037 static int
5038 lu_root_teardown(zlog_t *zlogp)
5039 {
5040 char zroot[MAXPATHLEN];
5041
5042 if (zone_get_rootpath(zone_name, zroot, sizeof (zroot)) != Z_OK) {
5043 zerror(zlogp, B_FALSE, "unable to determine zone root");
5044 return (-1);
5045 }
5046 root_to_lu(zlogp, zroot, sizeof (zroot), B_FALSE);
5047
5048 /*
5049 * At this point, the processes are gone, the filesystems (save the
5050 * root) are unmounted, and the zone is on death row. But there may
5051 * still be creds floating about in the system that reference the
5052 * zone_t, and which pin down zone_rootvp causing this call to fail
5053 * with EBUSY. Thus, we try for a little while before just giving up.
5054 * (How I wish this were not true, and umount2 just did the right
5055 * thing, or tmpfs supported MS_FORCE This is a gross hack.)
5056 */
5057 if (umount2(zroot, MS_FORCE) != 0) {
5058 if (errno == ENOTSUP && umount2(zroot, 0) == 0)
5059 goto unmounted;
5060 if (errno == EBUSY) {
5061 int tries = 10;
5062
5063 while (--tries >= 0) {
5064 (void) sleep(1);
5065 if (umount2(zroot, 0) == 0)
5066 goto unmounted;
5067 if (errno != EBUSY)
5068 break;
5069 }
5070 }
5071 zerror(zlogp, B_TRUE, "unable to unmount '%s'", zroot);
5072 return (-1);
5073 }
5074 unmounted:
5075
5076 /*
5077 * Only zones in an alternate root environment have scratch zone
5078 * entries.
5079 */
5080 if (zonecfg_in_alt_root()) {
5081 FILE *fp;
5082 int retv;
5083
5084 if ((fp = zonecfg_open_scratch("", B_FALSE)) == NULL) {
5085 zerror(zlogp, B_TRUE, "cannot open mapfile");
5086 return (-1);
5087 }
5088 retv = -1;
5089 if (zonecfg_lock_scratch(fp) != 0)
5090 zerror(zlogp, B_TRUE, "cannot lock mapfile");
5091 else if (zonecfg_delete_scratch(fp, kernzone) != 0)
5092 zerror(zlogp, B_TRUE, "cannot delete map entry");
5093 else
5094 retv = 0;
5095 zonecfg_close_scratch(fp);
5096 return (retv);
5097 } else {
5098 return (0);
5099 }
5100 }
5101
5102 int
5103 vplat_teardown(zlog_t *zlogp, boolean_t unmount_cmd, boolean_t rebooting)
5104 {
5105 char *kzone;
5106 zoneid_t zoneid;
5107 int res;
5108 char pool_err[128];
5109 char zpath[MAXPATHLEN];
5110 char cmdbuf[MAXPATHLEN];
5111 brand_handle_t bh = NULL;
5112 dladm_status_t status;
5113 char errmsg[DLADM_STRSIZE];
5114 ushort_t flags;
5115
5116 kzone = zone_name;
5117 if (zonecfg_in_alt_root()) {
5118 FILE *fp;
5119
5120 if ((fp = zonecfg_open_scratch("", B_FALSE)) == NULL) {
5121 zerror(zlogp, B_TRUE, "unable to open map file");
5122 goto error;
5123 }
5124 if (zonecfg_find_scratch(fp, zone_name, zonecfg_get_root(),
5125 kernzone, sizeof (kernzone)) != 0) {
5126 zerror(zlogp, B_FALSE, "unable to find scratch zone");
5127 zonecfg_close_scratch(fp);
5128 goto error;
5129 }
5130 zonecfg_close_scratch(fp);
5131 kzone = kernzone;
5132 }
5133
5134 if ((zoneid = getzoneidbyname(kzone)) == ZONE_ID_UNDEFINED) {
5135 if (!bringup_failure_recovery)
5136 zerror(zlogp, B_TRUE, "unable to get zoneid");
5137 if (unmount_cmd)
5138 (void) lu_root_teardown(zlogp);
5139 goto error;
5140 }
5141
5142 if (remove_datalink_pool(zlogp, zoneid) != 0) {
5143 zerror(zlogp, B_FALSE, "unable clear datalink pool property");
5144 goto error;
5145 }
5146
5147 if (remove_datalink_protect(zlogp, zoneid) != 0) {
5148 zerror(zlogp, B_FALSE,
5149 "unable clear datalink protect property");
5150 goto error;
5151 }
5152
5153 /*
5154 * The datalinks assigned to the zone will be removed from the NGZ as
5155 * part of zone_shutdown() so that we need to remove protect/pool etc.
5156 * before zone_shutdown(). Even if the shutdown itself fails, the zone
5157 * will not be able to violate any constraints applied because the
5158 * datalinks are no longer available to the zone.
5159 */
5160 if (zone_shutdown(zoneid) != 0) {
5161 zerror(zlogp, B_TRUE, "unable to shutdown zone");
5162 goto error;
5163 }
5164
5165 /* Get the zonepath of this zone */
5166 if (zone_get_zonepath(zone_name, zpath, sizeof (zpath)) != Z_OK) {
5167 zerror(zlogp, B_FALSE, "unable to determine zone path");
5168 goto error;
5169 }
5170
5171 /* Get a handle to the brand info for this zone */
5172 if ((bh = brand_open(brand_name)) == NULL) {
5173 zerror(zlogp, B_FALSE, "unable to determine zone brand");
5174 return (-1);
5175 }
5176 /*
5177 * If there is a brand 'halt' callback, execute it now to give the
5178 * brand a chance to cleanup any custom configuration.
5179 */
5180 (void) strcpy(cmdbuf, EXEC_PREFIX);
5181 if (brand_get_halt(bh, zone_name, zpath, cmdbuf + EXEC_LEN,
5182 sizeof (cmdbuf) - EXEC_LEN) < 0) {
5183 brand_close(bh);
5184 zerror(zlogp, B_FALSE, "unable to determine branded zone's "
5185 "halt callback.");
5186 goto error;
5187 }
5188 brand_close(bh);
5189
5190 if ((strlen(cmdbuf) > EXEC_LEN) &&
5191 (do_subproc(zlogp, cmdbuf, NULL) != Z_OK)) {
5192 zerror(zlogp, B_FALSE, "%s failed", cmdbuf);
5193 goto error;
5194 }
5195
5196 if (!unmount_cmd) {
5197 zone_iptype_t iptype;
5198
5199 if (zone_getattr(zoneid, ZONE_ATTR_FLAGS, &flags,
5200 sizeof (flags)) < 0) {
5201 if (vplat_get_iptype(zlogp, &iptype) < 0) {
5202 zerror(zlogp, B_TRUE, "unable to determine "
5203 "ip-type");
5204 goto error;
5205 }
5206 } else {
5207 if (flags & ZF_NET_EXCL)
5208 iptype = ZS_EXCLUSIVE;
5209 else
5210 iptype = ZS_SHARED;
5211 }
5212
5213 switch (iptype) {
5214 case ZS_SHARED:
5215 if (unconfigure_shared_network_interfaces(zlogp,
5216 zoneid) != 0) {
5217 zerror(zlogp, B_FALSE, "unable to unconfigure "
5218 "network interfaces in zone");
5219 goto error;
5220 }
5221 break;
5222 case ZS_EXCLUSIVE:
5223 if (unconfigure_exclusive_network_interfaces(zlogp,
5224 zoneid) != 0) {
5225 zerror(zlogp, B_FALSE, "unable to unconfigure "
5226 "network interfaces in zone");
5227 goto error;
5228 }
5229 status = dladm_zone_halt(dld_handle, zoneid);
5230 if (status != DLADM_STATUS_OK) {
5231 zerror(zlogp, B_FALSE, "unable to notify "
5232 "dlmgmtd of zone halt: %s",
5233 dladm_status2str(status, errmsg));
5234 }
5235 break;
5236 }
5237 }
5238
5239 if (!unmount_cmd && tcp_abort_connections(zlogp, zoneid) != 0) {
5240 zerror(zlogp, B_TRUE, "unable to abort TCP connections");
5241 goto error;
5242 }
5243
5244 if (unmount_filesystems(zlogp, zoneid, unmount_cmd) != 0) {
5245 zerror(zlogp, B_FALSE,
5246 "unable to unmount file systems in zone");
5247 goto error;
5248 }
5249
5250 /*
5251 * If we are rebooting then we normally don't want to destroy an
5252 * existing temporary pool at this point so that we can just reuse it
5253 * when the zone boots back up. However, it is also possible we were
5254 * running with a temporary pool and the zone configuration has been
5255 * modified to no longer use a temporary pool. In that case we need
5256 * to destroy the temporary pool now. This case looks like the case
5257 * where we never had a temporary pool configured but
5258 * zonecfg_destroy_tmp_pool will do the right thing either way.
5259 */
5260 if (!unmount_cmd) {
5261 boolean_t destroy_tmp_pool = B_TRUE;
5262
5263 if (rebooting) {
5264 struct zone_psettab pset_tab;
5265 zone_dochandle_t handle;
5266
5267 if ((handle = zonecfg_init_handle()) != NULL &&
5268 zonecfg_get_handle(zone_name, handle) == Z_OK &&
5269 zonecfg_lookup_pset(handle, &pset_tab) == Z_OK)
5270 destroy_tmp_pool = B_FALSE;
5271
5272 zonecfg_fini_handle(handle);
5273 }
5274
5275 if (destroy_tmp_pool) {
5276 if ((res = zonecfg_destroy_tmp_pool(zone_name, pool_err,
5277 sizeof (pool_err))) != Z_OK) {
5278 if (res == Z_POOL)
5279 zerror(zlogp, B_FALSE, pool_err);
5280 }
5281 }
5282 }
5283
5284 remove_mlps(zlogp, zoneid);
5285
5286 if (zone_destroy(zoneid) != 0) {
5287 zerror(zlogp, B_TRUE, "unable to destroy zone");
5288 goto error;
5289 }
5290
5291 /*
5292 * Special teardown for alternate boot environments: remove the tmpfs
5293 * root for the zone and then remove it from the map file.
5294 */
5295 if (unmount_cmd && lu_root_teardown(zlogp) != 0)
5296 goto error;
5297
5298 lofs_discard_mnttab();
5299 return (0);
5300
5301 error:
5302 lofs_discard_mnttab();
5303 return (-1);
5304 }
Unleashed OS