s10_boot.ksh revision 11358:b4d868bae9bd
1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26# s10 boot script. 27# 28# The arguments to this script are the zone name and the zonepath. 29# 30 31. /usr/lib/brand/solaris10/common.ksh 32 33ZONENAME=$1 34ZONEPATH=$2 35ZONEROOT=$ZONEPATH/root 36 37arch=`uname -p` 38if [ "$arch" = "i386" ]; then 39 ARCH32=i86 40 ARCH64=amd64 41elif [ "$arch" = "sparc" ]; then 42 # 32-bit SPARC not supported! 43 ARCH32= 44 ARCH64=sparcv9 45else 46 echo "Unsupported architecture: $arch" 47 exit 2 48fi 49 50# 51# Run the s10_support boot hook. 52# 53/usr/lib/brand/solaris10/s10_support boot $ZONENAME 54if (( $? != 0 )) ; then 55 exit 1 56fi 57 58BRANDDIR=/.SUNWnative/usr/lib/brand/solaris10; 59FILEDIR=$BRANDDIR/files; 60EXIT_CODE=1 61 62# 63# Replace the specified file in the booting zone with a wrapper script that 64# invokes s10_isaexec_wrapper. This is a convenience function that reduces 65# clutter and code duplication. 66# 67# Parameters: 68# $1 The full path of the file to replace (e.g., /sbin/ifconfig) 69# $2 The access mode of the replacement file in hex (e.g., 0555) 70# $3 The name of the replacement file's owner (e.g., root:bin) 71# 72# NOTE: The checks performed in the 'if' statement below are not generic: they 73# depend on the success of the zone filesystem structure validation performed 74# above to ensure that intermediate directories exist and aren't symlinks. 75# 76replace_with_native() { 77 path_dname=$ZONEROOT/`dirname $1` 78 if [ ! -h $path_dname -a -d $path_dname ]; then 79 safe_replace $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 \ 80 remove 81 fi 82} 83 84wrap_with_native() { 85 safe_wrap $ZONEROOT/$1 $BRANDDIR/s10_isaexec_wrapper $2 $3 86} 87 88# 89# Before we boot we validate and fix, if necessary, the required files within 90# the zone. These modifications can be lost if a patch is applied within the 91# zone, so we validate and fix the zone every time it boots. 92# 93 94# 95# BINARY REPLACEMENT 96# 97# This section of the boot script is responsible for replacing Solaris 10 98# binaries within the booting zone with Nevada binaries. This is a two-step 99# process: First, the directory structure of the zone is validated to ensure 100# that binary replacement will proceed safely. Second, Solaris 10 binaries 101# are replaced with Nevada binaries. 102# 103# Here's an example. Suppose that you want to replace /usr/bin/zcat with the 104# Nevada /usr/bin/zcat binary. Then you should do the following: 105# 106# 1. Go to the section below labeled "STEP ONE" and add the following 107# two lines: 108# 109# safe_dir /usr 110# safe_dir /usr/bin 111# 112# These lines ensure that both /usr and /usr/bin are directories 113# within the booting zone that can be safely accessed by the global 114# zone. 115# 2. Go to the section below labeled "STEP TWO" and add the following 116# line: 117# 118# replace_with_native /usr/bin/zcat 0555 root:bin 119# 120# Details about the binary replacement procedure can be found in the Solaris 10 121# Containers Developer Guide. 122# 123 124# 125# STEP ONE 126# 127# Validate that the zone filesystem looks like we expect it to. 128# 129safe_dir /usr 130safe_dir /usr/lib 131safe_dir /usr/bin 132safe_dir /usr/sbin 133safe_dir /sbin 134 135# 136# STEP TWO 137# 138# Replace Solaris 10 binaries with Nevada binaries. 139# 140 141# 142# Replace various network-related programs with native wrappers. 143# 144replace_with_native /sbin/ifconfig 0555 root:bin 145 146# 147# Replace automount and automountd with native wrappers. 148# 149if [ ! -h $ZONEROOT/usr/lib/fs/autofs -a -d $ZONEROOT/usr/lib/fs/autofs ]; then 150 safe_replace $ZONEROOT/usr/lib/fs/autofs/automount \ 151 $BRANDDIR/s10_automount 0555 root:bin remove 152fi 153if [ ! -h $ZONEROOT/usr/lib/autofs -a -d $ZONEROOT/usr/lib/autofs ]; then 154 safe_replace $ZONEROOT/usr/lib/autofs/automountd \ 155 $BRANDDIR/s10_automountd 0555 root:bin remove 156fi 157 158# 159# The class-specific dispadmin(1M) and priocntl(1) binaries must be native 160# wrappers, and we must have all of the ones the native zone does. This 161# allows new scheduling classes to appear without causing dispadmin and 162# priocntl to be unhappy. 163# 164rm -rf $ZONEROOT/usr/lib/class 165mkdir $ZONEROOT/usr/lib/class || exit 1 166 167find /usr/lib/class -type d -o -type f | while read x; do 168 [ -d $x ] && mkdir -p -m 755 $ZONEROOT$x 169 [ -f $x ] && wrap_with_native $x 0555 root:bin 170done 171 172# 173# END OF STEP TWO 174# 175 176# 177# Replace add_drv and rem_drv with /usr/bin/true so that pkgs/patches which 178# install or remove drivers will work. NOTE: add_drv and rem_drv are hard 179# linked to isaexec so we want to remove the current executable and 180# then copy true so that we don't clobber isaexec. 181# 182filename=$ZONEROOT/usr/sbin/add_drv 183[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 184rm -f $filename 185safe_copy $ZONEROOT/usr/bin/true $filename 186 187filename=$ZONEROOT/usr/sbin/rem_drv 188[ ! -f $filename.pre_p2v ] && safe_backup $filename $filename.pre_p2v 189rm -f $filename 190safe_copy $ZONEROOT/usr/bin/true $filename 191 192exit 0 193