| author | Glenn Faden <Glenn.Faden@Sun.COM> |
| Mon, 07 Jun 2010 23:02:40 -0700 | |
| changeset 12582 | 4a05f6f7bc8c |
| parent 12578 | f9062c43c8bc |
| child 12737 | c21147007929 |
| permissions | -rw-r--r-- |
| 2712 | 1 |
<?xml version="1.0"?> |
2 |
||
3 |
<!-- |
|
4 |
CDDL HEADER START |
|
5 |
||
6 |
The contents of this file are subject to the terms of the |
|
7 |
Common Development and Distribution License (the "License"). |
|
8 |
You may not use this file except in compliance with the License. |
|
9 |
||
10 |
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
11 |
or http://www.opensolaris.org/os/licensing. |
|
12 |
See the License for the specific language governing permissions |
|
13 |
and limitations under the License. |
|
14 |
||
15 |
When distributing Covered Code, include this CDDL HEADER in each |
|
16 |
file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
17 |
If applicable, add the following below this CDDL HEADER, with the |
|
18 |
fields enclosed by brackets "[]" replaced with your own identifying |
|
19 |
information: Portions Copyright [yyyy] [name of copyright owner] |
|
20 |
||
21 |
CDDL HEADER END |
|
22 |
||
|
12582
4a05f6f7bc8c
4963290 RFE: implement flexible zone administration that doesn't require uid=0 (fix copyright)
Glenn Faden <Glenn.Faden@Sun.COM>
parents:
12578
diff
changeset
|
23 |
Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. |
| 2712 | 24 |
|
25 |
DO NOT EDIT THIS FILE. |
|
26 |
--> |
|
27 |
||
28 |
<!DOCTYPE brand PUBLIC "-//Sun Microsystems Inc//DTD Brands//EN" |
|
29 |
"file:///usr/share/lib/xml/dtd/brand.dtd.1"> |
|
30 |
||
|
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
31 |
<brand name="ipkg"> |
| 2712 | 32 |
<modname></modname> |
33 |
||
34 |
<initname>/sbin/init</initname> |
|
|
12578
f9062c43c8bc
4963290 RFE: implement flexible zone administration that doesn't require uid=0
Glenn Faden <Glenn.Faden@Sun.COM>
parents:
11838
diff
changeset
|
35 |
<login_cmd>/usr/bin/login -z %Z %u</login_cmd> |
|
f9062c43c8bc
4963290 RFE: implement flexible zone administration that doesn't require uid=0
Glenn Faden <Glenn.Faden@Sun.COM>
parents:
11838
diff
changeset
|
36 |
<forcedlogin_cmd>/usr/bin/login -z %Z -f %u</forcedlogin_cmd> |
|
4344
4cd49af6f951
6558487 zlogin should not call getpwnam() after zone_enter() during non-interactive zlogin -l
sl108498
parents:
3673
diff
changeset
|
37 |
<user_cmd>/usr/bin/getent passwd %u</user_cmd> |
| 2712 | 38 |
|
|
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
39 |
<!-- We may not be able to do the create in pkg(1) proper. --> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
40 |
<install>/usr/lib/brand/ipkg/pkgcreatezone -z %z -R %R</install> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
41 |
<installopts>a:c:d:e:hk:P:p:suv</installopts> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
42 |
<boot></boot> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
43 |
<sysboot>/usr/lib/brand/ipkg/prestate %z %R 2 0</sysboot> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
44 |
<halt></halt> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
45 |
<verify_cfg>/usr/lib/brand/ipkg/support verify</verify_cfg> |
| 2712 | 46 |
<verify_adm></verify_adm> |
|
11838
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
47 |
<postclone></postclone> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
48 |
<postinstall></postinstall> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
49 |
<attach>/usr/lib/brand/ipkg/attach %z %R</attach> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
50 |
<detach>/usr/lib/brand/ipkg/detach -z %z -R %R</detach> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
51 |
<clone>/usr/lib/brand/ipkg/clone -z %z -R %R</clone> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
52 |
<uninstall>/usr/lib/brand/ipkg/uninstall %z %R</uninstall> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
53 |
<prestatechange>/usr/lib/brand/ipkg/prestate %z %R</prestatechange> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
54 |
<poststatechange>/usr/lib/brand/ipkg/poststate %z %R</poststatechange> |
|
32bb5d254240
PSARC 2010/067 Interim modernization updates
Liane Praza <Liane.Praza@Sun.COM>
parents:
10616
diff
changeset
|
55 |
<query>/usr/lib/brand/shared/query %z %R</query> |
| 2712 | 56 |
|
57 |
<privilege set="default" name="contract_event" /> |
|
| 6073 | 58 |
<privilege set="default" name="contract_identity" /> |
| 2712 | 59 |
<privilege set="default" name="contract_observer" /> |
60 |
<privilege set="default" name="file_chown" /> |
|
61 |
<privilege set="default" name="file_chown_self" /> |
|
62 |
<privilege set="default" name="file_dac_execute" /> |
|
63 |
<privilege set="default" name="file_dac_read" /> |
|
64 |
<privilege set="default" name="file_dac_search" /> |
|
65 |
<privilege set="default" name="file_dac_write" /> |
|
66 |
<privilege set="default" name="file_owner" /> |
|
67 |
<privilege set="default" name="file_setid" /> |
|
68 |
<privilege set="default" name="ipc_dac_read" /> |
|
69 |
<privilege set="default" name="ipc_dac_write" /> |
|
70 |
<privilege set="default" name="ipc_owner" /> |
|
71 |
<privilege set="default" name="net_bindmlp" /> |
|
72 |
<privilege set="default" name="net_icmpaccess" /> |
|
73 |
<privilege set="default" name="net_mac_aware" /> |
|
|
8023
faf256d5c16c
PSARC/2006/475 Clearview: IP Observability Devices
Philip Kirk <Phil.Kirk@Sun.COM>
parents:
7089
diff
changeset
|
74 |
<privilege set="default" name="net_observability" /> |
| 2712 | 75 |
<privilege set="default" name="net_privaddr" /> |
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
76 |
<privilege set="default" name="net_rawaccess" ip-type="exclusive" /> |
| 2712 | 77 |
<privilege set="default" name="proc_chroot" /> |
78 |
<privilege set="default" name="sys_audit" /> |
|
79 |
<privilege set="default" name="proc_audit" /> |
|
|
2768
3c77434a8dbb
PSARC/2004/580 zone/project.max-locked-memory Resource Controls
sl108498
parents:
2712
diff
changeset
|
80 |
<privilege set="default" name="proc_lock_memory" /> |
| 2712 | 81 |
<privilege set="default" name="proc_owner" /> |
82 |
<privilege set="default" name="proc_setid" /> |
|
83 |
<privilege set="default" name="proc_taskid" /> |
|
84 |
<privilege set="default" name="sys_acct" /> |
|
85 |
<privilege set="default" name="sys_admin" /> |
|
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
86 |
<privilege set="default" name="sys_ip_config" ip-type="exclusive" /> |
|
10616
3be00c4a6835
PSARC 2009/373 Clearview IP Tunneling
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
9751
diff
changeset
|
87 |
<privilege set="default" name="sys_iptun_config" ip-type="exclusive" /> |
| 2712 | 88 |
<privilege set="default" name="sys_mount" /> |
89 |
<privilege set="default" name="sys_nfs" /> |
|
90 |
<privilege set="default" name="sys_resource" /> |
|
|
9751
8e29565352fc
PSARC 2009/317 Solaris PPP/PPPoE Updates
James Carlson <james.d.carlson@sun.com>
parents:
8759
diff
changeset
|
91 |
<privilege set="default" name="sys_ppp_config" ip-type="exclusive" /> |
| 2712 | 92 |
|
93 |
<privilege set="prohibited" name="dtrace_kernel" /> |
|
94 |
<privilege set="prohibited" name="proc_zone" /> |
|
95 |
<privilege set="prohibited" name="sys_config" /> |
|
96 |
<privilege set="prohibited" name="sys_devices" /> |
|
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
97 |
<privilege set="prohibited" name="sys_ip_config" ip-type="shared" /> |
| 2712 | 98 |
<privilege set="prohibited" name="sys_linkdir" /> |
99 |
<privilege set="prohibited" name="sys_net_config" /> |
|
100 |
<privilege set="prohibited" name="sys_res_config" /> |
|
101 |
<privilege set="prohibited" name="sys_suser_compat" /> |
|
| 6784 | 102 |
<privilege set="prohibited" name="xvm_control" /> |
103 |
<privilege set="prohibited" name="virt_manage" /> |
|
|
9751
8e29565352fc
PSARC 2009/317 Solaris PPP/PPPoE Updates
James Carlson <james.d.carlson@sun.com>
parents:
8759
diff
changeset
|
104 |
<privilege set="prohibited" name="sys_ppp_config" ip-type="shared" /> |
| 2712 | 105 |
|
106 |
<privilege set="required" name="proc_exec" /> |
|
107 |
<privilege set="required" name="proc_fork" /> |
|
|
3673
5bba3401c7f4
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine
dh155122
parents:
2768
diff
changeset
|
108 |
<privilege set="required" name="sys_ip_config" ip-type="exclusive" /> |
| 2712 | 109 |
<privilege set="required" name="sys_mount" /> |
110 |
</brand> |