diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2014-06-20 22:32:21 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2014-06-20 22:32:21 +0000 |
| commit | 831213612a0b0745ba877851b61fea0a4c9ba42d (patch) | |
| tree | ed193f859f4c6e29a5d1993376b40c8726dde1bd | |
| parent | f5ce2481f499cfe40f0d77c736ac4f7889c545b7 (diff) | |
| download | illumos-joyent-831213612a0b0745ba877851b61fea0a4c9ba42d.tar.gz | |
OS-3026 lx brand need routing setup for exclusive stack
| -rw-r--r-- | manifest | 1 | ||||
| -rw-r--r-- | usr/src/lib/brand/lx/cmd/Makefile | 3 | ||||
| -rw-r--r-- | usr/src/lib/brand/lx/cmd/lx_ipmgmtd.sh | 33 | ||||
| -rw-r--r-- | usr/src/lib/brand/lx/zone/lx_boot.ksh | 105 | ||||
| -rw-r--r-- | usr/src/lib/brand/lx/zone/lx_boot_zone_ubuntu.ksh | 6 | ||||
| -rw-r--r-- | usr/src/lib/brand/lx/zone/platform.xml | 4 |
6 files changed, 64 insertions, 88 deletions
@@ -5042,7 +5042,6 @@ f usr/lib/brand/lx/etc_default_nfs 0444 root root f usr/lib/brand/lx/etc_netconfig 0444 root root f usr/lib/brand/lx/lx_boot 0755 root root f usr/lib/brand/lx/lx_boot_zone_ubuntu 0755 root root -f usr/lib/brand/lx/lx_ipmgmtd 0755 root root f usr/lib/brand/lx/lx_isaexec_wrapper 0755 root root f usr/lib/brand/lx/lx_librtld_db.so.1 0755 root root f usr/lib/brand/lx/lx_lockd 0755 root root diff --git a/usr/src/lib/brand/lx/cmd/Makefile b/usr/src/lib/brand/lx/cmd/Makefile index eb21f85ec6..5a0a81f988 100644 --- a/usr/src/lib/brand/lx/cmd/Makefile +++ b/usr/src/lib/brand/lx/cmd/Makefile @@ -25,8 +25,7 @@ # Copyright 2014 Joyent, Inc. All rights reserved. # -PROGS = lx_lockd lx_native lx_isaexec_wrapper lx_statd lx_thunk \ - lx_ipmgmtd +PROGS = lx_lockd lx_native lx_isaexec_wrapper lx_statd lx_thunk include ../Makefile.lx diff --git a/usr/src/lib/brand/lx/cmd/lx_ipmgmtd.sh b/usr/src/lib/brand/lx/cmd/lx_ipmgmtd.sh deleted file mode 100644 index 709191fb80..0000000000 --- a/usr/src/lib/brand/lx/cmd/lx_ipmgmtd.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# - -# -# Copyright 2014 Joyent, Inc. All rights reserved. -# - -LD_LIBRARY_PATH=/usr/lib/brand/lx -LD_PRELOAD=/native/usr/lib/brand/lx/lx_thunk.so.1 -LD_BIND_NOW=1 -export LD_LIBRARY_PATH LD_PRELOAD LD_BIND_NOW -export SMF_FMRI="svc:/network/ip-interface-management:default" - -exec /native/usr/lib/brand/lx/lx_native /native/lib/inet/ipmgmtd diff --git a/usr/src/lib/brand/lx/zone/lx_boot.ksh b/usr/src/lib/brand/lx/zone/lx_boot.ksh index 3c46e056dd..38fe25b130 100644 --- a/usr/src/lib/brand/lx/zone/lx_boot.ksh +++ b/usr/src/lib/brand/lx/zone/lx_boot.ksh @@ -56,51 +56,56 @@ fi BRANDDIR=/native/usr/lib/brand/lx; EXIT_CODE=1 -# -# Replace the specified file in the booting zone with a wrapper script that -# invokes lx_isaexec_wrapper. This is a convenience function that reduces -# clutter and code duplication. -# -# Parameters: -# $1 The full path of the file to replace (e.g., /sbin/ifconfig) -# $2 The access mode of the replacement file in hex (e.g., 0555) -# $3 The name of the replacement file's owner (e.g., root:bin) -# -# NOTE: The checks performed in the 'if' statement below are not generic: they -# depend on the success of the zone filesystem structure validation performed -# above to ensure that intermediate directories exist and aren't symlinks. -# -replace_with_native() { - path_dname=$ZONEROOT/`dirname $1` - - [ ! -f $1 ] && printf "$w_missing" "$1" - if [ ! -h $path_dname -a -d $path_dname ]; then - safe_replace $ZONEROOT/$1 $BRANDDIR/lx_isaexec_wrapper $2 $3 \ - remove +# $1 is lx cmd, $2 is native cmd, +# the lx cmd path must have already be verified with safe_dir +setup_native_isaexeccmd() { + cmd_name=$ZONEROOT/$1 + + if [ -h $cmd_name -o \( -e $cmd_name -a ! -f $cmd_name \) ]; then + logger -p daemon.err "dangerous zone cmd: $ZONENAME, $1" + return fi + + cat <<-DONE >$ZONEROOT/$1 + #!/bin/sh + + exec /native/usr/lib/brand/lx/lx_native \ + /native/lib/ld.so.1 \ + -e LD_NOENVIRON=1 \ + -e LD_NOCONFIG=1 \ + -e LD_PRELOAD_32=/native/usr/lib/brand/lx/lx_thunk.so.1 \ + -e LD_LIBRARY_PATH_32="/native/lib:/native/usr/lib" \ + $2 "\$@" + + exec /native/usr/lib/brand/lx/lx_native $2 "\$@" + DONE + + chmod 755 $ZONEROOT/$1 } -# -# Create a new wrapper script that invokes lx_isaexec_wrapper in the -# brand (for a non-existing Linux file) pointing to the native brand file. -# -# Parameters: -# $1 The full path of the wrapper file to create -# $2 The access mode of the replacement file in hex (e.g., 0555) -# $3 The name of the replacement file's owner (e.g., root:bin) -# -wrap_with_native() { - path_dname=$ZONEROOT/`dirname $1` - cmd_name=`basename $1` - if [ ! -h $path_dname -a -d $path_dname -a ! -f $ZONEROOT/$1 ]; then - if [ -x /usr/lib/brand/lx/lx_$cmd_name ]; then - safe_wrap $ZONEROOT/$1 $BRANDDIR/lx_$cmd_name \ - $2 $3 - else - safe_wrap $ZONEROOT/$1 $BRANDDIR/lx_isaexec_wrapper \ - $2 $3 - fi +# $1 is lx cmd, $2 is native cmd, $3 is an optional inclusion in the script +# the lx cmd path must have already be verified with safe_dir +setup_native_cmd() { + cmd_name=$ZONEROOT/$1 + + if [ -h $cmd_name -o \( -e $cmd_name -a ! -f $cmd_name \) ]; then + logger -p daemon.err "dangerous zone cmd: $ZONENAME, $1" + return fi + + cat <<-DONE >$ZONEROOT/$1 + #!/bin/sh + + LD_LIBRARY_PATH_32="/native/lib:/native/usr/lib" + LD_PRELOAD=/native/usr/lib/brand/lx/lx_thunk.so.1 + LD_BIND_NOW=1 + export LD_LIBRARY_PATH LD_PRELOAD LD_BIND_NOW + $3 + + exec /native/usr/lib/brand/lx/lx_native $2 "\$@" + DONE + + chmod 755 $ZONEROOT/$1 } # @@ -151,7 +156,7 @@ fi # 2. Go to the section below labeled "STEP TWO" and add the following # line: # -# replace_with_native /usr/bin/zcat 0555 root:bin +# setup_native_cmd /usr/bin/zcat /native/usr/bin/zcat # # @@ -159,6 +164,7 @@ fi # # Validate that the zone filesystem looks like we expect it to. # +safe_dir /bin safe_dir /sbin safe_dir /etc safe_dir /etc/init @@ -169,7 +175,12 @@ safe_dir /etc/update-motd.d # # Replace Linux binaries with native binaries. # -replace_with_native /sbin/ifconfig 0555 root:bin +setup_native_isaexeccmd /sbin/ifconfig /native/sbin/ifconfig +setup_native_isaexeccmd /sbin/dladm /native/usr/sbin/dladm +setup_native_isaexeccmd /sbin/route /native/usr/sbin/route +setup_native_cmd /sbin/ipmgmtd /native/lib/inet/ipmgmtd \ + "export SMF_FMRI=\"svc:/network/ip-interface-management:default\"" +setup_native_cmd /bin/netstat /native/usr/bin/netstat # # STEP THREE @@ -178,12 +189,4 @@ replace_with_native /sbin/ifconfig 0555 root:bin # . $(dirname $0)/lx_boot_zone_${distro} -# -# STEP FOUR -# -# Create native wrappers for illumos-only commands -# -wrap_with_native /sbin/dladm 0555 root:bin -wrap_with_native /sbin/ipmgmtd 0555 root:bin - exit 0 diff --git a/usr/src/lib/brand/lx/zone/lx_boot_zone_ubuntu.ksh b/usr/src/lib/brand/lx/zone/lx_boot_zone_ubuntu.ksh index bcb9014456..058018415b 100644 --- a/usr/src/lib/brand/lx/zone/lx_boot_zone_ubuntu.ksh +++ b/usr/src/lib/brand/lx/zone/lx_boot_zone_ubuntu.ksh @@ -22,7 +22,9 @@ # Generate the networking.conf upstart script setup_net() { - zonecfg -z $ZONENAME info net | awk ' + [ -f /etc/defaultrouter ] && defroute=`cat /etc/defaultrouter` + + zonecfg -z $ZONENAME info net | awk -v defroute=$defroute ' BEGIN { printf("description\t\"configure virtual network devices\"\n\n") printf("emits static-network-up\n") @@ -77,6 +79,8 @@ setup_net() phys) printf(" /sbin/initctl emit --no-wait static-network-up\n") + if (length(defroute) > 0) + printf(" /sbin/route add default %s\n", defroute) printf("end script\n") }' > $fnm } diff --git a/usr/src/lib/brand/lx/zone/platform.xml b/usr/src/lib/brand/lx/zone/platform.xml index dffa106a0b..6cc3c32df4 100644 --- a/usr/src/lib/brand/lx/zone/platform.xml +++ b/usr/src/lib/brand/lx/zone/platform.xml @@ -60,6 +60,10 @@ <mount special="swap" directory="/native/tmp" type="tmpfs" /> <!-- Devices to create under /dev --> + <device match="arp" /> + <device match="ipnet" /> + <device match="kstat" /> + <device match="lo0" /> <device match="null" /> <device match="poll" /> <device match="pts/*" /> |