diff options
Diffstat (limited to 'usr/src/lib/brand/joyent-minimal/zone/config.xml')
-rw-r--r-- | usr/src/lib/brand/joyent-minimal/zone/config.xml | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/usr/src/lib/brand/joyent-minimal/zone/config.xml b/usr/src/lib/brand/joyent-minimal/zone/config.xml new file mode 100644 index 0000000000..64e92464fe --- /dev/null +++ b/usr/src/lib/brand/joyent-minimal/zone/config.xml @@ -0,0 +1,115 @@ +<?xml version="1.0"?> + +<!-- + CDDL HEADER START + + The contents of this file are subject to the terms of the + Common Development and Distribution License (the "License"). + You may not use this file except in compliance with the License. + + You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + or http://www.opensolaris.org/os/licensing. + See the License for the specific language governing permissions + and limitations under the License. + + When distributing Covered Code, include this CDDL HEADER in each + file and include the License file at usr/src/OPENSOLARIS.LICENSE. + If applicable, add the following below this CDDL HEADER, with the + fields enclosed by brackets "[]" replaced with your own identifying + information: Portions Copyright [yyyy] [name of copyright owner] + + CDDL HEADER END + + Copyright 2015 Joyent, Inc. All rights reserved. + Use is subject to license terms. + + DO NOT EDIT THIS FILE. +--> + +<!DOCTYPE brand PUBLIC "-//Joyent Inc//DTD Brands//EN" + "file:///usr/share/lib/xml/dtd/brand.dtd.1"> + +<brand name="joyent-minimal"> + <modname></modname> + + <initname>/sbin/init</initname> + <login_cmd>/usr/bin/login -z %Z %u</login_cmd> + <forcedlogin_cmd>/usr/bin/login -z %Z -f %u</forcedlogin_cmd> + <user_cmd>/usr/bin/getent passwd %u</user_cmd> + + <install>/usr/lib/brand/joyent-minimal/jinstall -z %z -R %R</install> + <installopts>R:t:U:q:z:</installopts> + <boot></boot> + <halt></halt> + <verify_cfg></verify_cfg> + <verify_adm></verify_adm> + <postclone></postclone> + <postinstall></postinstall> + <attach>/usr/lib/brand/joyent-minimal/jattach -z %z -R %R</attach> + <detach>/usr/lib/brand/joyent-minimal/jdetach -z %z -R %R</detach> + <clone></clone> + <uninstall>/usr/lib/brand/joyent-minimal/juninstall -z %z -R %R</uninstall> + <prestatechange>/usr/lib/brand/joyent-minimal/prestate %z %R</prestatechange> + <poststatechange>/usr/lib/brand/joyent-minimal/poststate %z %R</poststatechange> + <query>/usr/lib/brand/joyent-minimal/query %z %R</query> + + <privilege set="default" name="contract_event" /> + <privilege set="default" name="contract_identity" /> + <privilege set="default" name="contract_observer" /> + <privilege set="default" name="dtrace_proc" /> + <privilege set="default" name="dtrace_user" /> + <privilege set="default" name="file_chown" /> + <privilege set="default" name="file_chown_self" /> + <privilege set="default" name="file_dac_execute" /> + <privilege set="default" name="file_dac_read" /> + <privilege set="default" name="file_dac_search" /> + <privilege set="default" name="file_dac_write" /> + <privilege set="default" name="file_owner" /> + <privilege set="default" name="file_setid" /> + <privilege set="default" name="ipc_dac_read" /> + <privilege set="default" name="ipc_dac_write" /> + <privilege set="default" name="ipc_owner" /> + <privilege set="default" name="net_bindmlp" /> + <privilege set="default" name="net_icmpaccess" /> + <privilege set="default" name="net_mac_aware" /> + <privilege set="default" name="net_observability" /> + <privilege set="default" name="net_privaddr" /> + <privilege set="default" name="net_rawaccess" ip-type="exclusive" /> + <privilege set="default" name="proc_chroot" /> + <privilege set="default" name="sys_audit" /> + <privilege set="default" name="proc_audit" /> + <privilege set="default" name="proc_lock_memory" /> + <privilege set="default" name="proc_owner" /> + <privilege set="default" name="proc_prioup" /> + <privilege set="default" name="proc_secflags" /> + <privilege set="default" name="proc_setid" /> + <privilege set="default" name="proc_taskid" /> + <privilege set="default" name="sys_acct" /> + <privilege set="default" name="sys_admin" /> + <privilege set="default" name="sys_fs_import" /> + <privilege set="default" name="sys_ip_config" ip-type="exclusive" /> + <privilege set="default" name="sys_iptun_config" ip-type="exclusive" /> + <privilege set="default" name="sys_mount" /> + <privilege set="default" name="sys_nfs" /> + <privilege set="default" name="sys_smb" /> + <privilege set="default" name="sys_resource" /> + <privilege set="default" name="sys_ppp_config" ip-type="exclusive" /> + + <privilege set="prohibited" name="dtrace_kernel" /> + <privilege set="prohibited" name="proc_zone" /> + <privilege set="prohibited" name="sys_config" /> + <privilege set="prohibited" name="sys_devices" /> + <privilege set="prohibited" name="sys_ip_config" ip-type="shared" /> + <privilege set="prohibited" name="sys_linkdir" /> + <privilege set="prohibited" name="sys_net_config" /> + <privilege set="prohibited" name="sys_res_config" /> + <privilege set="prohibited" name="sys_suser_compat" /> + <privilege set="prohibited" name="xvm_control" /> + <privilege set="prohibited" name="virt_manage" /> + <privilege set="prohibited" name="sys_ppp_config" ip-type="shared" /> + + <privilege set="required" name="proc_exec" /> + <privilege set="required" name="proc_fork" /> + <privilege set="required" name="sys_ip_config" ip-type="exclusive" /> + <privilege set="required" name="sys_mount" /> +</brand> |