1 files changed, 92 insertions, 29 deletions
diff --git a/usr/src/lib/libzonecfg/common/libzonecfg.c b/usr/src/lib/libzonecfg/common/libzonecfg.c
index acfa78371c..8936356ec9 100644
--- a/usr/src/lib/libzonecfg/common/libzonecfg.c
+++ b/usr/src/lib/libzonecfg/common/libzonecfg.c
@@ -132,6 +132,7 @@
 #define	DTD_ATTR_HOSTID		(const xmlChar *) "hostid"
 #define	DTD_ATTR_USER		(const xmlChar *) "user"
 #define	DTD_ATTR_AUTHS		(const xmlChar *) "auths"
+#define	DTD_ATTR_FS_ALLOWED	(const xmlChar *) "fs-allowed"
 
 #define	DTD_ENTITY_BOOLEAN	"boolean"
 #define	DTD_ENTITY_DEVPATH	"devpath"
@@ -2384,41 +2385,64 @@ zonecfg_modify_nwif(
 }
 
 /*
- * Gets the zone hostid string stored in the specified zone configuration
- * document.  This function returns Z_OK on success.  Z_BAD_PROPERTY is returned
- * if the config file doesn't specify a hostid or if the hostid is blank.
- *
- * Note that buflen should be at least HW_HOSTID_LEN.
+ * Must be a comma-separated list of alpha-numeric file system names.
  */
+static int
+zonecfg_valid_fs_allowed(const char *fsallowedp)
+{
+	char tmp[ZONE_FS_ALLOWED_MAX];
+	char *cp = tmp;
+	char *p;
+
+	if (strlen(fsallowedp) > ZONE_FS_ALLOWED_MAX)
+		return (Z_TOO_BIG);
+
+	(void) strlcpy(tmp, fsallowedp, sizeof (tmp));
+
+	while (*cp != '\0') {
+		p = cp;
+		while (*p != '\0' && *p != ',') {
+			if (!isalnum(*p))
+				return (Z_INVALID_PROPERTY);
+			p++;
+		}
+
+		if (*p == ',') {
+			if (p == cp)
+				return (Z_INVALID_PROPERTY);
+
+			p++;
+
+			if (*p == '\0')
+				return (Z_INVALID_PROPERTY);
+		}
+
+		cp = p;
+	}
+
+	return (Z_OK);
+}
+
 int
-zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen)
+zonecfg_get_fs_allowed(zone_dochandle_t handle, char *bufp, size_t buflen)
 {
 	int err;
 
-	if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK)
+	if ((err = getrootattr(handle, DTD_ATTR_FS_ALLOWED,
+	    bufp, buflen)) != Z_OK)
 		return (err);
 	if (bufp[0] == '\0')
 		return (Z_BAD_PROPERTY);
-	return (Z_OK);
+	return (zonecfg_valid_fs_allowed(bufp));
 }
 
-/*
- * Sets the hostid string in the specified zone config document to the given
- * string value.  If 'hostidp' is NULL, then the config document's hostid
- * attribute is cleared.  Non-NULL hostids are validated.  This function returns
- * Z_OK on success.  Any other return value indicates failure.
- */
 int
-zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
+zonecfg_set_fs_allowed(zone_dochandle_t handle, const char *bufp)
 {
 	int err;
 
-	/*
-	 * A NULL hostid string is interpreted as a request to clear the
-	 * hostid.
-	 */
-	if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK)
-		return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp));
+	if (bufp == NULL || (err = zonecfg_valid_fs_allowed(bufp)) == Z_OK)
+		return (setrootattr(handle, DTD_ATTR_FS_ALLOWED, bufp));
 	return (err);
 }
 
@@ -2426,10 +2450,10 @@ zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
  * Determines if the specified string is a valid hostid string.  This function
  * returns Z_OK if the string is a valid hostid string.  It returns Z_INVAL if
  * 'hostidp' is NULL, Z_TOO_BIG if 'hostidp' refers to a string buffer
- * containing a hex string with more than 8 digits, and Z_HOSTID_FUBAR if the
- * string has an invalid format.
+ * containing a hex string with more than 8 digits, and Z_INVALID_PROPERTY if
+ * the string has an invalid format.
  */
-int
+static int
 zonecfg_valid_hostid(const char *hostidp)
 {
 	char *currentp;
@@ -2441,10 +2465,10 @@ zonecfg_valid_hostid(const char *hostidp)
 
 	/* Empty strings and strings with whitespace are invalid. */
 	if (*hostidp == '\0')
-		return (Z_HOSTID_FUBAR);
+		return (Z_INVALID_PROPERTY);
 	for (currentp = (char *)hostidp; *currentp != '\0'; ++currentp) {
 		if (isspace(*currentp))
-			return (Z_HOSTID_FUBAR);
+			return (Z_INVALID_PROPERTY);
 	}
 	len = (size_t)(currentp - hostidp);
 
@@ -2463,10 +2487,49 @@ zonecfg_valid_hostid(const char *hostidp)
 		return (Z_TOO_BIG);
 	if (hostidval > UINT_MAX || hostidval == HW_INVALID_HOSTID ||
 	    currentp != hostidp + len)
-		return (Z_HOSTID_FUBAR);
+		return (Z_INVALID_PROPERTY);
 	return (Z_OK);
 }
 
+/*
+ * Gets the zone hostid string stored in the specified zone configuration
+ * document.  This function returns Z_OK on success.  Z_BAD_PROPERTY is returned
+ * if the config file doesn't specify a hostid or if the hostid is blank.
+ *
+ * Note that buflen should be at least HW_HOSTID_LEN.
+ */
+int
+zonecfg_get_hostid(zone_dochandle_t handle, char *bufp, size_t buflen)
+{
+	int err;
+
+	if ((err = getrootattr(handle, DTD_ATTR_HOSTID, bufp, buflen)) != Z_OK)
+		return (err);
+	if (bufp[0] == '\0')
+		return (Z_BAD_PROPERTY);
+	return (zonecfg_valid_hostid(bufp));
+}
+
+/*
+ * Sets the hostid string in the specified zone config document to the given
+ * string value.  If 'hostidp' is NULL, then the config document's hostid
+ * attribute is cleared.  Non-NULL hostids are validated.  This function returns
+ * Z_OK on success.  Any other return value indicates failure.
+ */
+int
+zonecfg_set_hostid(zone_dochandle_t handle, const char *hostidp)
+{
+	int err;
+
+	/*
+	 * A NULL hostid string is interpreted as a request to clear the
+	 * hostid.
+	 */
+	if (hostidp == NULL || (err = zonecfg_valid_hostid(hostidp)) == Z_OK)
+		return (setrootattr(handle, DTD_ATTR_HOSTID, hostidp));
+	return (err);
+}
+
 int
 zonecfg_lookup_dev(zone_dochandle_t handle, struct zone_devtab *tabptr)
 {
@@ -3651,8 +3714,8 @@ zonecfg_strerror(int errnum)
 		    "Could not create a temporary pool"));
 	case Z_POOL_BIND:
 		return (dgettext(TEXT_DOMAIN, "Could not bind zone to pool"));
-	case Z_HOSTID_FUBAR:
-		return (dgettext(TEXT_DOMAIN, "Specified hostid is invalid"));
+	case Z_INVALID_PROPERTY:
+		return (dgettext(TEXT_DOMAIN, "Specified property is invalid"));
 	case Z_SYSTEM:
 		return (strerror(errno));
 	default: