This case seeks micro/patch binding.

1. Introduction
   1.1. Project/Component Working Name:

	fmd for non-global Solaris zones

   1.2. Name of Document Author/Supplier:

	Gavin Maltby

   1.3. Date of This Document:

	06/11/2010

   1.5. Email Aliases:
    	1.5.1. Responsible Manager: gavin.gibson@sun.com
    	1.5.2. Responsible Engineer: gavin.maltby@sun.com

2. Project Summary
   2.1. Project Description:

	6897919 fmd to run in a non-global zone

	This RFE will enable fmd and associated SMF services in a non-global
	Solaris zone.  The set of fmd plugins delivered into a zone
	will be restricted to those that are relevant - the hardware-oriented
	modules, particularly, will not be delivered in a non-global zone.

	The first consumer of the fmd service in a non-global Solaris zone
	will be SMF; this will work with fmd to achieve snmp and email
	notifications of instance state transitions.

	There is no change from the administrative point-of-view - fmd in
	a non-global zone is administered identically to fmd in the global
	zone (save for one privilege change, highlighted below).

4. Technical Description:
    4.1. Details:

	4.1.1 Packaging

		The manifest for the fmd service (svc:/system/fmd) is
		/lib/svc/manifest/system/fmd.xml, currently delivered
		by package system/kernel which is not part of a
		non-global zone image.  We move the manifest delivery
		to service/fault-management which is part of the
		"Core System" for a non-global zone.

	4.1.2 Service Dependencies

		The system/fmd service today is dependent on system/sysevent
		and system/dumpadm, both of which are global-zone only
		services (and only meaningful there).  Instead of listing
		these as dependencies of the fmd service we now list
		system/fmd as a dependent in the dumpadm and sysevent
		manifests.

	4.1.3 Restricting service-fault management deliverables

		In a non-global zone we do not want the hardware-oriented
		fmd plugin modules, topology enumerators etc.  All such
		paths will now be tagged with 'variant.opensolaris.zone=global'
		in the package manifest for service/fault-management.

	4.1.4 Privileges

		Some of the privileges that fmd requires today are either
		optional or prohibited in a non-global zone.  The optional
		one (PRIV_PROC_PRIOCNTL) it turns out we can do without,
		and the prohibited ones are associated with hardware
		modules which we do not deliver in a non-global zone

						fmd requires priv in ...
		fmd Privilege		Global Zone?	Non-global Zone?
		-----------------------	---------------	----------------
		PRIV_FILE_DAC_EXECUTE	Yes		Yes
		PRIV_FILE_DAC_READ	Yes		Yes
		PRIV_FILE_DAC_SEARCH	Yes		Yes
		PRIV_FILE_DAC_WRITE	Yes		Yes
		PRIV_FILE_OWNER		Yes		Yes
		PRIV_PROC_OWNER		Yes		Yes
		PRIV_PROC_PRIOCNTL	Yes		No (optional)
		PRIV_SYS_CONFIG		Yes		No (prohibited)
		PRIV_SYS_DEVICES	Yes		No (prohibited)
		PRIV_SYS_RES_CONFIG	Yes		No (prohibited)
		PRIV_SYS_NET_CONFIG	Yes		No (prohibited)

		The fmd administrative commands of fmadm(1m) and fmstat(1m)
		currently must be run with PRIV_SYS_CONFIG (this is checked
		in fmd by looking the the door rpc transport credentials).
		As above, PRIV_SYS_CONFIG is prohibited in a non-global
		zone; we therefore change this requirement and instead
		require that the caller have PRIV_SYS_ADMIN in their
		Effective privilege set.  This change is made in both
		global and non-global zones (we could require either
		PRIV_SYS_ADMIN or PRIV_SYS_CONFIG in the global zone, but
		we prefer to have requirements the same in both global
		and non-global cases).

	4.1.5 Associated Services

		PSARC/2009/618 and PSARC/2009/619 introduced services for
		smtp and snmp notification of fault management events:

		    svc:/system/fm/smtp-notify:default
		    svc:/system/fm/snmp-notify:default

		These will now be delivered in their own packages:

		    service/fault-management/smtp-notify
		    service/fault-management/snmp-notify

		While the core service/fault-management package that
		delivers fmd itself is part of the core set of packages
		for a non-global zone, the two notification packages
		are not part of that set.  An administrator will have to
		install the package for the functionality desired.

    4.6. Doc Impact:

	Manpages fmd(1m), fmadm(1m) and fmstat(1m) are updated - see
	case materials.

   5 Reference Documents

	PSARC/2003/089 Solaris Fault Management Daemon	
	PSARC/2009/617 Software Events Notification Parameters CLI
	PSARC/2009/618 snmp-notify: SNMP Notification Daemon for Software Events
	PSARC/2009/619 smtp-notify: Email Notification Daemon for Software Events

   6.5. ARC review type:

		FastTrack

   6.6. ARC Exposure:

		open