direct-io.hg
changeset 7508:d6ebcfc5a30b
The attached patch fixes 2 issues with the scripts written for the Xen
access control module and makes the tools more self-explanatory.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
access control module and makes the tools more self-explanatory.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
| author | kaf24@firebug.cl.cam.ac.uk |
|---|---|
| date | Thu Oct 27 17:27:04 2005 +0100 (2005-10-27) |
| parents | 7ba4019f7b2d |
| children | 602f7fc3e1b1 |
| files | tools/security/getlabel.sh tools/security/setlabel.sh tools/security/updategrub.sh |
line diff
1.1 --- a/tools/security/getlabel.sh Thu Oct 27 17:24:06 2005 +0100 1.2 +++ b/tools/security/getlabel.sh Thu Oct 27 17:27:04 2005 +0100 1.3 @@ -36,18 +36,21 @@ source labelfuncs.sh 1.4 1.5 usage () 1.6 { 1.7 - echo "Usage: $0 -sid <ssidref> [<policy name>] or" 1.8 - echo " $0 -dom <domid> [<policy name>] " 1.9 - echo "" 1.10 - echo "policy name : the name of the policy, i.e. 'chwall'" 1.11 - echo " If the policy name is omitted, the grub.conf" 1.12 - echo " entry of the running system is tried to be read" 1.13 - echo " and the policy name determined from there." 1.14 - echo "ssidref : an ssidref in hex or decimal format, i.e., '0x00010002'" 1.15 - echo " or '65538'" 1.16 - echo "domid : id of the domain, i.e., '1'; Use numbers from the 2nd" 1.17 - echo " column shown when invoking 'xm list'" 1.18 - echo "" 1.19 +echo "Use this tool to display the label of a domain or the label that is 1.20 +corresponding to an ssidref given the name of the running policy. 1.21 + 1.22 +Usage: $0 -sid <ssidref> [<policy name>] or 1.23 + $0 -dom <domid> [<policy name>] 1.24 + 1.25 +policy name : the name of the policy, i.e. 'chwall' 1.26 + If the policy name is omitted, the grub.conf 1.27 + entry of the running system is tried to be read 1.28 + and the policy name determined from there. 1.29 +ssidref : an ssidref in hex or decimal format, i.e., '0x00010002' 1.30 + or '65538' 1.31 +domid : id of the domain, i.e., '1'; Use numbers from the 2nd 1.32 + column shown when invoking 'xm list' 1.33 +" 1.34 } 1.35 1.36
2.1 --- a/tools/security/setlabel.sh Thu Oct 27 17:24:06 2005 +0100 2.2 +++ b/tools/security/setlabel.sh Thu Oct 27 17:27:04 2005 +0100 2.3 @@ -39,21 +39,27 @@ source labelfuncs.sh 2.4 2.5 usage () 2.6 { 2.7 - echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]" 2.8 - echo " or $0 -l [<policy name>]" 2.9 - echo "" 2.10 - echo "Valid options are:" 2.11 - echo "-r : to relabel a file without being prompted" 2.12 - echo "" 2.13 - echo "vmfile : XEN vm configuration file" 2.14 - echo "label : the label to map to an ssidref" 2.15 - echo "policy name : the name of the policy, i.e. 'chwall'" 2.16 - echo " If the policy name is omitted, it is attempted" 2.17 - echo " to find the current policy's name in grub.conf." 2.18 - echo "" 2.19 - echo "-l [<policy name>] is used to show valid labels in the map file of" 2.20 - echo " the given or current policy." 2.21 - echo "" 2.22 +echo "Use this tool to put the ssidref corresponding to a label of a policy into 2.23 +the VM configuration file, or use it to display all labels of a policy. 2.24 + 2.25 +Usage: $0 [Option] <vmfile> <label> [<policy name>] 2.26 + or $0 -l [<policy name>] 2.27 + 2.28 +Valid options are: 2.29 +-r : to relabel a file without being prompted 2.30 + 2.31 +vmfile : XEN vm configuration file; give complete path 2.32 +label : the label to map to an ssidref 2.33 +policy name : the name of the policy, i.e. 'chwall' 2.34 + If the policy name is omitted, it is attempted 2.35 + to find the current policy's name in grub.conf. 2.36 + 2.37 +-l [<policy name>] is used to show valid labels in the map file of 2.38 + the given or current policy. If the policy name 2.39 + is omitted, it will be tried to determine the 2.40 + current policy from grub.conf (/boot/grub/grub.conf) 2.41 + 2.42 +" 2.43 } 2.44 2.45 2.46 @@ -83,7 +89,7 @@ if [ "$mode" == "show" ]; then 2.47 exit -1; 2.48 fi 2.49 else 2.50 - policy=$3; 2.51 + policy=$1; 2.52 fi 2.53 2.54 2.55 @@ -92,7 +98,7 @@ if [ "$mode" == "show" ]; then 2.56 if [ "$res" != "0" ]; then 2.57 showLabels $mapfile 2.58 else 2.59 - echo "Could not find map file for policy '$1'." 2.60 + echo "Could not find map file for policy '$policy'." 2.61 fi 2.62 elif [ "$mode" == "usage" ]; then 2.63 usage
3.1 --- a/tools/security/updategrub.sh Thu Oct 27 17:24:06 2005 +0100 3.2 +++ b/tools/security/updategrub.sh Thu Oct 27 17:27:04 2005 +0100 3.3 @@ -26,11 +26,16 @@ fi 3.4 # Show usage of this program 3.5 usage () 3.6 { 3.7 - echo "Usage: $0 <policy name> <root of xen repository>" 3.8 - echo "" 3.9 - echo "<policy name> : The name of the policy, i.e. xen_null" 3.10 - echo "<root of xen repository> : The root of the XEN repositrory." 3.11 - echo "" 3.12 +echo "Use this tool to add the binary policy to the Xen grub entry and 3.13 +have Xen automatically enforce the policy when starting. 3.14 + 3.15 +Usage: $0 <policy name> <root of xen repository> 3.16 + 3.17 +<policy name> : The name of the policy, i.e. xen_null 3.18 +<root of xen repository> : The root of the XEN repository. Give 3.19 + complete path. 3.20 + 3.21 +" 3.22 } 3.23 3.24 # This function sets the global variable 'linux' 3.25 @@ -43,11 +48,24 @@ getLinuxVersion () 3.26 for f in $path/linux-*-xen0 ; do 3.27 versionfile=$f/include/linux/version.h 3.28 if [ -r $versionfile ]; then 3.29 - lnx=`cat $versionfile | \ 3.30 - grep UTS_RELEASE | \ 3.31 - awk '{ \ 3.32 - len=length($3); \ 3.33 - print substr($3,2,len-2) }'` 3.34 + lnx=`cat $versionfile | \ 3.35 + grep UTS_RELEASE | \ 3.36 + awk '{ \ 3.37 + len=length($3); \ 3.38 + version=substr($3,2,len-2); \ 3.39 + split(version,numbers,"."); \ 3.40 + if (numbers[4]=="") { \ 3.41 + printf("%s.%s.%s", \ 3.42 + numbers[1], \ 3.43 + numbers[2], \ 3.44 + numbers[3]); \ 3.45 + } else { \ 3.46 + printf("%s.%s.%s[.0-9]*-xen0",\ 3.47 + numbers[1], \ 3.48 + numbers[2], \ 3.49 + numbers[3]); \ 3.50 + } \ 3.51 + }'` 3.52 fi 3.53 if [ "$lnx" != "" ]; then 3.54 linux="[./0-9a-zA-z]*$lnx" 3.55 @@ -143,10 +161,19 @@ updateGrub () 3.56 echo "Could not create temporary file! Aborting." 3.57 exit -1 3.58 fi 3.59 - mv -f $tmpfile $grubconf 3.60 + diff $tmpfile $grubconf > /dev/null 3.61 + RES=$? 3.62 + if [ "$RES" == "0" ]; then 3.63 + echo "No changes were made to $grubconf." 3.64 + else 3.65 + echo "Successfully updated $grubconf." 3.66 + mv -f $tmpfile $grubconf 3.67 + fi 3.68 } 3.69 3.70 if [ "$1" == "" -o "$2" == "" ]; then 3.71 + echo "Error: Not enough command line parameters." 3.72 + echo "" 3.73 usage 3.74 exit -1 3.75 fi