ia64/xen-unstable

view tools/security/setlabel.sh @ 7778:0b4596caf761

nloopbacks default is now 8. So vifnum of greater than 7 requires
an adjustment to nloopbacks. Warning comment updated.

Signed-off-by: Nivedita Singhvi (niv@us.ibm.com)
author kaf24@firebug.cl.cam.ac.uk
date Fri Nov 11 10:46:36 2005 +0100 (2005-11-11)
parents d6ebcfc5a30b
children 8aac8746047b
line source
1 #!/bin/sh
2 # *
3 # * setlabel
4 # *
5 # * Copyright (C) 2005 IBM Corporation
6 # *
7 # * Authors:
8 # * Stefan Berger <stefanb@us.ibm.com>
9 # *
10 # * This program is free software; you can redistribute it and/or
11 # * modify it under the terms of the GNU General Public License as
12 # * published by the Free Software Foundation, version 2 of the
13 # * License.
14 # *
15 # * 'setlabel' labels virtual machine (domain) configuration files with
16 # * security identifiers that can be enforced in Xen.
17 # *
18 # * 'setlabel -?' shows the usage of the program
19 # *
20 # * 'setlabel -l vmconfig-file' lists all available labels (only VM
21 # * labels are used right now)
22 # *
23 # * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
24 # * that corresponds to the security-label under the
25 # * current policy (if policy changes, 'label'
26 # * must be re-run over the configuration files;
27 # * map-file is created during policy translation and
28 # * is found in the policy's directory
29 #
31 if [ -z "$runbash" ]; then
32 runbash="1"
33 export runbash
34 exec sh -c "bash $0 $*"
35 fi
37 export PATH=$PATH:.
38 source labelfuncs.sh
40 usage ()
41 {
42 echo "Use this tool to put the ssidref corresponding to a label of a policy into
43 the VM configuration file, or use it to display all labels of a policy.
45 Usage: $0 [Option] <vmfile> <label> [<policy name>]
46 or $0 -l [<policy name>]
48 Valid options are:
49 -r : to relabel a file without being prompted
51 vmfile : XEN vm configuration file; give complete path
52 label : the label to map to an ssidref
53 policy name : the name of the policy, i.e. 'chwall'
54 If the policy name is omitted, it is attempted
55 to find the current policy's name in grub.conf.
57 -l [<policy name>] is used to show valid labels in the map file of
58 the given or current policy. If the policy name
59 is omitted, it will be tried to determine the
60 current policy from grub.conf (/boot/grub/grub.conf)
62 "
63 }
66 if [ "$1" == "-r" ]; then
67 mode="relabel"
68 shift
69 elif [ "$1" == "-l" ]; then
70 mode="show"
71 shift
72 elif [ "$1" == "-?" ]; then
73 mode="usage"
74 fi
76 if [ "$mode" == "show" ]; then
77 if [ "$1" == "" ]; then
78 findGrubConf
79 ret=$?
80 if [ $ret -eq 0 ]; then
81 echo "Could not find grub.conf"
82 exit -1;
83 fi
84 findPolicyInGrub $grubconf
85 if [ "$policy" != "" ]; then
86 echo "Assuming policy to be '$policy'.";
87 else
88 echo "Could not find policy."
89 exit -1;
90 fi
91 else
92 policy=$1;
93 fi
96 findMapFile $policy
97 res=$?
98 if [ "$res" != "0" ]; then
99 showLabels $mapfile
100 else
101 echo "Could not find map file for policy '$policy'."
102 fi
103 elif [ "$mode" == "usage" ]; then
104 usage
105 else
106 if [ "$2" == "" ]; then
107 usage
108 exit -1
109 fi
110 if [ "$3" == "" ]; then
111 findGrubConf
112 ret=$?
113 if [ $ret -eq 0 ]; then
114 echo "Could not find grub.conf"
115 exit -1;
116 fi
117 findPolicyInGrub $grubconf
118 if [ "$policy" != "" ]; then
119 echo "Assuming policy to be '$policy'.";
120 else
121 echo "Could not find policy."
122 exit -1;
123 fi
125 else
126 policy=$3;
127 fi
128 findMapFile $policy
129 res=$?
130 if [ "$res" != "0" ]; then
131 relabel $1 $2 $mapfile $mode
132 else
133 echo "Could not find map file for policy '$3'."
134 fi
136 fi