ia64/xen-unstable

view tools/security/updategrub.sh @ 7778:0b4596caf761

nloopbacks default is now 8. So vifnum of greater than 7 requires
an adjustment to nloopbacks. Warning comment updated.

Signed-off-by: Nivedita Singhvi (niv@us.ibm.com)
author kaf24@firebug.cl.cam.ac.uk
date Fri Nov 11 10:46:36 2005 +0100 (2005-11-11)
parents d6ebcfc5a30b
children 8aac8746047b
line source
1 #!/bin/sh
2 # *
3 # * updategrub
4 # *
5 # * Copyright (C) 2005 IBM Corporation
6 # *
7 # * Authors:
8 # * Stefan Berger <stefanb@us.ibm.com>
9 # *
10 # * This program is free software; you can redistribute it and/or
11 # * modify it under the terms of the GNU General Public License as
12 # * published by the Free Software Foundation, version 2 of the
13 # * License.
14 # *
15 # *
16 #
18 if [ -z "$runbash" ]; then
19 runbash="1"
20 export runbash
21 exec sh -c "bash $0 $*"
22 exit
23 fi
26 # Show usage of this program
27 usage ()
28 {
29 echo "Use this tool to add the binary policy to the Xen grub entry and
30 have Xen automatically enforce the policy when starting.
32 Usage: $0 <policy name> <root of xen repository>
34 <policy name> : The name of the policy, i.e. xen_null
35 <root of xen repository> : The root of the XEN repository. Give
36 complete path.
38 "
39 }
41 # This function sets the global variable 'linux'
42 # to the name of the linux kernel that was compiled
43 # For now a pattern should do the trick
44 getLinuxVersion ()
45 {
46 path=$1
47 linux=""
48 for f in $path/linux-*-xen0 ; do
49 versionfile=$f/include/linux/version.h
50 if [ -r $versionfile ]; then
51 lnx=`cat $versionfile | \
52 grep UTS_RELEASE | \
53 awk '{ \
54 len=length($3); \
55 version=substr($3,2,len-2); \
56 split(version,numbers,"."); \
57 if (numbers[4]=="") { \
58 printf("%s.%s.%s", \
59 numbers[1], \
60 numbers[2], \
61 numbers[3]); \
62 } else { \
63 printf("%s.%s.%s[.0-9]*-xen0",\
64 numbers[1], \
65 numbers[2], \
66 numbers[3]); \
67 } \
68 }'`
69 fi
70 if [ "$lnx" != "" ]; then
71 linux="[./0-9a-zA-z]*$lnx"
72 return;
73 fi
74 done
76 #Last resort.
77 linux="vmlinuz-2.[45678].[0-9]*[.0-9]*-xen0$"
78 }
80 #Return where the grub.conf file is.
81 #I only know of one place it can be.
82 findGrubConf()
83 {
84 grubconf="/boot/grub/grub.conf"
85 if [ -w $grubconf ]; then
86 return 1
87 fi
88 return 0
89 }
92 #Update the grub configuration file.
93 #Search for existing entries and replace the current
94 #policy entry with the policy passed to this script
95 #
96 #Arguments passed to this function
97 # 1st : the grub configuration file
98 # 2nd : the binary policy file name
99 # 3rd : the name or pattern of the linux kernel name to match
100 #
101 # The algorithm here is based on pattern matching
102 # and is working correctly if
103 # - under a title a line beginning with 'kernel' is found
104 # whose following item ends with "xen.gz"
105 # Example: kernel /xen.gz dom0_mem=....
106 # - a module line matching the 3rd parameter is found
107 #
108 updateGrub ()
109 {
110 grubconf=$1
111 policyfile=$2
112 linux=$3
114 tmpfile="/tmp/new_grub.conf"
116 cat $grubconf | \
117 awk -vpolicy=$policyfile \
118 -vlinux=$linux '{ \
119 if ( $1 == "title" ) { \
120 kernelfound = 0; \
121 if ( policymaycome == 1 ){ \
122 printf ("\tmodule %s%s\n", path, policy); \
123 } \
124 policymaycome = 0; \
125 } \
126 else if ( $1 == "kernel" ) { \
127 if ( match($2,"xen.gz$") ) { \
128 path=substr($2,1,RSTART-1); \
129 kernelfound = 1; \
130 } \
131 } \
132 else if ( $1 == "module" && \
133 kernelfound == 1 && \
134 match($2,linux) ) { \
135 policymaycome = 1; \
136 } \
137 else if ( $1 == "module" && \
138 kernelfound == 1 && \
139 policymaycome == 1 && \
140 match($2,"[0-9a-zA-Z]*.bin$") ) { \
141 printf ("\tmodule %s%s\n", path, policy); \
142 policymaycome = 0; \
143 kernelfound = 0; \
144 dontprint = 1; \
145 } \
146 else if ( $1 == "" && \
147 kernelfound == 1 && \
148 policymaycome == 1) { \
149 dontprint = 1; \
150 } \
151 if (dontprint == 0) { \
152 printf ("%s\n", $0); \
153 } \
154 dontprint = 0; \
155 } END { \
156 if ( policymaycome == 1 ) { \
157 printf ("\tmodule %s%s\n", path, policy); \
158 } \
159 }' > $tmpfile
160 if [ ! -r $tmpfile ]; then
161 echo "Could not create temporary file! Aborting."
162 exit -1
163 fi
164 diff $tmpfile $grubconf > /dev/null
165 RES=$?
166 if [ "$RES" == "0" ]; then
167 echo "No changes were made to $grubconf."
168 else
169 echo "Successfully updated $grubconf."
170 mv -f $tmpfile $grubconf
171 fi
172 }
174 if [ "$1" == "" -o "$2" == "" ]; then
175 echo "Error: Not enough command line parameters."
176 echo ""
177 usage
178 exit -1
179 fi
181 if [ "$1" == "-?" ]; then
182 usage
183 exit 0
184 fi
186 policy=$1
187 policyfile=$policy.bin
189 getLinuxVersion $2
191 findGrubConf
192 ERR=$?
193 if [ $ERR -eq 0 ]; then
194 echo "Could not find grub.conf. Aborting."
195 exit -1
196 fi
198 updateGrub $grubconf $policyfile $linux