ia64/xen-unstable

view tools/security/setlabel.sh @ 6812:26cf3cfd3bed

Switch vcpu hotplugging to use xstransact.
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Tue Sep 13 17:31:13 2005 +0000 (2005-09-13)
parents 291e816acbf4
children b2f4823b6ff0 b35215021b32 9af349b055e5 3233e7ecfa9f
line source
1 #!/bin/sh
2 # *
3 # * setlabel
4 # *
5 # * Copyright (C) 2005 IBM Corporation
6 # *
7 # * Authors:
8 # * Stefan Berger <stefanb@us.ibm.com>
9 # *
10 # * This program is free software; you can redistribute it and/or
11 # * modify it under the terms of the GNU General Public License as
12 # * published by the Free Software Foundation, version 2 of the
13 # * License.
14 # *
15 # * 'setlabel' labels virtual machine (domain) configuration files with
16 # * security identifiers that can be enforced in Xen.
17 # *
18 # * 'setlabel -?' shows the usage of the program
19 # *
20 # * 'setlabel -l vmconfig-file' lists all available labels (only VM
21 # * labels are used right now)
22 # *
23 # * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
24 # * that corresponds to the security-label under the
25 # * current policy (if policy changes, 'label'
26 # * must be re-run over the configuration files;
27 # * map-file is created during policy translation and
28 # * is found in the policy's directory
29 #
31 if [ -z "$runbash" ]; then
32 runbash="1"
33 export runbash
34 exec sh -c "bash $0 $*"
35 fi
37 export PATH=$PATH:.
38 source labelfuncs.sh
40 usage ()
41 {
42 echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
43 echo " or $0 -l [<policy name>]"
44 echo ""
45 echo "Valid options are:"
46 echo "-r : to relabel a file without being prompted"
47 echo ""
48 echo "vmfile : XEN vm configuration file"
49 echo "label : the label to map to an ssidref"
50 echo "policy name : the name of the policy, i.e. 'chwall'"
51 echo " If the policy name is omitted, it is attempted"
52 echo " to find the current policy's name in grub.conf."
53 echo ""
54 echo "-l [<policy name>] is used to show valid labels in the map file of"
55 echo " the given or current policy."
56 echo ""
57 }
60 if [ "$1" == "-r" ]; then
61 mode="relabel"
62 shift
63 elif [ "$1" == "-l" ]; then
64 mode="show"
65 shift
66 elif [ "$1" == "-?" ]; then
67 mode="usage"
68 fi
70 if [ "$mode" == "show" ]; then
71 if [ "$1" == "" ]; then
72 findGrubConf
73 ret=$?
74 if [ $ret -eq 0 ]; then
75 echo "Could not find grub.conf"
76 exit -1;
77 fi
78 findPolicyInGrub $grubconf
79 if [ "$policy" != "" ]; then
80 echo "Assuming policy to be '$policy'.";
81 else
82 echo "Could not find policy."
83 exit -1;
84 fi
85 else
86 policy=$3;
87 fi
90 findMapFile $policy
91 res=$?
92 if [ "$res" != "0" ]; then
93 showLabels $mapfile
94 else
95 echo "Could not find map file for policy '$1'."
96 fi
97 elif [ "$mode" == "usage" ]; then
98 usage
99 else
100 if [ "$2" == "" ]; then
101 usage
102 exit -1
103 fi
104 if [ "$3" == "" ]; then
105 findGrubConf
106 ret=$?
107 if [ $ret -eq 0 ]; then
108 echo "Could not find grub.conf"
109 exit -1;
110 fi
111 findPolicyInGrub $grubconf
112 if [ "$policy" != "" ]; then
113 echo "Assuming policy to be '$policy'.";
114 else
115 echo "Could not find policy."
116 exit -1;
117 fi
119 else
120 policy=$3;
121 fi
122 findMapFile $policy
123 res=$?
124 if [ "$res" != "0" ]; then
125 relabel $1 $2 $mapfile $mode
126 else
127 echo "Could not find map file for policy '$3'."
128 fi
130 fi