ia64/xen-unstable

view tools/security/setlabel.sh @ 8740:3d7ea7972b39

Update patches for linux 2.6.15.

Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Thu Feb 02 17:16:00 2006 +0000 (2006-02-02)
parents 8aac8746047b
children
line source
1 #!/bin/sh
2 # *
3 # * setlabel
4 # *
5 # * Copyright (C) 2005 IBM Corporation
6 # *
7 # * Authors:
8 # * Stefan Berger <stefanb@us.ibm.com>
9 # *
10 # * This program is free software; you can redistribute it and/or
11 # * modify it under the terms of the GNU General Public License as
12 # * published by the Free Software Foundation, version 2 of the
13 # * License.
14 # *
15 # * 'setlabel' labels virtual machine (domain) configuration files with
16 # * security identifiers that can be enforced in Xen.
17 # *
18 # * 'setlabel -?' shows the usage of the program
19 # *
20 # * 'setlabel -l vmconfig-file' lists all available labels (only VM
21 # * labels are used right now)
22 # *
23 # * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
24 # * that corresponds to the security-label under the
25 # * current policy (if policy changes, 'label'
26 # * must be re-run over the configuration files;
27 # * map-file is created during policy translation and
28 # * is found in the policy's directory
29 #
31 if [ -z "$runbash" ]; then
32 runbash="1"
33 export runbash
34 exec sh -c "bash $0 $*"
35 fi
37 export PATH=$PATH:.
38 dir=`dirname $0`
39 source $dir/labelfuncs.sh
41 usage ()
42 {
43 prg=`basename $0`
44 echo "Use this tool to put the ssidref corresponding to a label of a policy into
45 the VM configuration file, or use it to display all labels of a policy.
47 Usage: $prg [-r] <vmfile> <label> [<policy name> [<policy dir>]] or
48 $prg -l [<policy name> [<policy dir>]]
50 -r : to relabel a file without being prompted
51 -l : to show the valid labels in a map file
52 vmfile : XEN vm configuration file; give complete path
53 label : the label to map to an ssidref
54 policy name : the name of the policy, i.e. 'chwall'
55 If the policy name is omitted, it is attempted
56 to find the current policy's name in grub.conf.
57 policy dir : the directory where the <policy name> policy is located
58 The default location is '/etc/xen/acm-security/policies'
59 "
60 }
62 if [ "$1" == "-r" ]; then
63 mode="relabel"
64 shift
65 elif [ "$1" == "-l" ]; then
66 mode="show"
67 shift
68 elif [ "$1" == "-h" ]; then
69 mode="usage"
70 fi
72 if [ "$mode" == "usage" ]; then
73 usage
74 elif [ "$mode" == "show" ]; then
75 setPolicyVars $1 $2
76 ret=$?
77 if [ $ret -eq 0 ]; then
78 echo "Error when trying to find policy-related information."
79 exit -1
80 fi
81 findMapFile $policy $policydir
82 ret=$?
83 if [ $ret -eq 0 ]; then
84 echo "Could not find map file for policy '$policy'."
85 exit -1
86 fi
87 showLabels $mapfile
88 else
89 if [ "$2" == "" ]; then
90 usage
91 exit -1
92 fi
93 setPolicyVars $3 $4
94 ret=$?
95 if [ $ret -eq 0 ]; then
96 echo "Error when trying to find policy-related information."
97 exit -1
98 fi
99 findMapFile $policy $policydir
100 ret=$?
101 if [ $ret -eq 0 ]; then
102 echo "Could not find map file for policy '$policy'."
103 exit -1
104 fi
105 relabel $1 $2 $mapfile $mode
106 fi