ia64/xen-unstable

view tools/security/setlabel.sh @ 7238:971e7c7411b3

Raise an exception if an error appears on the pipes to our children, and make
sure that the child's pipes are closed even under that exception. Move the
handling of POLLHUP to the end of the loop, so that we guarantee to read any
remaining data from the child if POLLHUP and POLLIN appear at the same time.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@ewan
date Thu Oct 06 10:13:11 2005 +0100 (2005-10-06)
parents 06d84bf87159
children d6ebcfc5a30b
line source
1 #!/bin/sh
2 # *
3 # * setlabel
4 # *
5 # * Copyright (C) 2005 IBM Corporation
6 # *
7 # * Authors:
8 # * Stefan Berger <stefanb@us.ibm.com>
9 # *
10 # * This program is free software; you can redistribute it and/or
11 # * modify it under the terms of the GNU General Public License as
12 # * published by the Free Software Foundation, version 2 of the
13 # * License.
14 # *
15 # * 'setlabel' labels virtual machine (domain) configuration files with
16 # * security identifiers that can be enforced in Xen.
17 # *
18 # * 'setlabel -?' shows the usage of the program
19 # *
20 # * 'setlabel -l vmconfig-file' lists all available labels (only VM
21 # * labels are used right now)
22 # *
23 # * 'setlabel vmconfig-file security-label map-file' inserts the 'ssidref'
24 # * that corresponds to the security-label under the
25 # * current policy (if policy changes, 'label'
26 # * must be re-run over the configuration files;
27 # * map-file is created during policy translation and
28 # * is found in the policy's directory
29 #
31 if [ -z "$runbash" ]; then
32 runbash="1"
33 export runbash
34 exec sh -c "bash $0 $*"
35 fi
37 export PATH=$PATH:.
38 source labelfuncs.sh
40 usage ()
41 {
42 echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
43 echo " or $0 -l [<policy name>]"
44 echo ""
45 echo "Valid options are:"
46 echo "-r : to relabel a file without being prompted"
47 echo ""
48 echo "vmfile : XEN vm configuration file"
49 echo "label : the label to map to an ssidref"
50 echo "policy name : the name of the policy, i.e. 'chwall'"
51 echo " If the policy name is omitted, it is attempted"
52 echo " to find the current policy's name in grub.conf."
53 echo ""
54 echo "-l [<policy name>] is used to show valid labels in the map file of"
55 echo " the given or current policy."
56 echo ""
57 }
60 if [ "$1" == "-r" ]; then
61 mode="relabel"
62 shift
63 elif [ "$1" == "-l" ]; then
64 mode="show"
65 shift
66 elif [ "$1" == "-?" ]; then
67 mode="usage"
68 fi
70 if [ "$mode" == "show" ]; then
71 if [ "$1" == "" ]; then
72 findGrubConf
73 ret=$?
74 if [ $ret -eq 0 ]; then
75 echo "Could not find grub.conf"
76 exit -1;
77 fi
78 findPolicyInGrub $grubconf
79 if [ "$policy" != "" ]; then
80 echo "Assuming policy to be '$policy'.";
81 else
82 echo "Could not find policy."
83 exit -1;
84 fi
85 else
86 policy=$3;
87 fi
90 findMapFile $policy
91 res=$?
92 if [ "$res" != "0" ]; then
93 showLabels $mapfile
94 else
95 echo "Could not find map file for policy '$1'."
96 fi
97 elif [ "$mode" == "usage" ]; then
98 usage
99 else
100 if [ "$2" == "" ]; then
101 usage
102 exit -1
103 fi
104 if [ "$3" == "" ]; then
105 findGrubConf
106 ret=$?
107 if [ $ret -eq 0 ]; then
108 echo "Could not find grub.conf"
109 exit -1;
110 fi
111 findPolicyInGrub $grubconf
112 if [ "$policy" != "" ]; then
113 echo "Assuming policy to be '$policy'.";
114 else
115 echo "Could not find policy."
116 exit -1;
117 fi
119 else
120 policy=$3;
121 fi
122 findMapFile $policy
123 res=$?
124 if [ "$res" != "0" ]; then
125 relabel $1 $2 $mapfile $mode
126 else
127 echo "Could not find map file for policy '$3'."
128 fi
130 fi