ia64/xen-unstable

changeset 7540:d6ebcfc5a30b

The attached patch fixes 2 issues with the scripts written for the Xen
access control module and makes the tools more self-explanatory.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kaf24@firebug.cl.cam.ac.uk
date Thu Oct 27 17:27:04 2005 +0100 (2005-10-27)
parents 7ba4019f7b2d
children 602f7fc3e1b1
files tools/security/getlabel.sh tools/security/setlabel.sh tools/security/updategrub.sh
line diff
     1.1 --- a/tools/security/getlabel.sh	Thu Oct 27 17:24:06 2005 +0100
     1.2 +++ b/tools/security/getlabel.sh	Thu Oct 27 17:27:04 2005 +0100
     1.3 @@ -36,18 +36,21 @@ source labelfuncs.sh
     1.4  
     1.5  usage ()
     1.6  {
     1.7 -	echo "Usage: $0 -sid <ssidref> [<policy name>] or"
     1.8 -	echo "       $0 -dom <domid>   [<policy name>]  "
     1.9 -	echo ""
    1.10 -	echo "policy name : the name of the policy, i.e. 'chwall'"
    1.11 -	echo "              If the policy name is omitted, the grub.conf"
    1.12 -	echo "              entry of the running system is tried to be read"
    1.13 -	echo "              and the policy name determined from there."
    1.14 -	echo "ssidref     : an ssidref in hex or decimal format, i.e., '0x00010002'"
    1.15 -	echo "              or '65538'"
    1.16 -	echo "domid       : id of the domain, i.e., '1'; Use numbers from the 2nd"
    1.17 -	echo "              column shown when invoking 'xm list'"
    1.18 -	echo ""
    1.19 +echo "Use this tool to display the label of a domain or the label that is
    1.20 +corresponding to an ssidref given the name of the running policy.
    1.21 +
    1.22 +Usage: $0 -sid <ssidref> [<policy name>] or
    1.23 +       $0 -dom <domid>   [<policy name>]
    1.24 +
    1.25 +policy name : the name of the policy, i.e. 'chwall'
    1.26 +              If the policy name is omitted, the grub.conf
    1.27 +              entry of the running system is tried to be read
    1.28 +              and the policy name determined from there.
    1.29 +ssidref     : an ssidref in hex or decimal format, i.e., '0x00010002'
    1.30 +              or '65538'
    1.31 +domid       : id of the domain, i.e., '1'; Use numbers from the 2nd
    1.32 +              column shown when invoking 'xm list'
    1.33 +"
    1.34  }
    1.35  
    1.36  
     2.1 --- a/tools/security/setlabel.sh	Thu Oct 27 17:24:06 2005 +0100
     2.2 +++ b/tools/security/setlabel.sh	Thu Oct 27 17:27:04 2005 +0100
     2.3 @@ -39,21 +39,27 @@ source labelfuncs.sh
     2.4  
     2.5  usage ()
     2.6  {
     2.7 -	echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
     2.8 -	echo "    or $0 -l [<policy name>]"
     2.9 -	echo ""
    2.10 -	echo "Valid options are:"
    2.11 -	echo "-r          : to relabel a file without being prompted"
    2.12 -	echo ""
    2.13 -	echo "vmfile      : XEN vm configuration file"
    2.14 -	echo "label       : the label to map to an ssidref"
    2.15 -	echo "policy name : the name of the policy, i.e. 'chwall'"
    2.16 -	echo "              If the policy name is omitted, it is attempted"
    2.17 -	echo "              to find the current policy's name in grub.conf."
    2.18 -	echo ""
    2.19 -	echo "-l [<policy name>] is used to show valid labels in the map file of"
    2.20 -	echo "                   the given or current policy."
    2.21 -	echo ""
    2.22 +echo "Use this tool to put the ssidref corresponding to a label of a policy into
    2.23 +the VM configuration file, or use it to display all labels of a policy.
    2.24 +
    2.25 +Usage: $0 [Option] <vmfile> <label> [<policy name>]
    2.26 +    or $0 -l [<policy name>]
    2.27 +
    2.28 +Valid options are:
    2.29 +-r          : to relabel a file without being prompted
    2.30 +
    2.31 +vmfile      : XEN vm configuration file; give complete path
    2.32 +label       : the label to map to an ssidref
    2.33 +policy name : the name of the policy, i.e. 'chwall'
    2.34 +              If the policy name is omitted, it is attempted
    2.35 +              to find the current policy's name in grub.conf.
    2.36 +
    2.37 +-l [<policy name>] is used to show valid labels in the map file of
    2.38 +                   the given or current policy. If the policy name
    2.39 +                   is omitted, it will be tried to determine the
    2.40 +                   current policy from grub.conf (/boot/grub/grub.conf)
    2.41 +
    2.42 +"
    2.43  }
    2.44  
    2.45  
    2.46 @@ -83,7 +89,7 @@ if [ "$mode" == "show" ]; then
    2.47  			exit -1;
    2.48  		fi
    2.49  	else
    2.50 -		policy=$3;
    2.51 +		policy=$1;
    2.52  	fi
    2.53  
    2.54  
    2.55 @@ -92,7 +98,7 @@ if [ "$mode" == "show" ]; then
    2.56  	if [ "$res" != "0" ]; then
    2.57  		showLabels $mapfile
    2.58  	else
    2.59 -		echo "Could not find map file for policy '$1'."
    2.60 +		echo "Could not find map file for policy '$policy'."
    2.61  	fi
    2.62  elif [ "$mode" == "usage" ]; then
    2.63  	usage
     3.1 --- a/tools/security/updategrub.sh	Thu Oct 27 17:24:06 2005 +0100
     3.2 +++ b/tools/security/updategrub.sh	Thu Oct 27 17:27:04 2005 +0100
     3.3 @@ -26,11 +26,16 @@ fi
     3.4  # Show usage of this program
     3.5  usage ()
     3.6  {
     3.7 -	echo "Usage: $0 <policy name> <root of xen repository>"
     3.8 -	echo ""
     3.9 -	echo "<policy name>             : The name of the policy, i.e. xen_null"
    3.10 -	echo "<root of xen repository>  : The root of the XEN repositrory."
    3.11 -	echo ""
    3.12 +echo "Use this tool to add the binary policy to the Xen grub entry and
    3.13 +have Xen automatically enforce the policy when starting.
    3.14 +
    3.15 +Usage: $0 <policy name> <root of xen repository>
    3.16 +
    3.17 +<policy name>             : The name of the policy, i.e. xen_null
    3.18 +<root of xen repository>  : The root of the XEN repository. Give
    3.19 +                            complete path.
    3.20 +
    3.21 +"
    3.22  }
    3.23  
    3.24  # This function sets the global variable 'linux'
    3.25 @@ -43,11 +48,24 @@ getLinuxVersion ()
    3.26  	for f in $path/linux-*-xen0 ; do
    3.27  		versionfile=$f/include/linux/version.h
    3.28  		if [ -r $versionfile ]; then
    3.29 -			lnx=`cat $versionfile | \
    3.30 -			     grep UTS_RELEASE | \
    3.31 -			     awk '{             \
    3.32 -			       len=length($3);  \
    3.33 -			       print substr($3,2,len-2) }'`
    3.34 +			lnx=`cat $versionfile |                \
    3.35 +			     grep UTS_RELEASE |                \
    3.36 +			     awk '{                            \
    3.37 +			       len=length($3);                 \
    3.38 +			       version=substr($3,2,len-2);     \
    3.39 +			       split(version,numbers,".");     \
    3.40 +			       if (numbers[4]=="") {           \
    3.41 +			         printf("%s.%s.%s",            \
    3.42 +			                 numbers[1],           \
    3.43 +			                 numbers[2],           \
    3.44 +			                 numbers[3]);          \
    3.45 +			       } else {                        \
    3.46 +			         printf("%s.%s.%s[.0-9]*-xen0",\
    3.47 +			                numbers[1],            \
    3.48 +			                numbers[2],            \
    3.49 +			                numbers[3]);           \
    3.50 +			       }                               \
    3.51 +			     }'`
    3.52  		fi
    3.53  		if [ "$lnx" != "" ]; then
    3.54  			linux="[./0-9a-zA-z]*$lnx"
    3.55 @@ -143,10 +161,19 @@ updateGrub ()
    3.56  		echo "Could not create temporary file! Aborting."
    3.57  		exit -1
    3.58  	fi
    3.59 -	mv -f $tmpfile $grubconf
    3.60 +	diff $tmpfile $grubconf > /dev/null
    3.61 +	RES=$?
    3.62 +	if [ "$RES" == "0" ]; then
    3.63 +		echo "No changes were made to $grubconf."
    3.64 +	else
    3.65 +		echo "Successfully updated $grubconf."
    3.66 +		mv -f $tmpfile $grubconf
    3.67 +	fi
    3.68  }
    3.69  
    3.70  if [ "$1" == "" -o "$2" == "" ]; then
    3.71 +	echo "Error: Not enough command line parameters."
    3.72 +	echo ""
    3.73  	usage
    3.74  	exit -1
    3.75  fi