svc-labeld revision 36d41b68ce4ecc38f01ced5fe21dddf05a5f9289
394N/A# The contents of this file are subject to the terms of the 394N/A# Common Development and Distribution License (the "License"). 394N/A# You may not use this file except in compliance with the License. 394N/A# See the License for the specific language governing permissions 394N/A# and limitations under the License. 394N/A# When distributing Covered Code, include this CDDL HEADER in each 394N/A# If applicable, add the following below this CDDL HEADER, with the 394N/A# fields enclosed by brackets "[]" replaced with your own identifying 394N/A# information: Portions Copyright [yyyy] [name of copyright owner] 394N/A# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 6092N/A# Use is subject to license terms. 618N/A if [ $# -
ne 3 -o
"$2" !=
"-R" ];
then 394N/A echo "$0: invalid syntax" 2899N/A echo "$0: invalid syntax: -R allowed for start method only" 3817N/A echo "$0: invalid -R rootpath dir specified" 1938N/A echo "$0: not supported in a local zone" 394N/A # Comment out audio, usb, removable-media, and hotpluggable device # Setup dependent services # Run bsmconv so audit and device allocation is enabled by # default with Trusted Extensions. echo "Running bsmconv ..." # For Trusted Extensions, make nscd service transient in local zones. # No comments or blanks lines allowed in entries below dtlogin account requisite pam_roles.so.1 dtlogin account required pam_unix_account.so.1 dtsession account requisite pam_roles.so.1 dtsession account required pam_unix_account.so.1 gdm account requisite pam_roles.so.1 gdm account required pam_unix_account.so.1 xscreensaver account requisite pam_roles.so.1 xscreensaver account required pam_unix_account.so.1 passwd account requisite pam_roles.so.1 passwd account required pam_unix_account.so.1 dtpasswd account requisite pam_roles.so.1 dtpasswd account required pam_unix_account.so.1 tsoljds-tstripe account requisite pam_roles.so.1 tsoljds-tstripe account required pam_unix_account.so.1 other account required pam_tsol_account.so.1 echo "$0: ${PAM_DEST} not found; aborting" # Update pam.conf to append Trusted Extensions entries if not # If this is the 'other' entry, add it unless it already if [ $e1 = "other" ]; then # Add other entries unless they already have a # Append TX lines if any were not present already. echo "# Entries for Trusted Extensions" >> $PAM_DEST echo "$0: updating $PAM_DEST entries for Trusted Extensions;" echo "$0: ${PAM_DEST} not found; aborting" echo "$0: pam_tsol_account module not present," echo "$0: No changes were made to $PAM_DEST." # Setup dependent services TX_PROD_URN="urn:uuid:fc720df3-410f-11dc-9b8e-080020a9ed93" # if already registered then do nothing more here # this instance id was saved in a SMF property # matching service tag found, so do nothing # no match for instance id saved in SMF property # fall through: no service tag, or does not match saved instance id # determine the urn of the parent (Solaris) SOL_PROD_URN="-F urn:uuid:6df19e63-7ef5-11db-a4bd-080020a9ed93" SOL_PROD_URN="-F urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113" # save instance id in SMF property # delete saved instance id # If a labeld door exists, check for a labeld process and exit # if the daemon is already running. echo "$0: labeld is already running" echo "$0: this script can only be invoked by smf(5)" echo "$0: Temporarily enabling Trusted Extensions is not allowed." # Make changes to enable Trusted Extensions echo "$0: already enabled. Exiting." echo "$0: Must remove zones before enabling Trusted Extensions." # start daemon proccess so our service doesn't go into echo "$0: Started. Must reboot and configure Trusted Extensions." # Make changes to enable Trusted Extensions echo "$0: already enabled. Exiting." # Setup dependent services echo "$0: Started. Must configure Trusted Extensions before booting." echo "$0: Must remove zones before disabling Trusted Extensions." # Uncomment audio, usb, removable-media, and hotpluggable device echo "$0: Stopped. Will take effect at next boot." echo "Usage: $0 { start | stop }"