f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#!/sbin/sh
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# CDDL HEADER START
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# The contents of this file are subject to the terms of the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# Common Development and Distribution License (the "License").
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# You may not use this file except in compliance with the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# or http://www.opensolaris.org/os/licensing.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# See the License for the specific language governing permissions
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# and limitations under the License.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# When distributing Covered Code, include this CDDL HEADER in each
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# If applicable, add the following below this CDDL HEADER, with the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# fields enclosed by brackets "[]" replaced with your own identifying
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# information: Portions Copyright [yyyy] [name of copyright owner]
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# CDDL HEADER END
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# This is a transient service for Trusted Extensions to perform miscellaneous
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# set-up in a labeled zone. It can be extended to disable any selected
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# services so they will not be started in zones.
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica#
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica. /lib/svc/share/smf_include.sh
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# Add pam entries for labeling.
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshiredo_addpam()
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire{
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire pamconf=/etc/pam.conf
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire grep '^[ ]*other.*account.*pam_tsol_account' $pamconf \
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire > /dev/null 2>&1
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire if [ $? -ne 0 ] ; then
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire # Append new entry
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire cat >> $pamconf << EOF
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshireother account required pam_tsol_account.so.1
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic AleshireEOF
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire fi
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire}
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# In the global zone, there's nothing to do so this service exits.
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshireif smf_is_globalzone; then
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire /usr/sbin/svcadm disable $SMF_FMRI
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire exit $SMF_EXIT_OK
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricafi
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# Exit if Trusted Extensions is not enabled.
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshiresmf_is_system_labeled || exit $SMF_EXIT_OK
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire# Add pam entries for the labeled zone.
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshiredo_addpam
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
6d02032db7b674f185405d42cc8bf10a46a9ab3aRic Aleshire
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# Disable any services here (remember to add dependencies to the
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica# tsol-zones XML manifest) ...
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01rica
f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01ricaexit $SMF_EXIT_OK