Hallo, dies ist ein Test.
PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html
Running in File Mode
Relative path: ./../../.././../../../lib/svc/method/svc-labeld
Real path: /lib/svc/method/svc-labeld
Zurück
#!/usr/bin/sh # # Copyright (c) 2007, 2020, Oracle and/or its affiliates. # . /lib/svc/share/smf_include.sh ROOT_PATH="" if [ $# -gt 1 ]; then if [ $# -ne 3 -o "$2" != "-R" ]; then echo "$0: invalid syntax" exit $SMF_EXIT_ERR_CONFIG fi if [ "$3" != "/" ]; then ROOT_PATH=$3 fi fi if [ -n "$ROOT_PATH" ]; then echo "$0: invalid syntax: -R not allowed" exit $SMF_EXIT_ERR_CONFIG fi if smf_is_nonglobalzone; then if smf_is_system_labeled; then /usr/sbin/svcadm disable $SMF_FMRI smf_method_exit $SMF_EXIT_TEMP_DISABLE clearance \ "not supported in a labeled zone" fi fi do_otherservices() { # Setup dependent services /usr/sbin/svcadm enable svc:/network/tnd:default /usr/sbin/svcadm enable svc:/system/tsol-zones:default /usr/sbin/svcadm enable svc:/network/rpc/rstat:default } do_devalloc() { # # Ensure device allocation is enabled by default with # Trusted Extensions. Clean up any non-Trusted device # allocation because it is different. # /usr/sbin/svcadm disable -s svc:/system/device/allocate:default # Set up for Trusted device allocation /usr/sbin/svcadm enable -s svc:/system/device/allocate:default } do_bootupd() { if [ -f $ROOT_PATH/platform/`/usr/sbin/uname -m`/boot_archive ]; then if [ -z "$ROOT_PATH" -o "$ROOT_PATH" = "/" ]; then /usr/sbin/bootadm update-archive else /usr/sbin/bootadm update-archive -R $ROOT_PATH fi fi } do_commonstart() { # Setup dependent services do_otherservices do_devalloc # change multihomed send/receive behavior /usr/sbin/ipadm set-prop -p hostmodel=strong ipv4 /usr/sbin/ipadm set-prop -p hostmodel=strong ipv6 do_bootupd } do_servicetag_register() { ROOTDIR=$1 SOL_ARCH=`/usr/sbin/uname -p` SOL_VERS=`/usr/sbin/uname -r` TX_PROD_URN="urn:uuid:fc720df3-410f-11dc-9b8e-080020a9ed93" if [ ! -x /usr/bin/stclient ]; then return fi # if already registered then do nothing more here inst=`/usr/bin/svcprop -p labeld/svctag_inst $SMF_FMRI 2>/dev/null` if [ -n "$inst" ]; then # this instance id was saved in a SMF property /usr/bin/stclient -g -i $inst -r $ROOTDIR >/dev/null 2>&1 if [ $? = 0 ]; then # matching service tag found, so do nothing return else # no match for instance id saved in SMF property /usr/sbin/svccfg -s $SMF_FMRI delprop \ labeld/svctag_inst /usr/sbin/svcadm refresh $SMF_FMRI fi fi # fall through: no service tag, or does not match saved instance id # determine the urn of the parent (Solaris) SOL_PROD_URN="" case $SOL_VERS in 5.11) SOL_PROD_URN="-F urn:uuid:6df19e63-7ef5-11db-a4bd-080020a9ed93" ;; 5.10) SOL_PROD_URN="-F urn:uuid:5005588c-36f3-11d6-9cec-fc96f718e113" ;; esac # add the service tag RC=`/usr/bin/stclient -a -p "Solaris Trusted Extensions" \ -e $SOL_VERS -t $TX_PROD_URN -P Solaris $SOL_PROD_URN \ -m Sun -A $SOL_ARCH -z global -S $0 -r $ROOTDIR` if [ $? = 0 ]; then # save instance id in SMF property inst=`echo "$RC" | grep -i urn|awk -F= '{print $2}'` /usr/sbin/svccfg -s $SMF_FMRI setprop \ labeld/svctag_inst = astring: "$inst" /usr/sbin/svcadm refresh $SMF_FMRI fi } do_servicetag_delete() { if [ ! -x /usr/bin/stclient ]; then return fi inst=`/usr/bin/svcprop -p labeld/svctag_inst labeld:init 2>/dev/null` if [ -n "$inst" ]; then # delete service tag /usr/bin/stclient -d -i $inst # delete saved instance id /usr/sbin/svccfg -s labeld:init delprop labeld/svctag_inst /usr/sbin/svcadm refresh labeld:init fi } daemon_start() { if [ -r /var/tsol/doors/labeld ]; then /usr/bin/pkill -x -u 0 -P 1 -z `smf_zonename` labeld >/dev/null 2>&1 fi /usr/bin/rm -f /var/tsol/doors/labeld /usr/lib/labeld } PATH=/usr/sbin:/usr/bin; export PATH case "$1" in 'start') if [ -z "$ROOT_PATH" -o "$ROOT_PATH" = "/" ]; then # must be native if [ -z "$SMF_FMRI" ]; then echo "$0: this script can only be invoked by smf(7)" exit $SMF_EXIT_ERR_NOSMF fi # If there are signs of a labeling change being delayed until # reboot, skip enable mechanics now. /usr/sbin/svcadm refresh labeld:init boot=`/usr/bin/svcprop -p labeld/delay labeld:init 2>/dev/null` if [ -n "$boot" ]; then exit $SMF_EXIT_OK fi # Enable labeling - verify conditions first. labeladm enable -qn if [ $? != 0 ]; then labeladm enable -n echo "$0: Use labeladm to enable labeling." exit $SMF_EXIT_ERR_CONFIG fi tx_enabled=`/usr/bin/svcprop -c -p general/enabled $SMF_FMRI` if [ "$tx_enabled" = "false" ]; then # A sign of trying temporary enablement...no-no echo "$0: Temporarily enabling labeling is not allowed." exit $SMF_EXIT_ERR_CONFIG fi # Disable standard labeling policy /usr/sbin/svcadm disable svc:/system/labeld:clearance # Set labeling active in the kernel /usr/sbin/tnctl -S 1 /usr/sbin/svcadm enable svc:/system/labeld:init fi ;; 'start_clearance') if [ -z "$ROOT_PATH" -o "$ROOT_PATH" = "/" ]; then # must be native if [ -z "$SMF_FMRI" ]; then echo "$0: this script can only be invoked by smf(7)" exit $SMF_EXIT_ERR_NOSMF fi if smf_is_system_labeled; then exit $SMF_EXIT_OK elif smf_is_nonglobalzone; then # # The doors directory is only installed by pkg # in the global zone. It needs to be created here # for non-global zones. # if [ ! -d /var/tsol/doors ]; then /usr/bin/mkdir -m 0755 /var/tsol/doors /usr/bin/chown root:sys /var/tsol/doors fi fi daemon_start fi ;; 'init') initialized=`/usr/bin/svcprop -p labeld/init_done $SMF_FMRI 2>/dev/null` if [ "$initialized" = "false" ]; then # Make one-time changes to set up Trusted Extensions labeling do_commonstart /usr/sbin/svccfg -s $SMF_FMRI setprop labeld/init_done = true /usr/sbin/svcadm refresh $SMF_FMRI fi do_servicetag_register / daemon_start ;; 'unconfigure') if [ -z "$SMF_FMRI" ]; then echo "$0: this script can only be invoked by smf(7)" exit $SMF_EXIT_ERR_NOSMF fi # The standard policy for labeling needs to be re-enabled, # but may go into maintance until the next reboot if the # the TX policy is still in effect. # If there are signs of a labeling change being delayed until # reboot, skip disable mechanics now. /usr/sbin/svcadm refresh labeld:init boot=`/usr/bin/svcprop -p labeld/delay labeld:init 2>/dev/null` if [ -n "$boot" ]; then /usr/sbin/svcadm enable labeld:clearance exit $SMF_EXIT_OK fi # Disable labeling - verify conditions first. labeladm disable -qn if [ $? != 0 ]; then labeladm disable -n echo "$0: Use labeladm to disable labeling." exit $SMF_EXIT_ERR_CONFIG fi # Stop Trusted services. /usr/sbin/svcadm disable svc:/system/tsol-zones:default 2>/dev/null /usr/sbin/svcadm disable svc:/network/tnd:default 2>/dev/null # Device allocation in TX is different than non-TX /usr/sbin/svcadm disable svc:/system/device/allocate:default # Set labeling not active in the kernel /usr/sbin/tnctl -S 0 /usr/sbin/svcadm disable svc:/system/labeld:default do_servicetag_delete # reset multihomed send/receive to default /usr/sbin/ipadm reset-prop -p hostmodel ipv4 /usr/sbin/ipadm reset-prop -p hostmodel ipv6 /usr/sbin/svccfg -s labeld:init setprop labeld/init_done = false /usr/sbin/svcadm refresh labeld:init do_bootupd /usr/bin/pkill -x -u 0 -P 1 -z `smf_zonename` labeld /usr/sbin/svcadm enable labeld:clearance ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit $SMF_EXIT_OK