# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID d6ebcfc5a30b0cfc70f77a547abb3dd06a30358c
# Parent 7ba4019f7b2d1db8a5e060b699541dc4b7ccfb8f
The attached patch fixes 2 issues with the scripts written for the Xen
access control module and makes the tools more self-explanatory.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
diff -r 7ba4019f7b2d -r d6ebcfc5a30b tools/security/getlabel.sh
--- a/tools/security/getlabel.sh Thu Oct 27 16:24:06 2005
+++ b/tools/security/getlabel.sh Thu Oct 27 16:27:04 2005
@@ -36,18 +36,21 @@
usage ()
{
- echo "Usage: $0 -sid <ssidref> [<policy name>] or"
- echo " $0 -dom <domid> [<policy name>] "
- echo ""
- echo "policy name : the name of the policy, i.e. 'chwall'"
- echo " If the policy name is omitted, the grub.conf"
- echo " entry of the running system is tried to be read"
- echo " and the policy name determined from there."
- echo "ssidref : an ssidref in hex or decimal format, i.e.,
'0x00010002'"
- echo " or '65538'"
- echo "domid : id of the domain, i.e., '1'; Use numbers from the
2nd"
- echo " column shown when invoking 'xm list'"
- echo ""
+echo "Use this tool to display the label of a domain or the label that is
+corresponding to an ssidref given the name of the running policy.
+
+Usage: $0 -sid <ssidref> [<policy name>] or
+ $0 -dom <domid> [<policy name>]
+
+policy name : the name of the policy, i.e. 'chwall'
+ If the policy name is omitted, the grub.conf
+ entry of the running system is tried to be read
+ and the policy name determined from there.
+ssidref : an ssidref in hex or decimal format, i.e., '0x00010002'
+ or '65538'
+domid : id of the domain, i.e., '1'; Use numbers from the 2nd
+ column shown when invoking 'xm list'
+"
}
diff -r 7ba4019f7b2d -r d6ebcfc5a30b tools/security/setlabel.sh
--- a/tools/security/setlabel.sh Thu Oct 27 16:24:06 2005
+++ b/tools/security/setlabel.sh Thu Oct 27 16:27:04 2005
@@ -39,21 +39,27 @@
usage ()
{
- echo "Usage: $0 [Option] <vmfile> <label> [<policy name>]"
- echo " or $0 -l [<policy name>]"
- echo ""
- echo "Valid options are:"
- echo "-r : to relabel a file without being prompted"
- echo ""
- echo "vmfile : XEN vm configuration file"
- echo "label : the label to map to an ssidref"
- echo "policy name : the name of the policy, i.e. 'chwall'"
- echo " If the policy name is omitted, it is attempted"
- echo " to find the current policy's name in grub.conf."
- echo ""
- echo "-l [<policy name>] is used to show valid labels in the map file
of"
- echo " the given or current policy."
- echo ""
+echo "Use this tool to put the ssidref corresponding to a label of a policy
into
+the VM configuration file, or use it to display all labels of a policy.
+
+Usage: $0 [Option] <vmfile> <label> [<policy name>]
+ or $0 -l [<policy name>]
+
+Valid options are:
+-r : to relabel a file without being prompted
+
+vmfile : XEN vm configuration file; give complete path
+label : the label to map to an ssidref
+policy name : the name of the policy, i.e. 'chwall'
+ If the policy name is omitted, it is attempted
+ to find the current policy's name in grub.conf.
+
+-l [<policy name>] is used to show valid labels in the map file of
+ the given or current policy. If the policy name
+ is omitted, it will be tried to determine the
+ current policy from grub.conf (/boot/grub/grub.conf)
+
+"
}
@@ -83,7 +89,7 @@
exit -1;
fi
else
- policy=$3;
+ policy=$1;
fi
@@ -92,7 +98,7 @@
if [ "$res" != "0" ]; then
showLabels $mapfile
else
- echo "Could not find map file for policy '$1'."
+ echo "Could not find map file for policy '$policy'."
fi
elif [ "$mode" == "usage" ]; then
usage
diff -r 7ba4019f7b2d -r d6ebcfc5a30b tools/security/updategrub.sh
--- a/tools/security/updategrub.sh Thu Oct 27 16:24:06 2005
+++ b/tools/security/updategrub.sh Thu Oct 27 16:27:04 2005
@@ -26,11 +26,16 @@
# Show usage of this program
usage ()
{
- echo "Usage: $0 <policy name> <root of xen repository>"
- echo ""
- echo "<policy name> : The name of the policy, i.e. xen_null"
- echo "<root of xen repository> : The root of the XEN repositrory."
- echo ""
+echo "Use this tool to add the binary policy to the Xen grub entry and
+have Xen automatically enforce the policy when starting.
+
+Usage: $0 <policy name> <root of xen repository>
+
+<policy name> : The name of the policy, i.e. xen_null
+<root of xen repository> : The root of the XEN repository. Give
+ complete path.
+
+"
}
# This function sets the global variable 'linux'
@@ -43,11 +48,24 @@
for f in $path/linux-*-xen0 ; do
versionfile=$f/include/linux/version.h
if [ -r $versionfile ]; then
- lnx=`cat $versionfile | \
- grep UTS_RELEASE | \
- awk '{ \
- len=length($3); \
- print substr($3,2,len-2) }'`
+ lnx=`cat $versionfile | \
+ grep UTS_RELEASE | \
+ awk '{ \
+ len=length($3); \
+ version=substr($3,2,len-2); \
+ split(version,numbers,"."); \
+ if (numbers[4]=="") { \
+ printf("%s.%s.%s", \
+ numbers[1], \
+ numbers[2], \
+ numbers[3]); \
+ } else { \
+ printf("%s.%s.%s[.0-9]*-xen0",\
+ numbers[1], \
+ numbers[2], \
+ numbers[3]); \
+ } \
+ }'`
fi
if [ "$lnx" != "" ]; then
linux="[./0-9a-zA-z]*$lnx"
@@ -143,10 +161,19 @@
echo "Could not create temporary file! Aborting."
exit -1
fi
- mv -f $tmpfile $grubconf
+ diff $tmpfile $grubconf > /dev/null
+ RES=$?
+ if [ "$RES" == "0" ]; then
+ echo "No changes were made to $grubconf."
+ else
+ echo "Successfully updated $grubconf."
+ mv -f $tmpfile $grubconf
+ fi
}
if [ "$1" == "" -o "$2" == "" ]; then
+ echo "Error: Not enough command line parameters."
+ echo ""
usage
exit -1
fi
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home