usr/src/cmd/tsol/demo/clonebylabel.sh

   1 #!/bin/sh
   2 #
   3 # CDDL HEADER START
   4 #
   5 # The contents of this file are subject to the terms of the
   6 # Common Development and Distribution License (the "License").
   7 # You may not use this file except in compliance with the License.
   8 #
   9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10 # or http://www.opensolaris.org/os/licensing.
  11 # See the License for the specific language governing permissions
  12 # and limitations under the License.
  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 # Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  23 # Use is subject to license terms.
  24 #
  25 #ident  "%Z%%M% %I%     %E% SMI"
  26 #
  27 # clonebylabel
  28 #
  29 # This script installs zones by cloning a zfs snapshot.
  30 # For each sensitivity label dominated by the clearance
  31 # a zone is installed if necessary. If the zone name is
  32 # not already defined in tnzonecfg, the user is prompted
  33 # to provide a unique zone name.
  34 #
  35 # $1 is the label upper bound (clearance)
  36 #
  37 # $2 is the zone snaphot to clone for a new zone
  38
  39 ZONECFG=/etc/security/tsol/tnzonecfg
  40 clearance=$1
  41 image=$2
  42
  43 #
  44 # Configure a zone
  45 #
  46
  47 configure()
  48 {
  49         config=/tmp/zfg.$$
  50         echo "create -F -t SUNWtsoldef" > $config
  51         echo "set zonepath=/zone/$zonename" >> $config
  52         echo "commit" >> $config
  53         /usr/sbin/zonecfg -z $zonename -f $config
  54         rm $config
  55 }
  56
  57 #
  58 # Clone a zone
  59 #
  60
  61 clone()
  62 {
  63         echo Cloning $zonename from $image ...
  64         found=`zoneadm -z $zonename list -p 2>/dev/null`
  65         if [ $found ]; then
  66                 true
  67         else
  68                 echo "$zonename is being configured."
  69                 configure
  70         fi
  71         /usr/sbin/zfs clone $image zone/$zonename
  72         /usr/sbin/zoneadm -z $zonename attach -F
  73 }
  74
  75 #
  76 # Create missing zones for each label dominated by clearance
  77 #
  78
  79 for label in `lslabels -h "$clearance"`; do
  80     zonename=`/bin/grep $label: $ZONECFG | cut -d ":" -f1`
  81     if [ $zonename ]; then
  82         state=`zoneadm -z $zonename list -p 2>/dev/null | cut -d ":" -f3`
  83         if [ $state ]; then
  84             if [ $state != configured ]; then
  85                 echo $zonename is already installed.
  86                 continue
  87             fi
  88         fi
  89     else
  90         zonelabel=`hextoalabel $label`
  91         echo Enter zone name for $zonelabel
  92         echo or RETURN to skip this label:
  93         read zonename
  94         if [ $zonename ]; then
  95                 nz=`/bin/grep "^$zonename:" $ZONECFG | cut -d ":" -f1`
  96                 if [ $nz ]; then
  97                         echo $zonename is already used for another label.
  98                 else
  99                         echo "$zonename:$label:0::" >> $ZONECFG
 100                 fi
 101         else
 102                 echo Skipping zone for $zonelabel
 103                 continue
 104         fi
 105     fi
 106     clone
 107 done