PSARC 2007/254 - Enabling method for Trusted Extensions

6432114 [tjds] cannot login via gdm unless clearance is set to admin_high 6533113 split install and enabling of Trusted Extensions 6533118 move TX source from TLC to ON gate 6542578 TLC putback requires i.pamconf change similar to the kerberos solution. 6552207 txzonemgr does not configure loopback mounts for /etc/passwd and /etc/shadow when creating zones 6552253 solaris.smf.manage.labels should allow for permanent as well as temporary enable/disable of labeld 6555057 txzonemgr assumes LANG is valid 6557684 pam_tsol_account could use a thorough house cleaning 6561392 txzonemgr should work from Zone Management profile 6565347 txzonemgr failed to add an interface to a zone
author: rica <none@none> 2007-07-27 16:45:56 -0700
committer: rica <none@none> 2007-07-27 16:45:56 -0700
commit: f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01 (patch)
tree: a89bd9be4c155028f554c0df7142f5c3365fb6d0 /usr/src/cmd/allocate/mkdevalloc.c
parent: 836fa82ea903ec0a04de2b008034c3816b75a739 (diff)
download: illumos-gate-f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01.tar.gz
1 files changed, 28 insertions, 19 deletions
diff --git a/usr/src/cmd/allocate/mkdevalloc.c b/usr/src/cmd/allocate/mkdevalloc.c
index a7d2febcc5..750b1eeb9a 100644
--- a/usr/src/cmd/allocate/mkdevalloc.c
+++ b/usr/src/cmd/allocate/mkdevalloc.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -68,6 +68,7 @@
 #include <libintl.h>
 #include <libdevinfo.h>
 #include <secdb.h>
+#include <deflt.h>
 #include <auth_attr.h>
 #include <auth_list.h>
 #include <bsm/devices.h>
@@ -163,7 +164,6 @@ main(int argc, char **argv)
 {
 	int		cd_count = 0;
 	char		*progname;
-	struct stat	tx_stat;
 
 	(void) setlocale(LC_ALL, "");
 	(void) textdomain(TEXT_DOMAIN);
@@ -181,25 +181,34 @@ main(int argc, char **argv)
 
 	system_labeled = is_system_labeled();
 
+	if (!system_labeled) {
+		/*
+		 * is_system_labeled() will return false in case we are
+		 * starting before the first reboot after Trusted Extensions
+		 * is enabled.  Check the setting in /etc/system to see if
+		 * TX is enabled (even if not yet booted).
+		 */
+		if (defopen("/etc/system") == 0) {
+			if (defread("set sys_labeling=1") != NULL)
+				system_labeled = 1;
+
+			/* close defaults file */
+			(void) defopen(NULL);
+		}
+	}
+
+#ifdef DEBUG
 	/* test hook: see also devfsadm.c and allocate.c */
 	if (!system_labeled) {
+		struct stat	tx_stat;
+
 		system_labeled = is_system_labeled_debug(&tx_stat);
 		if (system_labeled) {
 			fprintf(stderr, "/ALLOCATE_FORCE_LABEL is set,\n"
 			    "forcing system label on for testing...\n");
 		}
 	}
-
-	if (system_labeled == 0) {
-		/*
-		 * is_system_labeled() will return false in case we are
-		 * starting before the first reboot after Trusted Extensions
-		 * is installed. we check for a well known TX binary to
-		 * to see if TX is installed.
-		 */
-		if (stat(DA_LABEL_CHECK, &tx_stat) == 0)
-			system_labeled = 1;
-	}
+#endif
 
 	if (system_labeled && do_devalloc && (argc == 2) &&
 	    (strcmp(argv[1], DA_IS_LABELED) == 0)) {
@@ -261,7 +270,7 @@ dotape()
 		if (i == ntape) {
 			/* will exit(1) if insufficient memory */
 			ntape = expandmem(i, (void **)&tape,
-					sizeof (struct tape));
+			    sizeof (struct tape));
 		}
 
 		/* save name (/dev + / + d_name + \0) */
@@ -282,7 +291,7 @@ dotape()
 
 		/* get name from symbolic link */
 		if ((sz = readlink(tape[i].name, linkvalue,
-				sizeof (linkvalue))) < 0)
+		    sizeof (linkvalue))) < 0)
 			continue;
 		nm = (char *)malloc(sz + 1);
 		if (nm == NULL)
@@ -319,7 +328,7 @@ dotape()
 		if (i == ntape) {
 			/* will exit(1) if insufficient memory */
 			ntape = expandmem(i, (void **)&tape,
-					sizeof (struct tape));
+			    sizeof (struct tape));
 		}
 
 		/* save name (/dev/rmt + / + d_name + \0) */
@@ -468,7 +477,7 @@ doaudio()
 		if (i == naudio) {
 			/* will exit(1) if insufficient memory */
 			naudio = expandmem(i, (void **)&audio,
-					sizeof (struct audio));
+			    sizeof (struct audio));
 		}
 
 		/* save name (/dev + 1 + d_name + \0) */
@@ -489,7 +498,7 @@ doaudio()
 
 		/* get name from symbolic link */
 		if ((sz = readlink(audio[i].name, linkvalue,
-				sizeof (linkvalue))) < 0)
+		    sizeof (linkvalue))) < 0)
 			continue;
 		nm = (char *)malloc(sz + 1);
 		if (nm == NULL)
@@ -520,7 +529,7 @@ doaudio()
 		if (i == naudio) {
 			/* will exit(1) if insufficient memory */
 			naudio = expandmem(i, (void **)&audio,
-					sizeof (struct audio));
+			    sizeof (struct audio));
 		}
 
 		/* save name (/dev/sound + / + d_name + \0) */
author	rica <none@none>	2007-07-27 16:45:56 -0700
committer	rica <none@none>	2007-07-27 16:45:56 -0700
commit	f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01 (patch)
tree	a89bd9be4c155028f554c0df7142f5c3365fb6d0 /usr/src/cmd/allocate/mkdevalloc.c
parent	836fa82ea903ec0a04de2b008034c3816b75a739 (diff)
download	illumos-gate-f875b4ebb1dd9fdbeb043557cab38ab3bf7f6e01.tar.gz