diff options
| author | Thuy Fettig <Thuy.Fettig@oracle.COM> | 2010-08-10 17:06:51 -0400 |
|---|---|---|
| committer | Thuy Fettig <Thuy.Fettig@oracle.COM> | 2010-08-10 17:06:51 -0400 |
| commit | 269f47de02761bab3b7b28e2007a2bac34f629cc (patch) | |
| tree | 8effbc24fa3db3fe978200782f00b0e29aecd4cd /usr/src | |
| parent | 8f6658897e88431fedd1dbcecab56535cb8a6ebf (diff) | |
| download | illumos-joyent-269f47de02761bab3b7b28e2007a2bac34f629cc.tar.gz | |
6968076 implement removal of bsmconv/bsmunconv per PSARC/2010/263
6968089 Convert /etc/rd2.d/S98deallocate to SMF as part of PSARC/2010/263
6946887 bsmconv should record DEVICE_ALLOCATION=ON in unlabeled device_allocate
PSARC/2010/263 Redux: bsmconv(1M), bsmunconv(1M) EOL and removal
--HG--
rename : usr/src/cmd/bsmconv/bsmconv.sh => usr/src/cmd/allocate/svc-allocate
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/cmd/Makefile | 14 | ||||
| -rw-r--r-- | usr/src/cmd/allocate/Makefile | 11 | ||||
| -rw-r--r-- | usr/src/cmd/allocate/allocate.xml | 101 | ||||
| -rw-r--r-- | usr/src/cmd/allocate/svc-allocate | 114 | ||||
| -rw-r--r-- | usr/src/cmd/bsmconv/Makefile | 58 | ||||
| -rw-r--r-- | usr/src/cmd/bsmconv/bsmconv.sh | 203 | ||||
| -rw-r--r-- | usr/src/cmd/bsmunconv/Makefile | 58 | ||||
| -rw-r--r-- | usr/src/cmd/bsmunconv/bsmunconv.sh | 136 | ||||
| -rw-r--r-- | usr/src/cmd/initpkg/init.d/Makefile | 4 | ||||
| -rw-r--r-- | usr/src/cmd/initpkg/init.d/deallocate | 56 | ||||
| -rw-r--r-- | usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh | 6 | ||||
| -rw-r--r-- | usr/src/cmd/tsol/labeld/svc-labeld | 21 | ||||
| -rw-r--r-- | usr/src/lib/libsecdb/auth_attr.txt | 1 | ||||
| -rw-r--r-- | usr/src/lib/libsecdb/help/auths/Makefile | 1 | ||||
| -rw-r--r-- | usr/src/lib/libsecdb/help/auths/SmfAllocate.html | 36 | ||||
| -rw-r--r-- | usr/src/lib/libsecdb/prof_attr.txt | 2 | ||||
| -rw-r--r-- | usr/src/pkg/manifests/SUNWcs.mf | 8 | ||||
| -rw-r--r-- | usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf | 1 |
18 files changed, 279 insertions, 552 deletions
diff --git a/usr/src/cmd/Makefile b/usr/src/cmd/Makefile index 3bc3713aa1..f12453c223 100644 --- a/usr/src/cmd/Makefile +++ b/usr/src/cmd/Makefile @@ -45,6 +45,7 @@ FIRST_SUBDIRS= \ COMMON_SUBDIRS= \ agents \ + allocate \ availdevs \ lp \ perl \ @@ -69,7 +70,7 @@ COMMON_SUBDIRS= \ basename \ bc \ bdiff \ - beadm \ + beadm \ bfs \ bnu \ boot \ @@ -529,10 +530,8 @@ MSGSUBDIRS= \ banner \ bart \ basename \ - beadm \ + beadm \ bnu \ - bsmconv \ - bsmunconv \ busstat \ cal \ cat \ @@ -792,10 +791,9 @@ $(CLOSED_BUILD)DCSUBDIRS += \ $(CLOSED)/cmd/pax # -# commands that belong only to audit and device allocation +# commands that belong only to audit. # AUDITSUBDIRS= \ - allocate \ amt \ audit \ audit_warn \ @@ -805,9 +803,7 @@ AUDITSUBDIRS= \ auditreduce \ auditset \ auditstat \ - praudit \ - bsmconv \ - bsmunconv + praudit # # commands not owned by the systems group diff --git a/usr/src/cmd/allocate/Makefile b/usr/src/cmd/allocate/Makefile index d448b24d37..789730c4b7 100644 --- a/usr/src/cmd/allocate/Makefile +++ b/usr/src/cmd/allocate/Makefile @@ -20,8 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved. # ETCTSOLFILES = devalloc_defaults @@ -34,6 +33,10 @@ ROOTSECLIB = $(ROOTSEC)/lib ROOTSECAUD = $(ROOTSEC)/audio ROOTDIRS = $(ROOTSECDEV) $(ROOTSECLIB) $(ROOTSECAUD) +ROOTMANIFESTDIR= $(ROOTSVCSYSTEMDEVICE) +SVCMETHOD = svc-allocate +MANIFEST = allocate.xml + RTLCKS = audio fd0 sr0 st0 st1 CLEANfd = fd_clean CLEANsr = sr_clean @@ -107,8 +110,8 @@ CLOBBERFILES += $(SCRIPTS) all : $(PROG) $(RTLCKS) $(SCRIPTS) install : $(PROG) $(ROOTDIRS) $(ROOTPROG) $(ROOTLOCKS) \ - $(ROOTSCRIPTS) $(ROOTLINKS) $(ROOTWDWLINKS) $(ROOTETCTSOLFILES) - + $(ROOTSCRIPTS) $(ROOTLINKS) $(ROOTWDWLINKS) \ + $(ROOTETCTSOLFILES) $(ROOTMANIFEST) $(ROOTSVCMETHOD) $(RTLCKS): $(TOUCH) $@ diff --git a/usr/src/cmd/allocate/allocate.xml b/usr/src/cmd/allocate/allocate.xml new file mode 100644 index 0000000000..9de9a1ddb8 --- /dev/null +++ b/usr/src/cmd/allocate/allocate.xml @@ -0,0 +1,101 @@ +<?xml version="1.0"?> +<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> +<!-- + + CDDL HEADER START + + The contents of this file are subject to the terms of the + Common Development and Distribution License (the "License"). + You may not use this file except in compliance with the License. + + You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + or http://www.opensolaris.org/os/licensing. + See the License for the specific language governing permissions + and limitations under the License. + + When distributing Covered Code, include this CDDL HEADER in each + file and include the License file at usr/src/OPENSOLARIS.LICENSE. + If applicable, add the following below this CDDL HEADER, with the + fields enclosed by brackets "[]" replaced with your own identifying + information: Portions Copyright [yyyy] [name of copyright owner] + + CDDL HEADER END + + Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + + NOTE: This service manifest is not editable; its contents will + be overwritten by package or patch operations, including + operating system upgrade. Make customizations in a different + file. +--> + +<service_bundle type='manifest' name='SUNWcs:allocate'> + +<service + name='system/device/allocate' + type='service' + version='1'> + + <create_default_instance enabled='false' /> + + <single_instance/> + + <dependency + name='usr' + grouping='require_all' + restart_on='none' + type='service'> + <service_fmri value='svc:/system/device/local' /> + </dependency> + + <!-- + Start method timeout is long to account for devices which + take a long time to probe or enumerate. + --> + <exec_method + type='method' + name='start' + exec='/lib/svc/method/svc-allocate %m' + timeout_seconds='60' /> + + <exec_method + type='method' + name='stop' + exec='/lib/svc/method/svc-allocate %m' + timeout_seconds='60' /> + + <property_group name='startd' type='framework'> + <propval name='duration' type='astring' + value='transient' /> + </property_group> + + <property_group name='general' type='framework'> + <propval name='action_authorization' type='astring' + value='solaris.smf.manage.allocate' /> + <propval name='value_authorization' type='astring' + value='solaris.smf.manage.allocate' /> + </property_group> + + <stability value='Stable' /> + + <template> + <common_name> + <loctext xml:lang='C'> + device allocation + </loctext> + </common_name> + <documentation> + <manpage title='allocate' section='1' manpath='/usr/share/man' /> + <manpage title='deallocate' section='1' manpath='/usr/share/man' /> + <manpage title='list_devices' section='1' manpath='/usr/share/man' /> + <manpage title='device_allocate' section='1M' manpath='/usr/share/man' /> + <manpage title='mkdevalloc' section='1M' manpath='/usr/share/man' /> + <manpage title='mkdevmaps' section='1M' manpath='/usr/share/man' /> + <manpage title='dminfo' section='1M' manpath='/usr/share/man' /> + <manpage title='device_maps' section='4' manpath='/usr/share/man' /> + <manpage title='device_allocate' section='4' manpath='/usr/share/man' /> + </documentation> + </template> +</service> + +</service_bundle> diff --git a/usr/src/cmd/allocate/svc-allocate b/usr/src/cmd/allocate/svc-allocate new file mode 100644 index 0000000000..9fdcc77f16 --- /dev/null +++ b/usr/src/cmd/allocate/svc-allocate @@ -0,0 +1,114 @@ +#! /bin/sh +# +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved. +# + +. /lib/svc/share/smf_include.sh + +DEVALLOC=/etc/security/device_allocate +DEVMAPS=/etc/security/device_maps +DEVFSADM=/usr/sbin/devfsadm +MKDEVALLOC=/usr/sbin/mkdevalloc +MKDEVMAPS=/usr/sbin/mkdevmaps +HALFDI=/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi + +# dev_allocation_convert +# All the real work gets done in this function + +dev_allocation_convert() +{ +# +# If allocation already configured, just return +# +if [ -f ${HALFDI} -a -f ${DEVALLOC} -a -f ${DEVMAPS} ]; then + return +fi + +# Prevent automount of removable and hotpluggable volume +# by forcing volume.ignore HAL property on all such volumes. +if [ ! -f ${HALFDI} ]; then + cat > ${HALFDI} <<FDI +<?xml version="1.0" encoding="UTF-8"?> +<deviceinfo version="0.2"> + <device> + <match key="info.capabilities" contains="volume"> + <match key="@block.storage_device:storage.removable" bool="true"> + <merge key="volume.ignore" type="bool">true</merge> + </match> + <match key="@block.storage_device:storage.hotpluggable" bool="true"> + <merge key="volume.ignore" type="bool">true</merge> + </match> + </match> + </device> +</deviceinfo> +FDI +fi + +# Initialize device allocation + + +# Need to determine if Trusted Extensions is enabled. +# Check the setting in etc/system (other methods won't work +# because TX is likely not yet fully active.) +# +grep "^[ ]*set[ ][ ]*sys_labeling[ ]*=[ ]*1" \ + /etc/system > /dev/null 2>&1 + +if [ $? = 0 ]; then + # Trusted Extensions is enabled (but possibly not yet booted). + ${DEVFSADM} -e +else + if [ ! -f ${DEVALLOC} ]; then + echo "DEVICE_ALLOCATION=ON" > $DEVALLOC + ${MKDEVALLOC} >> $DEVALLOC + fi + if [ ! -f ${DEVMAPS} ]; then + ${MKDEVMAPS} > $DEVMAPS + fi +fi +} + +dev_allocation_unconvert() +{ + # Turn off device allocation. + ${DEVFSADM} -d + /usr/bin/rm -f $DEVALLOC $DEVMAPS + # Restore default policy for removable and hotpluggable volumes + /usr/bin/rm -f $HALFDI +} + +case "$1" in +'start') + dev_allocation_convert + deallocate -Is + ;; +'stop') + state=`/usr/bin/svcprop -c -p general/enabled $SMF_FMRI 2>/dev/null` + if [ "$state" = "true" ] ; then + exit $SMF_EXIT_OK + fi + dev_allocation_unconvert + ;; +esac + +exit $SMF_EXIT_OK diff --git a/usr/src/cmd/bsmconv/Makefile b/usr/src/cmd/bsmconv/Makefile deleted file mode 100644 index b66775cb16..0000000000 --- a/usr/src/cmd/bsmconv/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# cmd/bsmconv/Makefile -# - -PROG = bsmconv - -include ../Makefile.cmd - -FILEMODE = 0740 -DIRMODE = 0755 - -ROOTETCSECURITY = $(ROOT)/etc/security -ROOTETCSECURITYSPOOL = $(ROOT)/etc/security/spool -ROOTETCSECURITYFILES = $(PROG:%=$(ROOTETCSECURITY)/%) - -all: $(PROG) - -install: all $(ROOTETCSECURITY) $(ROOTETCSECURITYFILES) $(ROOTETCSECURITYSPOOL) - -$(ROOTETCSECURITY): - $(INS.dir) - -$(ROOTETCSECURITYSPOOL): - $(INS.dir) - -$(ROOTETCSECURITY)/%:% - $(INS.file) - -clean: - -lint: - -include ../Makefile.targ - -.KEEP_STATE: diff --git a/usr/src/cmd/bsmconv/bsmconv.sh b/usr/src/cmd/bsmconv/bsmconv.sh deleted file mode 100644 index 5a4c653a4d..0000000000 --- a/usr/src/cmd/bsmconv/bsmconv.sh +++ /dev/null @@ -1,203 +0,0 @@ -#! /bin/sh -# -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -PROG=bsmconv - -TEXTDOMAIN="SUNW_OST_OSCMD" -export TEXTDOMAIN - -DEVALLOC=/etc/security/device_allocate -DEVMAPS=/etc/security/device_maps -DEVFSADM=/usr/sbin/devfsadm -MKDEVALLOC=/usr/sbin/mkdevalloc -MKDEVMAPS=/usr/sbin/mkdevmaps -ZONENAME=/sbin/zonename - -# Perform required permission checks, depending on value of LOCAL_ROOT -# (whether we are converting the active OS or just alternative boot -# environments). -permission() -{ -ZONE=`${ZONENAME}` -if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ] -then - form=`gettext "%s: ERROR: you must be in the global zone to run this script."` - printf "${form}\n" $PROG - exit 1 -fi - -WHO=`id | cut -f1 -d" "` -if [ ! "$WHO" = "uid=0(root)" ] -then - form=`gettext "%s: ERROR: you must be super-user to run this script."` - printf "${form}\n" $PROG - exit 1 -fi - -RESP="x" -while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ] -do -gettext "This script is used to enable device allocation.\n" -form=`gettext "Shall we continue with the conversion now? [y/n]"` -echo "$form \c" -read RESP -done - -if [ "$RESP" = `gettext "n"` ] -then - form=`gettext "%s: INFO: aborted, due to user request."` - printf "${form}\n" $PROG - exit 2 -fi -} - -# Do some sanity checks to see if the arguments to bsmconv -# are, in fact, root directories for clients. -sanity_check() -{ -for ROOT in $@ -do - if [ -d $ROOT -a -w $ROOT -a -f $ROOT/etc/system -a -d $ROOT/usr ] - then - # There is a root directory to write to, - # so we can potentially complete the conversion. - : - else - form=`gettext "%s: ERROR: %s doesn't look like a client's root."` - printf "${form}\n" $PROG $ROOT - form=`gettext "%s: ABORTED: nothing done."` - printf "${form}\n" $PROG - exit 4 - fi -done -} - -# dev_allocation_convert -# All the real work gets done in this function - -dev_allocation_convert() -{ -# Prevent automount of removable and hotpluggable volumes -# by forcing volume.ignore HAL property on all such volumes. -if [ -d ${ROOT}/etc/hal/fdi ] ; then - cat > ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi <<FDI -<?xml version="1.0" encoding="UTF-8"?> -<deviceinfo version="0.2"> - <device> - <match key="info.capabilities" contains="volume"> - <match key="@block.storage_device:storage.removable" bool="true"> - <merge key="volume.ignore" type="bool">true</merge> - </match> - <match key="@block.storage_device:storage.hotpluggable" bool="true"> - <merge key="volume.ignore" type="bool">true</merge> - </match> - </match> - </device> -</deviceinfo> -FDI -fi - -# Initialize device allocation - -form=`gettext "%s: INFO: initializing device allocation."` -printf "${form}\n" $PROG - -# Need to determine if Trusted Extensions is enabled. This is tricky -# because we need to know if TX will be active on the boot following -# bsmconv. Check the setting in etc/system (other methods won't work -# because TX is likely not yet fully active.) -# -grep "^[ ]*set[ ][ ]*sys_labeling[ ]*=[ ]*1" \ - $ROOT/etc/system > /dev/null 2>&1 - -if [ $? = 0 ]; then - # Trusted Extensions is enabled (but possibly not yet booted). - # This is not currently done for alternate boot environments. - if [ -z "$ROOT" -o "$ROOT" = "/" ] - then - ${DEVFSADM} -e - fi -else - if [ ! -f ${ROOT}/${DEVALLOC} ] - then - ${MKDEVALLOC} > ${ROOT}/$DEVALLOC - fi - if [ ! -f ${ROOT}/${DEVMAPS} ] - then - ${MKDEVMAPS} > ${ROOT}/$DEVMAPS - fi -fi -} - -# main loop - -sanity_check $@ -if [ $# -eq 0 ] -then - # converting local root, perform all permission checks - LOCAL_ROOT=true - permission - - ROOT= - - dev_allocation_convert - - echo - gettext "Device allocation is ready. If there were any errors, please\n" - gettext "fix them now. Reboot this system now to come up with device\n" - gettext "allocation enabled." -else - # determine if local root is being converted ("/" passed on - # command line), if so, full permission check required - LOCAL_ROOT=false - for ROOT in $@ - do - if [ "$ROOT" = "/" ] - then - LOCAL_ROOT=true - fi - done - - # perform required permission checks (depending on value of - # LOCAL_ROOT) - permission - - for ROOT in $@ - do - form=`gettext "%s: INFO: converting boot environment %s ..."` - printf "${form}\n" $PROG $ROOT - dev_allocation_convert $ROOT - form=`gettext "%s: INFO: done with boot environment %s"` - printf "${form}\n" $PROG $ROOT - done - - echo - gettext "Device allocation is ready. If there were any errors,\n" - gettext "please fix them now. Reboot each non-local system\n" - gettext "converted to come up with device allocation enabled.\n" -fi - -exit 0 diff --git a/usr/src/cmd/bsmunconv/Makefile b/usr/src/cmd/bsmunconv/Makefile deleted file mode 100644 index c855c26ff0..0000000000 --- a/usr/src/cmd/bsmunconv/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -# cmd/bsmunconv/Makefile -# - -PROG = bsmunconv - -include ../Makefile.cmd - -FILEMODE = 0740 -DIRMODE = 0755 - -ROOTETCSECURITY = $(ROOT)/etc/security -ROOTETCSECURITYSPOOL = $(ROOT)/etc/security/spool -ROOTETCSECURITYFILES = $(PROG:%=$(ROOTETCSECURITY)/%) - -all: $(PROG) - -install: all $(ROOTETCSECURITY) $(ROOTETCSECURITYFILES) $(ROOTETCSECURITYSPOOL) - -$(ROOTETCSECURITY): - $(INS.dir) - -$(ROOTETCSECURITYSPOOL): - $(INS.dir) - -$(ROOTETCSECURITY)/%:% - $(INS.file) - -clean: - -lint: - -include ../Makefile.targ - -.KEEP_STATE: diff --git a/usr/src/cmd/bsmunconv/bsmunconv.sh b/usr/src/cmd/bsmunconv/bsmunconv.sh deleted file mode 100644 index f8c1f36e59..0000000000 --- a/usr/src/cmd/bsmunconv/bsmunconv.sh +++ /dev/null @@ -1,136 +0,0 @@ -#! /bin/sh -# -# -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# - -PROG=bsmunconv -PATH=/usr/sbin:/usr/bin:/sbin - -TEXTDOMAIN="SUNW_OST_OSCMD" -export TEXTDOMAIN -ZONENAME=/sbin/zonename -DEVFSADM=/usr/sbin/devfsadm - - -# Perform required permission checks, depending on value of LOCAL_ROOT -# (whether we are converting the active OS or just alternative boot -# environments). -permission() -{ -cd /usr/lib -ZONE=`${ZONENAME}` -if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ] -then - form=`gettext "%s: ERROR: you must be in the global zone to run this script."` - printf "${form}\n" $PROG - exit 1 -fi - -WHO=`id | cut -f1 -d" "` -if [ ! "$WHO" = "uid=0(root)" ] -then - form=`gettext "%s: ERROR: you must be super-user to run this script."` - printf "${form}\n" $PROG - exit 1 -fi - -RESP="x" -while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ] -do -gettext "This script is used to disable device allocation.\n" -form=`gettext "Would you like to continue now? [y/n]"` -echo "$form \c" -read RESP -done - -if [ "$RESP" = `gettext "n"` ] -then - form=`gettext "%s: INFO: aborted, due to user request."` - printf "${form}\n" $PROG - exit 2 -fi -} - -# disable device allocation - -dev_allocation_unconvert() -{ -# Turn off device allocation. This is not currently done for alternate -# boot environments. -if [ -z "$ROOT" -o "$ROOT" = "/" ] -then - ${DEVFSADM} -d -fi - -# Restore default policy for removable and hotpluggable volumes -rm -f ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi -} - -# main - -if [ $# -eq 0 ] -then - - # converting local root, perform all permission checks - LOCAL_ROOT=true - permission - - # begin conversion - ROOT= - - dev_allocation_unconvert - - echo - gettext "Device allocation has been disabled. Reboot the system now\n" - gettext "to come up without this feature.\n" -else - - # determine if local root is being converted ("/" passed on - # command line), if so, full permission check required - LOCAL_ROOT=false - for ROOT in $@ - do - if [ "$ROOT" = "/" ] - then - LOCAL_ROOT=true - fi - done - - # perform required permission checks (depending on value of - # LOCAL_ROOT) - permission - - for ROOT in $@ - do - dev_allocation_unconvert $ROOT - done - - echo - gettext "Device allocation has been disabled. Reboot each non-local\n" - gettext "system that was disabled to come up without this feature.\n" -fi - -exit 0 - diff --git a/usr/src/cmd/initpkg/init.d/Makefile b/usr/src/cmd/initpkg/init.d/Makefile index 0fbefce422..1638dfa604 100644 --- a/usr/src/cmd/initpkg/init.d/Makefile +++ b/usr/src/cmd/initpkg/init.d/Makefile @@ -20,8 +20,7 @@ # # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved. # include ../../Makefile.cmd @@ -32,7 +31,6 @@ i386_PROG= PROG= \ README \ cachefs.daemon \ - deallocate \ devlinks \ dhcp \ drvconfig \ diff --git a/usr/src/cmd/initpkg/init.d/deallocate b/usr/src/cmd/initpkg/init.d/deallocate deleted file mode 100644 index 7ef8aeeb6d..0000000000 --- a/usr/src/cmd/initpkg/init.d/deallocate +++ /dev/null @@ -1,56 +0,0 @@ -#!/sbin/sh -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License, Version 1.0 only -# (the "License"). You may not use this file except in compliance -# with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# -# Copyright 2004 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. -# -#ident "%Z%%M% %I% %E% SMI" - -# if the audit state is "disabled" auditconfig returns -# non-zero exit status unless the c2audit module is loaded; -# if c2audit is loaded, "disabled" becomes "noaudit" early -# in the boot cycle and "auditing" only after auditd starts. -# in both cases, "noaudit" and "auditing", a zero exit status -# is returned - -AUDITCONFIG=/usr/sbin/auditconfig - -AUDITCOND=`$AUDITCONFIG -getcond 2> /dev/null` -if [ $? -ne 0 ]; then - exit 0; -fi - -case "$1" in -'start') - /usr/sbin/deallocate -Is - ;; - -'stop') - ;; - -*) - echo "Usage: $0 { start | stop }" - exit 1 - ;; -esac -exit 0 diff --git a/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh b/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh index 0094c068cf..4847e18add 100644 --- a/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh +++ b/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh @@ -22,16 +22,14 @@ # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T # All Rights Reserved # -# Copyright 2009 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved. # COMMON_STARTLST="\ 20sysetup \ 70uucp \ 73cachefs.daemon \ -82mkdtab \ -98deallocate" +82mkdtab" INSDIR=${ROOT}/etc/rc2.d diff --git a/usr/src/cmd/tsol/labeld/svc-labeld b/usr/src/cmd/tsol/labeld/svc-labeld index 028c93fad6..ed8f0ab647 100644 --- a/usr/src/cmd/tsol/labeld/svc-labeld +++ b/usr/src/cmd/tsol/labeld/svc-labeld @@ -19,8 +19,7 @@ # # CDDL HEADER END # -# Copyright 2010 Sun Microsystems, Inc. All rights reserved. -# Use is subject to license terms. +# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. # . /lib/svc/share/smf_include.sh @@ -88,26 +87,18 @@ __ENABLE_OTHERS } -do_bsmconv() +do_audit_devalloc() { - # Run bsmconv so device allocation is enabled by + # Ensure auditing and device allocation are enabled by # default with Trusted Extensions. if [ "$ROOT_PATH" = "/" -o "$ROOT_PATH" = "" ]; then - BSMDIR="" - else - BSMDIR=$ROOT_PATH - fi - echo "Running bsmconv ..." - echo `TEXTDOMAIN="SUNW_OST_OSCMD" gettext "y"` | \ - $ROOT_PATH/etc/security/bsmconv $ROOT_PATH - # Run auditd so auditing is enabled by default - # with Trusted Extensions. - if [ "$BSMDIR" = "" ]; then + /usr/sbin/svcadm enable -s svc:/system/device/allocate:default echo "Starting auditd ..." /usr/sbin/audit -s else cat >> $ROOT_PATH/var/svc/profile/upgrade <<\_ENABLE_AUDITD /usr/sbin/audit -s + /usr/sbin/svcadm enable -s svc:/system/device/allocate:default _ENABLE_AUDITD fi } @@ -274,7 +265,7 @@ do_commonstart() do_otherservices do_logindev - do_bsmconv + do_audit_devalloc do_nscd do_addpam diff --git a/usr/src/lib/libsecdb/auth_attr.txt b/usr/src/lib/libsecdb/auth_attr.txt index 7f30e64320..b92b42874d 100644 --- a/usr/src/lib/libsecdb/auth_attr.txt +++ b/usr/src/lib/libsecdb/auth_attr.txt @@ -122,6 +122,7 @@ solaris.smf.modify.dependency:::Modify Service Dependencies::help=SmfModifyDepen solaris.smf.modify.application:::Modify Application Type Properties::help=SmfModifyAppl.html solaris.smf.modify.framework:::Modify Framework Type Properties::help=SmfModifyFramework.html solaris.smf.manage.:::Manage All SMF Service States::help=SmfManageHeader.html +solaris.smf.manage.allocate:::Manage Device Allocation Service::help=SmfAllocate.html solaris.smf.manage.audit:::Manage Audit Service States::help=SmfManageAudit.html solaris.smf.manage.autofs:::Manage Automount Service States::help=SmfAutofsStates.html solaris.smf.manage.bind:::Manage DNS Service States::help=BindStates.html diff --git a/usr/src/lib/libsecdb/help/auths/Makefile b/usr/src/lib/libsecdb/help/auths/Makefile index 3822013c57..64cb5e42d5 100644 --- a/usr/src/lib/libsecdb/help/auths/Makefile +++ b/usr/src/lib/libsecdb/help/auths/Makefile @@ -65,6 +65,7 @@ HTMLENTS = \ DhcpmgrHeader.html \ DhcpmgrWrite.html \ BindStates.html \ + SmfAllocate.html \ SmfAutofsStates.html \ SmfCoreadmStates.html \ SmfCronStates.html \ diff --git a/usr/src/lib/libsecdb/help/auths/SmfAllocate.html b/usr/src/lib/libsecdb/help/auths/SmfAllocate.html new file mode 100644 index 0000000000..805268b151 --- /dev/null +++ b/usr/src/lib/libsecdb/help/auths/SmfAllocate.html @@ -0,0 +1,36 @@ +<HTML> +<!-- + CDDL HEADER START + + The contents of this file are subject to the terms of the + Common Development and Distribution License (the "License"). + You may not use this file except in compliance with the License. + + You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + or http://www.opensolaris.org/os/licensing. + See the License for the specific language governing permissions + and limitations under the License. + + When distributing Covered Code, include this CDDL HEADER in each + file and include the License file at usr/src/OPENSOLARIS.LICENSE. + If applicable, add the following below this CDDL HEADER, with the + fields enclosed by brackets "[]" replaced with your own identifying + information: Portions Copyright [yyyy] [name of copyright owner] + + CDDL HEADER END + + Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +--> +<!-- + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> +--> +<BODY> +When Manage Device Allocation Service is in the Authorizations Include +column, it grants the authorization to enable or disable the device +allocation service. +<p> +If Manage Device Allocation Service is grayed, then you are not entitled +to Add or Remove this authorization. +<p> +</BODY> +</HTML> diff --git a/usr/src/lib/libsecdb/prof_attr.txt b/usr/src/lib/libsecdb/prof_attr.txt index 85c9a89e9d..c752659868 100644 --- a/usr/src/lib/libsecdb/prof_attr.txt +++ b/usr/src/lib/libsecdb/prof_attr.txt @@ -37,7 +37,7 @@ Printer Management:::Manage printers, daemons, spooling:auths=solaris.print.*,so Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html Log Management:::Manage log files:help=RtLogMngmnt.html Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.wusb.read;profiles=All;help=RtDefault.html -Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt;help=RtDeviceSecurity.html +Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt,solaris.smf.manage.allocate;help=RtDeviceSecurity.html DHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html Extended Accounting Flow Management:::Manage the Flow Extended Accounting service:auths=solaris.smf.manage.extended-accounting.flow,solaris.smf.value.extended-accounting.flow;profiles=acctadm;help=RtExActtFlow.html Extended Accounting Process Management:::Manage the Process Extended Accounting service:auths=solaris.smf.manage.extended-accounting.process,solaris.smf.value.extended-accounting.process;profiles=acctadm;hep=RtExAcctProcess.html diff --git a/usr/src/pkg/manifests/SUNWcs.mf b/usr/src/pkg/manifests/SUNWcs.mf index 1490962ac6..ef77145418 100644 --- a/usr/src/pkg/manifests/SUNWcs.mf +++ b/usr/src/pkg/manifests/SUNWcs.mf @@ -71,7 +71,6 @@ dir path=etc/security/dev group=sys dir path=etc/security/exec_attr.d group=sys dir path=etc/security/lib group=sys dir path=etc/security/prof_attr.d group=sys -dir path=etc/security/spool group=sys dir path=etc/skel group=sys dir path=etc/svc group=sys dir path=etc/svc/profile group=sys @@ -398,7 +397,6 @@ file path=etc/inet/wanboot.conf.sample group=sys mode=0444 file path=etc/init.d/PRESERVE group=sys mode=0744 preserve=true file path=etc/init.d/README group=sys preserve=true file path=etc/init.d/cachefs.daemon group=sys mode=0744 preserve=true -file path=etc/init.d/deallocate group=sys mode=0744 preserve=true file path=etc/init.d/ldap.client group=sys mode=0744 file path=etc/init.d/mkdtab group=sys mode=0744 preserve=true file path=etc/init.d/nscd group=sys mode=0744 @@ -446,8 +444,6 @@ file path=etc/security/audit_warn group=sys mode=0740 preserve=renamenew file path=etc/security/auth_attr group=sys preserve=true \ timestamp=19700101T000000Z file path=etc/security/auth_attr.d/SUNWcs group=sys -file path=etc/security/bsmconv group=sys mode=0740 -file path=etc/security/bsmunconv group=sys mode=0740 file path=etc/security/crypt.conf group=sys preserve=renamenew file path=etc/security/dev/audio mode=0400 file path=etc/security/dev/fd0 mode=0400 @@ -565,6 +561,7 @@ file path=lib/svc/manifest/system/console-login.xml group=sys mode=0444 file path=lib/svc/manifest/system/coreadm.xml group=sys mode=0444 file path=lib/svc/manifest/system/cron.xml group=sys mode=0444 file path=lib/svc/manifest/system/cryptosvc.xml group=sys mode=0444 +file path=lib/svc/manifest/system/device/allocate.xml group=sys mode=0444 file path=lib/svc/manifest/system/device/devices-audio.xml group=sys mode=0444 file path=lib/svc/manifest/system/device/devices-local.xml group=sys mode=0444 file path=lib/svc/manifest/system/device/mpxio-upgrade.xml group=sys mode=0444 @@ -625,6 +622,7 @@ file path=lib/svc/method/net-routing-setup mode=0555 file path=lib/svc/method/net-svc mode=0555 file path=lib/svc/method/rmtmpfiles mode=0555 file path=lib/svc/method/rpc-bind mode=0555 +file path=lib/svc/method/svc-allocate mode=0555 file path=lib/svc/method/svc-auditd mode=0555 file path=lib/svc/method/svc-auditset mode=0555 file path=lib/svc/method/svc-boot-config mode=0555 @@ -1073,6 +1071,7 @@ file path=usr/lib/help/auths/locale/C/NetworkVRRP.html file path=usr/lib/help/auths/locale/C/PriAdmin.html file path=usr/lib/help/auths/locale/C/ProfmgrHeader.html file path=usr/lib/help/auths/locale/C/RoleHeader.html +file path=usr/lib/help/auths/locale/C/SmfAllocate.html file path=usr/lib/help/auths/locale/C/SmfAutofsStates.html file path=usr/lib/help/auths/locale/C/SmfCoreadmStates.html file path=usr/lib/help/auths/locale/C/SmfCronStates.html @@ -2030,7 +2029,6 @@ hardlink path=etc/rc2.d/S73cachefs.daemon \ target=../../etc/init.d/cachefs.daemon hardlink path=etc/rc2.d/S82mkdtab target=../../etc/init.d/mkdtab hardlink path=etc/rc2.d/S89PRESERVE target=../../etc/init.d/PRESERVE -hardlink path=etc/rc2.d/S98deallocate target=../../etc/init.d/deallocate $(sparc_ONLY)hardlink path=etc/svc/profile/platform_SUNW,Sun-Fire-V890.xml \ target=./platform_SUNW,Sun-Fire-880.xml $(sparc_ONLY)hardlink \ diff --git a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf index 4b4b1b95d7..cd585c40b0 100644 --- a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf +++ b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf @@ -137,6 +137,7 @@ file path=usr/lib/help/auths/locale/PrintPs.html file path=usr/lib/help/auths/locale/PrintUnlabeled.html file path=usr/lib/help/auths/locale/ProfmgrHeader.html file path=usr/lib/help/auths/locale/RoleHeader.html +file path=usr/lib/help/auths/locale/SmfAllocate.html file path=usr/lib/help/auths/locale/SmfAutofsStates.html file path=usr/lib/help/auths/locale/SmfCoreadmStates.html file path=usr/lib/help/auths/locale/SmfCronStates.html |