6968076 implement removal of bsmconv/bsmunconv per PSARC/2010/263
6968089 Convert /etc/rd2.d/S98deallocate to SMF as part of PSARC/2010/263
6946887 bsmconv should record DEVICE_ALLOCATION=ON in unlabeled device_allocate
PSARC/2010/263 Redux: bsmconv(1M), bsmunconv(1M) EOL and removal
--- a/usr/src/cmd/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/cmd/Makefile Tue Aug 10 17:06:51 2010 -0400
@@ -45,6 +45,7 @@
COMMON_SUBDIRS= \
agents \
+ allocate \
availdevs \
lp \
perl \
@@ -69,7 +70,7 @@
basename \
bc \
bdiff \
- beadm \
+ beadm \
bfs \
bnu \
boot \
@@ -529,10 +530,8 @@
banner \
bart \
basename \
- beadm \
+ beadm \
bnu \
- bsmconv \
- bsmunconv \
busstat \
cal \
cat \
@@ -792,10 +791,9 @@
$(CLOSED)/cmd/pax
#
-# commands that belong only to audit and device allocation
+# commands that belong only to audit.
#
AUDITSUBDIRS= \
- allocate \
amt \
audit \
audit_warn \
@@ -805,9 +803,7 @@
auditreduce \
auditset \
auditstat \
- praudit \
- bsmconv \
- bsmunconv
+ praudit
#
# commands not owned by the systems group
--- a/usr/src/cmd/allocate/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/cmd/allocate/Makefile Tue Aug 10 17:06:51 2010 -0400
@@ -20,8 +20,7 @@
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
#
ETCTSOLFILES = devalloc_defaults
@@ -34,6 +33,10 @@
ROOTSECAUD = $(ROOTSEC)/audio
ROOTDIRS = $(ROOTSECDEV) $(ROOTSECLIB) $(ROOTSECAUD)
+ROOTMANIFESTDIR= $(ROOTSVCSYSTEMDEVICE)
+SVCMETHOD = svc-allocate
+MANIFEST = allocate.xml
+
RTLCKS = audio fd0 sr0 st0 st1
CLEANfd = fd_clean
CLEANsr = sr_clean
@@ -107,8 +110,8 @@
all : $(PROG) $(RTLCKS) $(SCRIPTS)
install : $(PROG) $(ROOTDIRS) $(ROOTPROG) $(ROOTLOCKS) \
- $(ROOTSCRIPTS) $(ROOTLINKS) $(ROOTWDWLINKS) $(ROOTETCTSOLFILES)
-
+ $(ROOTSCRIPTS) $(ROOTLINKS) $(ROOTWDWLINKS) \
+ $(ROOTETCTSOLFILES) $(ROOTMANIFEST) $(ROOTSVCMETHOD)
$(RTLCKS):
$(TOUCH) $@
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/allocate/allocate.xml Tue Aug 10 17:06:51 2010 -0400
@@ -0,0 +1,101 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<!--
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+
+ NOTE: This service manifest is not editable; its contents will
+ be overwritten by package or patch operations, including
+ operating system upgrade. Make customizations in a different
+ file.
+-->
+
+<service_bundle type='manifest' name='SUNWcs:allocate'>
+
+<service
+ name='system/device/allocate'
+ type='service'
+ version='1'>
+
+ <create_default_instance enabled='false' />
+
+ <single_instance/>
+
+ <dependency
+ name='usr'
+ grouping='require_all'
+ restart_on='none'
+ type='service'>
+ <service_fmri value='svc:/system/device/local' />
+ </dependency>
+
+ <!--
+ Start method timeout is long to account for devices which
+ take a long time to probe or enumerate.
+ -->
+ <exec_method
+ type='method'
+ name='start'
+ exec='/lib/svc/method/svc-allocate %m'
+ timeout_seconds='60' />
+
+ <exec_method
+ type='method'
+ name='stop'
+ exec='/lib/svc/method/svc-allocate %m'
+ timeout_seconds='60' />
+
+ <property_group name='startd' type='framework'>
+ <propval name='duration' type='astring'
+ value='transient' />
+ </property_group>
+
+ <property_group name='general' type='framework'>
+ <propval name='action_authorization' type='astring'
+ value='solaris.smf.manage.allocate' />
+ <propval name='value_authorization' type='astring'
+ value='solaris.smf.manage.allocate' />
+ </property_group>
+
+ <stability value='Stable' />
+
+ <template>
+ <common_name>
+ <loctext xml:lang='C'>
+ device allocation
+ </loctext>
+ </common_name>
+ <documentation>
+ <manpage title='allocate' section='1' manpath='/usr/share/man' />
+ <manpage title='deallocate' section='1' manpath='/usr/share/man' />
+ <manpage title='list_devices' section='1' manpath='/usr/share/man' />
+ <manpage title='device_allocate' section='1M' manpath='/usr/share/man' />
+ <manpage title='mkdevalloc' section='1M' manpath='/usr/share/man' />
+ <manpage title='mkdevmaps' section='1M' manpath='/usr/share/man' />
+ <manpage title='dminfo' section='1M' manpath='/usr/share/man' />
+ <manpage title='device_maps' section='4' manpath='/usr/share/man' />
+ <manpage title='device_allocate' section='4' manpath='/usr/share/man' />
+ </documentation>
+ </template>
+</service>
+
+</service_bundle>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/allocate/svc-allocate Tue Aug 10 17:06:51 2010 -0400
@@ -0,0 +1,114 @@
+#! /bin/sh
+#
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved.
+#
+
+. /lib/svc/share/smf_include.sh
+
+DEVALLOC=/etc/security/device_allocate
+DEVMAPS=/etc/security/device_maps
+DEVFSADM=/usr/sbin/devfsadm
+MKDEVALLOC=/usr/sbin/mkdevalloc
+MKDEVMAPS=/usr/sbin/mkdevmaps
+HALFDI=/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi
+
+# dev_allocation_convert
+# All the real work gets done in this function
+
+dev_allocation_convert()
+{
+#
+# If allocation already configured, just return
+#
+if [ -f ${HALFDI} -a -f ${DEVALLOC} -a -f ${DEVMAPS} ]; then
+ return
+fi
+
+# Prevent automount of removable and hotpluggable volume
+# by forcing volume.ignore HAL property on all such volumes.
+if [ ! -f ${HALFDI} ]; then
+ cat > ${HALFDI} <<FDI
+<?xml version="1.0" encoding="UTF-8"?>
+<deviceinfo version="0.2">
+ <device>
+ <match key="info.capabilities" contains="volume">
+ <match key="@block.storage_device:storage.removable" bool="true">
+ <merge key="volume.ignore" type="bool">true</merge>
+ </match>
+ <match key="@block.storage_device:storage.hotpluggable" bool="true">
+ <merge key="volume.ignore" type="bool">true</merge>
+ </match>
+ </match>
+ </device>
+</deviceinfo>
+FDI
+fi
+
+# Initialize device allocation
+
+
+# Need to determine if Trusted Extensions is enabled.
+# Check the setting in etc/system (other methods won't work
+# because TX is likely not yet fully active.)
+#
+grep "^[ ]*set[ ][ ]*sys_labeling[ ]*=[ ]*1" \
+ /etc/system > /dev/null 2>&1
+
+if [ $? = 0 ]; then
+ # Trusted Extensions is enabled (but possibly not yet booted).
+ ${DEVFSADM} -e
+else
+ if [ ! -f ${DEVALLOC} ]; then
+ echo "DEVICE_ALLOCATION=ON" > $DEVALLOC
+ ${MKDEVALLOC} >> $DEVALLOC
+ fi
+ if [ ! -f ${DEVMAPS} ]; then
+ ${MKDEVMAPS} > $DEVMAPS
+ fi
+fi
+}
+
+dev_allocation_unconvert()
+{
+ # Turn off device allocation.
+ ${DEVFSADM} -d
+ /usr/bin/rm -f $DEVALLOC $DEVMAPS
+ # Restore default policy for removable and hotpluggable volumes
+ /usr/bin/rm -f $HALFDI
+}
+
+case "$1" in
+'start')
+ dev_allocation_convert
+ deallocate -Is
+ ;;
+'stop')
+ state=`/usr/bin/svcprop -c -p general/enabled $SMF_FMRI 2>/dev/null`
+ if [ "$state" = "true" ] ; then
+ exit $SMF_EXIT_OK
+ fi
+ dev_allocation_unconvert
+ ;;
+esac
+
+exit $SMF_EXIT_OK
--- a/usr/src/cmd/bsmconv/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# cmd/bsmconv/Makefile
-#
-
-PROG = bsmconv
-
-include ../Makefile.cmd
-
-FILEMODE = 0740
-DIRMODE = 0755
-
-ROOTETCSECURITY = $(ROOT)/etc/security
-ROOTETCSECURITYSPOOL = $(ROOT)/etc/security/spool
-ROOTETCSECURITYFILES = $(PROG:%=$(ROOTETCSECURITY)/%)
-
-all: $(PROG)
-
-install: all $(ROOTETCSECURITY) $(ROOTETCSECURITYFILES) $(ROOTETCSECURITYSPOOL)
-
-$(ROOTETCSECURITY):
- $(INS.dir)
-
-$(ROOTETCSECURITYSPOOL):
- $(INS.dir)
-
-$(ROOTETCSECURITY)/%:%
- $(INS.file)
-
-clean:
-
-lint:
-
-include ../Makefile.targ
-
-.KEEP_STATE:
--- a/usr/src/cmd/bsmconv/bsmconv.sh Tue Aug 10 10:26:15 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,203 +0,0 @@
-#! /bin/sh
-#
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-
-PROG=bsmconv
-
-TEXTDOMAIN="SUNW_OST_OSCMD"
-export TEXTDOMAIN
-
-DEVALLOC=/etc/security/device_allocate
-DEVMAPS=/etc/security/device_maps
-DEVFSADM=/usr/sbin/devfsadm
-MKDEVALLOC=/usr/sbin/mkdevalloc
-MKDEVMAPS=/usr/sbin/mkdevmaps
-ZONENAME=/sbin/zonename
-
-# Perform required permission checks, depending on value of LOCAL_ROOT
-# (whether we are converting the active OS or just alternative boot
-# environments).
-permission()
-{
-ZONE=`${ZONENAME}`
-if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ]
-then
- form=`gettext "%s: ERROR: you must be in the global zone to run this script."`
- printf "${form}\n" $PROG
- exit 1
-fi
-
-WHO=`id | cut -f1 -d" "`
-if [ ! "$WHO" = "uid=0(root)" ]
-then
- form=`gettext "%s: ERROR: you must be super-user to run this script."`
- printf "${form}\n" $PROG
- exit 1
-fi
-
-RESP="x"
-while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
-do
-gettext "This script is used to enable device allocation.\n"
-form=`gettext "Shall we continue with the conversion now? [y/n]"`
-echo "$form \c"
-read RESP
-done
-
-if [ "$RESP" = `gettext "n"` ]
-then
- form=`gettext "%s: INFO: aborted, due to user request."`
- printf "${form}\n" $PROG
- exit 2
-fi
-}
-
-# Do some sanity checks to see if the arguments to bsmconv
-# are, in fact, root directories for clients.
-sanity_check()
-{
-for ROOT in $@
-do
- if [ -d $ROOT -a -w $ROOT -a -f $ROOT/etc/system -a -d $ROOT/usr ]
- then
- # There is a root directory to write to,
- # so we can potentially complete the conversion.
- :
- else
- form=`gettext "%s: ERROR: %s doesn't look like a client's root."`
- printf "${form}\n" $PROG $ROOT
- form=`gettext "%s: ABORTED: nothing done."`
- printf "${form}\n" $PROG
- exit 4
- fi
-done
-}
-
-# dev_allocation_convert
-# All the real work gets done in this function
-
-dev_allocation_convert()
-{
-# Prevent automount of removable and hotpluggable volumes
-# by forcing volume.ignore HAL property on all such volumes.
-if [ -d ${ROOT}/etc/hal/fdi ] ; then
- cat > ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi <<FDI
-<?xml version="1.0" encoding="UTF-8"?>
-<deviceinfo version="0.2">
- <device>
- <match key="info.capabilities" contains="volume">
- <match key="@block.storage_device:storage.removable" bool="true">
- <merge key="volume.ignore" type="bool">true</merge>
- </match>
- <match key="@block.storage_device:storage.hotpluggable" bool="true">
- <merge key="volume.ignore" type="bool">true</merge>
- </match>
- </match>
- </device>
-</deviceinfo>
-FDI
-fi
-
-# Initialize device allocation
-
-form=`gettext "%s: INFO: initializing device allocation."`
-printf "${form}\n" $PROG
-
-# Need to determine if Trusted Extensions is enabled. This is tricky
-# because we need to know if TX will be active on the boot following
-# bsmconv. Check the setting in etc/system (other methods won't work
-# because TX is likely not yet fully active.)
-#
-grep "^[ ]*set[ ][ ]*sys_labeling[ ]*=[ ]*1" \
- $ROOT/etc/system > /dev/null 2>&1
-
-if [ $? = 0 ]; then
- # Trusted Extensions is enabled (but possibly not yet booted).
- # This is not currently done for alternate boot environments.
- if [ -z "$ROOT" -o "$ROOT" = "/" ]
- then
- ${DEVFSADM} -e
- fi
-else
- if [ ! -f ${ROOT}/${DEVALLOC} ]
- then
- ${MKDEVALLOC} > ${ROOT}/$DEVALLOC
- fi
- if [ ! -f ${ROOT}/${DEVMAPS} ]
- then
- ${MKDEVMAPS} > ${ROOT}/$DEVMAPS
- fi
-fi
-}
-
-# main loop
-
-sanity_check $@
-if [ $# -eq 0 ]
-then
- # converting local root, perform all permission checks
- LOCAL_ROOT=true
- permission
-
- ROOT=
-
- dev_allocation_convert
-
- echo
- gettext "Device allocation is ready. If there were any errors, please\n"
- gettext "fix them now. Reboot this system now to come up with device\n"
- gettext "allocation enabled."
-else
- # determine if local root is being converted ("/" passed on
- # command line), if so, full permission check required
- LOCAL_ROOT=false
- for ROOT in $@
- do
- if [ "$ROOT" = "/" ]
- then
- LOCAL_ROOT=true
- fi
- done
-
- # perform required permission checks (depending on value of
- # LOCAL_ROOT)
- permission
-
- for ROOT in $@
- do
- form=`gettext "%s: INFO: converting boot environment %s ..."`
- printf "${form}\n" $PROG $ROOT
- dev_allocation_convert $ROOT
- form=`gettext "%s: INFO: done with boot environment %s"`
- printf "${form}\n" $PROG $ROOT
- done
-
- echo
- gettext "Device allocation is ready. If there were any errors,\n"
- gettext "please fix them now. Reboot each non-local system\n"
- gettext "converted to come up with device allocation enabled.\n"
-fi
-
-exit 0
--- a/usr/src/cmd/bsmunconv/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-# cmd/bsmunconv/Makefile
-#
-
-PROG = bsmunconv
-
-include ../Makefile.cmd
-
-FILEMODE = 0740
-DIRMODE = 0755
-
-ROOTETCSECURITY = $(ROOT)/etc/security
-ROOTETCSECURITYSPOOL = $(ROOT)/etc/security/spool
-ROOTETCSECURITYFILES = $(PROG:%=$(ROOTETCSECURITY)/%)
-
-all: $(PROG)
-
-install: all $(ROOTETCSECURITY) $(ROOTETCSECURITYFILES) $(ROOTETCSECURITYSPOOL)
-
-$(ROOTETCSECURITY):
- $(INS.dir)
-
-$(ROOTETCSECURITYSPOOL):
- $(INS.dir)
-
-$(ROOTETCSECURITY)/%:%
- $(INS.file)
-
-clean:
-
-lint:
-
-include ../Makefile.targ
-
-.KEEP_STATE:
--- a/usr/src/cmd/bsmunconv/bsmunconv.sh Tue Aug 10 10:26:15 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,136 +0,0 @@
-#! /bin/sh
-#
-#
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-
-PROG=bsmunconv
-PATH=/usr/sbin:/usr/bin:/sbin
-
-TEXTDOMAIN="SUNW_OST_OSCMD"
-export TEXTDOMAIN
-ZONENAME=/sbin/zonename
-DEVFSADM=/usr/sbin/devfsadm
-
-
-# Perform required permission checks, depending on value of LOCAL_ROOT
-# (whether we are converting the active OS or just alternative boot
-# environments).
-permission()
-{
-cd /usr/lib
-ZONE=`${ZONENAME}`
-if [ ! "$ZONE" = "global" -a "$LOCAL_ROOT" = "true" ]
-then
- form=`gettext "%s: ERROR: you must be in the global zone to run this script."`
- printf "${form}\n" $PROG
- exit 1
-fi
-
-WHO=`id | cut -f1 -d" "`
-if [ ! "$WHO" = "uid=0(root)" ]
-then
- form=`gettext "%s: ERROR: you must be super-user to run this script."`
- printf "${form}\n" $PROG
- exit 1
-fi
-
-RESP="x"
-while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
-do
-gettext "This script is used to disable device allocation.\n"
-form=`gettext "Would you like to continue now? [y/n]"`
-echo "$form \c"
-read RESP
-done
-
-if [ "$RESP" = `gettext "n"` ]
-then
- form=`gettext "%s: INFO: aborted, due to user request."`
- printf "${form}\n" $PROG
- exit 2
-fi
-}
-
-# disable device allocation
-
-dev_allocation_unconvert()
-{
-# Turn off device allocation. This is not currently done for alternate
-# boot environments.
-if [ -z "$ROOT" -o "$ROOT" = "/" ]
-then
- ${DEVFSADM} -d
-fi
-
-# Restore default policy for removable and hotpluggable volumes
-rm -f ${ROOT}/etc/hal/fdi/policy/30user/90-solaris-device-allocation.fdi
-}
-
-# main
-
-if [ $# -eq 0 ]
-then
-
- # converting local root, perform all permission checks
- LOCAL_ROOT=true
- permission
-
- # begin conversion
- ROOT=
-
- dev_allocation_unconvert
-
- echo
- gettext "Device allocation has been disabled. Reboot the system now\n"
- gettext "to come up without this feature.\n"
-else
-
- # determine if local root is being converted ("/" passed on
- # command line), if so, full permission check required
- LOCAL_ROOT=false
- for ROOT in $@
- do
- if [ "$ROOT" = "/" ]
- then
- LOCAL_ROOT=true
- fi
- done
-
- # perform required permission checks (depending on value of
- # LOCAL_ROOT)
- permission
-
- for ROOT in $@
- do
- dev_allocation_unconvert $ROOT
- done
-
- echo
- gettext "Device allocation has been disabled. Reboot each non-local\n"
- gettext "system that was disabled to come up without this feature.\n"
-fi
-
-exit 0
-
--- a/usr/src/cmd/initpkg/init.d/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/cmd/initpkg/init.d/Makefile Tue Aug 10 17:06:51 2010 -0400
@@ -20,8 +20,7 @@
#
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1990, 2010, Oracle and/or its affiliates. All rights reserved.
#
include ../../Makefile.cmd
@@ -32,7 +31,6 @@
PROG= \
README \
cachefs.daemon \
- deallocate \
devlinks \
dhcp \
drvconfig \
--- a/usr/src/cmd/initpkg/init.d/deallocate Tue Aug 10 10:26:15 2010 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,56 +0,0 @@
-#!/sbin/sh
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License"). You may not use this file except in compliance
-# with the License.
-#
-# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-#
-# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-#ident "%Z%%M% %I% %E% SMI"
-
-# if the audit state is "disabled" auditconfig returns
-# non-zero exit status unless the c2audit module is loaded;
-# if c2audit is loaded, "disabled" becomes "noaudit" early
-# in the boot cycle and "auditing" only after auditd starts.
-# in both cases, "noaudit" and "auditing", a zero exit status
-# is returned
-
-AUDITCONFIG=/usr/sbin/auditconfig
-
-AUDITCOND=`$AUDITCONFIG -getcond 2> /dev/null`
-if [ $? -ne 0 ]; then
- exit 0;
-fi
-
-case "$1" in
-'start')
- /usr/sbin/deallocate -Is
- ;;
-
-'stop')
- ;;
-
-*)
- echo "Usage: $0 { start | stop }"
- exit 1
- ;;
-esac
-exit 0
--- a/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/cmd/initpkg/rc2.d/mk.rc2.d.sh Tue Aug 10 17:06:51 2010 -0400
@@ -22,16 +22,14 @@
# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
#
-# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
#
COMMON_STARTLST="\
20sysetup \
70uucp \
73cachefs.daemon \
-82mkdtab \
-98deallocate"
+82mkdtab"
INSDIR=${ROOT}/etc/rc2.d
--- a/usr/src/cmd/tsol/labeld/svc-labeld Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/cmd/tsol/labeld/svc-labeld Tue Aug 10 17:06:51 2010 -0400
@@ -19,8 +19,7 @@
#
# CDDL HEADER END
#
-# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
+# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
#
. /lib/svc/share/smf_include.sh
@@ -88,26 +87,18 @@
}
-do_bsmconv()
+do_audit_devalloc()
{
- # Run bsmconv so device allocation is enabled by
+ # Ensure auditing and device allocation are enabled by
# default with Trusted Extensions.
if [ "$ROOT_PATH" = "/" -o "$ROOT_PATH" = "" ]; then
- BSMDIR=""
- else
- BSMDIR=$ROOT_PATH
- fi
- echo "Running bsmconv ..."
- echo `TEXTDOMAIN="SUNW_OST_OSCMD" gettext "y"` | \
- $ROOT_PATH/etc/security/bsmconv $ROOT_PATH
- # Run auditd so auditing is enabled by default
- # with Trusted Extensions.
- if [ "$BSMDIR" = "" ]; then
+ /usr/sbin/svcadm enable -s svc:/system/device/allocate:default
echo "Starting auditd ..."
/usr/sbin/audit -s
else
cat >> $ROOT_PATH/var/svc/profile/upgrade <<\_ENABLE_AUDITD
/usr/sbin/audit -s
+ /usr/sbin/svcadm enable -s svc:/system/device/allocate:default
_ENABLE_AUDITD
fi
}
@@ -274,7 +265,7 @@
do_otherservices
do_logindev
- do_bsmconv
+ do_audit_devalloc
do_nscd
do_addpam
--- a/usr/src/lib/libsecdb/auth_attr.txt Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/lib/libsecdb/auth_attr.txt Tue Aug 10 17:06:51 2010 -0400
@@ -122,6 +122,7 @@
solaris.smf.modify.application:::Modify Application Type Properties::help=SmfModifyAppl.html
solaris.smf.modify.framework:::Modify Framework Type Properties::help=SmfModifyFramework.html
solaris.smf.manage.:::Manage All SMF Service States::help=SmfManageHeader.html
+solaris.smf.manage.allocate:::Manage Device Allocation Service::help=SmfAllocate.html
solaris.smf.manage.audit:::Manage Audit Service States::help=SmfManageAudit.html
solaris.smf.manage.autofs:::Manage Automount Service States::help=SmfAutofsStates.html
solaris.smf.manage.bind:::Manage DNS Service States::help=BindStates.html
--- a/usr/src/lib/libsecdb/help/auths/Makefile Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/lib/libsecdb/help/auths/Makefile Tue Aug 10 17:06:51 2010 -0400
@@ -65,6 +65,7 @@
DhcpmgrHeader.html \
DhcpmgrWrite.html \
BindStates.html \
+ SmfAllocate.html \
SmfAutofsStates.html \
SmfCoreadmStates.html \
SmfCronStates.html \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/lib/libsecdb/help/auths/SmfAllocate.html Tue Aug 10 17:06:51 2010 -0400
@@ -0,0 +1,36 @@
+<HTML>
+<!--
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+-->
+<!--
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+-->
+<BODY>
+When Manage Device Allocation Service is in the Authorizations Include
+column, it grants the authorization to enable or disable the device
+allocation service.
+<p>
+If Manage Device Allocation Service is grayed, then you are not entitled
+to Add or Remove this authorization.
+<p>
+</BODY>
+</HTML>
--- a/usr/src/lib/libsecdb/prof_attr.txt Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/lib/libsecdb/prof_attr.txt Tue Aug 10 17:06:51 2010 -0400
@@ -37,7 +37,7 @@
Cron Management:::Manage at and cron jobs:auths=solaris.jobs.*,solaris.smf.manage.cron;help=RtCronMngmnt.html
Log Management:::Manage log files:help=RtLogMngmnt.html
Basic Solaris User:::Automatically assigned rights:auths=solaris.profmgr.read,solaris.mail.mailq,solaris.device.mount.removable,solaris.admin.wusb.read;profiles=All;help=RtDefault.html
-Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt;help=RtDeviceSecurity.html
+Device Security:::Manage devices and Volume Manager:auths=solaris.device.*,solaris.smf.manage.vt,solaris.smf.manage.allocate;help=RtDeviceSecurity.html
DHCP Management:::Manage the DHCP service:auths=solaris.dhcpmgr.*;help=RtDHCPMngmnt.html
Extended Accounting Flow Management:::Manage the Flow Extended Accounting service:auths=solaris.smf.manage.extended-accounting.flow,solaris.smf.value.extended-accounting.flow;profiles=acctadm;help=RtExActtFlow.html
Extended Accounting Process Management:::Manage the Process Extended Accounting service:auths=solaris.smf.manage.extended-accounting.process,solaris.smf.value.extended-accounting.process;profiles=acctadm;hep=RtExAcctProcess.html
--- a/usr/src/pkg/manifests/SUNWcs.mf Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/pkg/manifests/SUNWcs.mf Tue Aug 10 17:06:51 2010 -0400
@@ -71,7 +71,6 @@
dir path=etc/security/exec_attr.d group=sys
dir path=etc/security/lib group=sys
dir path=etc/security/prof_attr.d group=sys
-dir path=etc/security/spool group=sys
dir path=etc/skel group=sys
dir path=etc/svc group=sys
dir path=etc/svc/profile group=sys
@@ -398,7 +397,6 @@
file path=etc/init.d/PRESERVE group=sys mode=0744 preserve=true
file path=etc/init.d/README group=sys preserve=true
file path=etc/init.d/cachefs.daemon group=sys mode=0744 preserve=true
-file path=etc/init.d/deallocate group=sys mode=0744 preserve=true
file path=etc/init.d/ldap.client group=sys mode=0744
file path=etc/init.d/mkdtab group=sys mode=0744 preserve=true
file path=etc/init.d/nscd group=sys mode=0744
@@ -446,8 +444,6 @@
file path=etc/security/auth_attr group=sys preserve=true \
timestamp=19700101T000000Z
file path=etc/security/auth_attr.d/SUNWcs group=sys
-file path=etc/security/bsmconv group=sys mode=0740
-file path=etc/security/bsmunconv group=sys mode=0740
file path=etc/security/crypt.conf group=sys preserve=renamenew
file path=etc/security/dev/audio mode=0400
file path=etc/security/dev/fd0 mode=0400
@@ -565,6 +561,7 @@
file path=lib/svc/manifest/system/coreadm.xml group=sys mode=0444
file path=lib/svc/manifest/system/cron.xml group=sys mode=0444
file path=lib/svc/manifest/system/cryptosvc.xml group=sys mode=0444
+file path=lib/svc/manifest/system/device/allocate.xml group=sys mode=0444
file path=lib/svc/manifest/system/device/devices-audio.xml group=sys mode=0444
file path=lib/svc/manifest/system/device/devices-local.xml group=sys mode=0444
file path=lib/svc/manifest/system/device/mpxio-upgrade.xml group=sys mode=0444
@@ -625,6 +622,7 @@
file path=lib/svc/method/net-svc mode=0555
file path=lib/svc/method/rmtmpfiles mode=0555
file path=lib/svc/method/rpc-bind mode=0555
+file path=lib/svc/method/svc-allocate mode=0555
file path=lib/svc/method/svc-auditd mode=0555
file path=lib/svc/method/svc-auditset mode=0555
file path=lib/svc/method/svc-boot-config mode=0555
@@ -1073,6 +1071,7 @@
file path=usr/lib/help/auths/locale/C/PriAdmin.html
file path=usr/lib/help/auths/locale/C/ProfmgrHeader.html
file path=usr/lib/help/auths/locale/C/RoleHeader.html
+file path=usr/lib/help/auths/locale/C/SmfAllocate.html
file path=usr/lib/help/auths/locale/C/SmfAutofsStates.html
file path=usr/lib/help/auths/locale/C/SmfCoreadmStates.html
file path=usr/lib/help/auths/locale/C/SmfCronStates.html
@@ -2030,7 +2029,6 @@
target=../../etc/init.d/cachefs.daemon
hardlink path=etc/rc2.d/S82mkdtab target=../../etc/init.d/mkdtab
hardlink path=etc/rc2.d/S89PRESERVE target=../../etc/init.d/PRESERVE
-hardlink path=etc/rc2.d/S98deallocate target=../../etc/init.d/deallocate
$(sparc_ONLY)hardlink path=etc/svc/profile/platform_SUNW,Sun-Fire-V890.xml \
target=./platform_SUNW,Sun-Fire-880.xml
$(sparc_ONLY)hardlink \
--- a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf Tue Aug 10 10:26:15 2010 -0700
+++ b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf Tue Aug 10 17:06:51 2010 -0400
@@ -137,6 +137,7 @@
file path=usr/lib/help/auths/locale/PrintUnlabeled.html
file path=usr/lib/help/auths/locale/ProfmgrHeader.html
file path=usr/lib/help/auths/locale/RoleHeader.html
+file path=usr/lib/help/auths/locale/SmfAllocate.html
file path=usr/lib/help/auths/locale/SmfAutofsStates.html
file path=usr/lib/help/auths/locale/SmfCoreadmStates.html
file path=usr/lib/help/auths/locale/SmfCronStates.html