upstream/illumos/illumos-gate: usr/src/pkgdefs/common_files/i.devpolicy@8eca52188202 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	#!/bin/sh
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	# CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	5	# The contents of this file are subject to the terms of the
1804 102112240ff7 6312408 DDI_NT_MAC macro definition should be removed ericheng parents: 907 diff changeset	6	# Common Development and Distribution License (the "License").
102112240ff7 6312408 DDI_NT_MAC macro definition should be removed ericheng parents: 907 diff changeset	7	# You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	# or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	# See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	# and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	# When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	# If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	# fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	# information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	# CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	#
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10491 diff changeset	23	# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	# Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26	# NOTE: When a change is made to the source file for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27	# /etc/security/device_policy a corresponding change must be made to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	# this class-action script.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	#
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	while read src dest
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	if [ ! -f $dest ] ; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	cp $src $dest
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	continue
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	# changes
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	cp $dest $dest.$$
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	sed < $dest.$$ > $dest \
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10491 diff changeset	40	-e '/^sctp6\{0,1\}[ ]/'d \
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10491 diff changeset	41	-e '/^sdp6\{0,1\}[ ]/'d \
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10491 diff changeset	42	-e '/^tcp6\{0,1\}[ ]/'d \
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 10491 diff changeset	43	-e '/^udp6\{0,1\}[ ]/'d \
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44	-e '/md:admin/s/read_priv_set=sys_config/ /' \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	-e '/^icmp[ ]read_priv_set=net_rawaccess[ ]write_priv_set=net_rawaccess$/d' \
3448 aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 2419 diff changeset	46	-e '/^icmp6[ ]read_priv_set=net_rawaccess[ ]write_priv_set=net_rawaccess$/d' \
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 2419 diff changeset	47	-e '/^keysock[ ]read_priv_set=sys_net_config[ ]write_priv_set=sys_net_config$/d' \
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 2419 diff changeset	48	-e '/^ipsecah[ ]read_priv_set=sys_net_config[ ]write_priv_set=sys_net_config$/d' \
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 2419 diff changeset	49	-e '/^ipsecesp[ ]read_priv_set=sys_net_config[ ]write_priv_set=sys_net_config$/d' \
aaf16568054b PSARC 2006/366 IP Instances dh155122 parents: 2419 diff changeset	50	-e '/^spdsock[ ]read_priv_set=sys_net_config[ ]write_priv_set=sys_net_config$/d' \
4962 44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 3448 diff changeset	51	-e '/^ipf[ ]read_priv_set=sys_net_config[ ]write_priv_set=sys_net_config$/d' \
44219572abba 6557414 autopush doesn't work in exclusive-IP zones dh155122 parents: 3448 diff changeset	52	-e '/^sad:admin[ ]read_priv_set=sys_config[ ]write_priv_set=sys_config$/d'
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	rm -f $dest.$$
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	# potential additions
10491 8893b747ecdf PSARC 2007/596 RBridges: Routing Bridges Rishi Srivatsavai <Rishi.Srivatsavai@Sun.COM> parents: 9772 diff changeset	57	additions="bridge keysock icmp icmp6 ipnet ipsecah ipsecesp openeepr random spdsock ipf pfil scsi_vhci"
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	for dev in $additions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	# if an entry for this driver exists in the source
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	# file...
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 5181 diff changeset	63	grep "^$dev[ ]" $src > /dev/null 2>&1
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64	if [ $? = 0 ] ; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	# ...and no entry exists in the destination
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	# file...
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 5181 diff changeset	67	grep "^$dev[ ]" $dest > /dev/null 2>&1
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	if [ $? != 0 ] ; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	# ...then add the entry from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	# the source file to the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71	# destination file.
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 5181 diff changeset	72	grep "^$dev[ ]" $src >> $dest
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	# potential deletions
9772 0d374397c147 6487457 device_policy contains redundant network device priv sets meem <Peter.Memishian@Sun.COM> parents: 8023 diff changeset	78	deletions="aggr aggr:ctl bge ce dld dld:ctl dnet elx elxl eri ge hme ibd iprb le pcelx qfe softmac spwr vni vnic vnic:ctl"
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	for dev in $deletions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	do
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	# if an entry for this driver exists in the destination
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	# file...
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 5181 diff changeset	84	grep "^$dev[ ]" $dest > /dev/null 2>&1
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	if [ $? = 0 ] ; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	# ...and no entry exists in the source
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	# file...
1804 102112240ff7 6312408 DDI_NT_MAC macro definition should be removed ericheng parents: 907 diff changeset	88	grep "$dev[ ]" $src > /dev/null 2>&1
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	if [ $? != 0 ] ; then
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	# ...then remove the entry from
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	# the destination file.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	cp $dest $dest.$$
7408 eff7960d93cd PSARC 2008/473 Fine-Grained Privileges for Datalink Administration Sebastien Roy <Sebastien.Roy@Sun.COM> parents: 5181 diff changeset	93	grep -v "^$dev[ ]" $dest.$$ > $dest
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94	rm -f $dest.$$
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96	fi
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98	done
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	exit 0

author	Casper H.S. Dik <Casper.Dik@Sun.COM>
	Mon, 18 Jan 2010 11:49:54 +0100
changeset 11537	8eca52188202
parent 10491	8893b747ecdf
permissions	-rw-r--r--