author | Sebastien Roy <Sebastien.Roy@Sun.COM> |
Tue, 26 Aug 2008 19:16:34 -0400 | |
changeset 7408 | eff7960d93cd |
parent 5181 | b280720be441 |
child 8023 | faf256d5c16c |
permissions | -rw-r--r-- |
0 | 1 |
#!/bin/sh |
2 |
# |
|
3 |
# CDDL HEADER START |
|
4 |
# |
|
5 |
# The contents of this file are subject to the terms of the |
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
6 |
# Common Development and Distribution License (the "License"). |
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
7 |
# You may not use this file except in compliance with the License. |
0 | 8 |
# |
9 |
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
10 |
# or http://www.opensolaris.org/os/licensing. |
|
11 |
# See the License for the specific language governing permissions |
|
12 |
# and limitations under the License. |
|
13 |
# |
|
14 |
# When distributing Covered Code, include this CDDL HEADER in each |
|
15 |
# file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
16 |
# If applicable, add the following below this CDDL HEADER, with the |
|
17 |
# fields enclosed by brackets "[]" replaced with your own identifying |
|
18 |
# information: Portions Copyright [yyyy] [name of copyright owner] |
|
19 |
# |
|
20 |
# CDDL HEADER END |
|
21 |
# |
|
22 |
# |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
23 |
# Copyright 2008 Sun Microsystems, Inc. All rights reserved. |
0 | 24 |
# Use is subject to license terms. |
25 |
# |
|
26 |
# NOTE: When a change is made to the source file for |
|
27 |
# /etc/security/device_policy a corresponding change must be made to |
|
28 |
# this class-action script. |
|
29 |
# |
|
30 |
while read src dest |
|
31 |
do |
|
32 |
if [ ! -f $dest ] ; then |
|
33 |
cp $src $dest |
|
34 |
continue |
|
35 |
fi |
|
36 |
||
37 |
# changes |
|
38 |
cp $dest $dest.$$ |
|
39 |
sed < $dest.$$ > $dest \ |
|
40 |
-e '/md:admin/s/read_priv_set=sys_config/ /' \ |
|
41 |
-e '/^icmp[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \ |
|
3448 | 42 |
-e '/^icmp6[ ]*read_priv_set=net_rawaccess[ ]*write_priv_set=net_rawaccess$/d' \ |
43 |
-e '/^keysock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
44 |
-e '/^ipsecah[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
45 |
-e '/^ipsecesp[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
46 |
-e '/^spdsock[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
|
4962
44219572abba
6557414 autopush doesn't work in exclusive-IP zones
dh155122
parents:
3448
diff
changeset
|
47 |
-e '/^ipf[ ]*read_priv_set=sys_net_config[ ]*write_priv_set=sys_net_config$/d' \ |
44219572abba
6557414 autopush doesn't work in exclusive-IP zones
dh155122
parents:
3448
diff
changeset
|
48 |
-e '/^sad:admin[ ]*read_priv_set=sys_config[ ]*write_priv_set=sys_config$/d' |
0 | 49 |
|
50 |
rm -f $dest.$$ |
|
51 |
||
52 |
# potential additions |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
53 |
additions="aggr bge dnet keysock ibd icmp icmp6 ipsecah ipsecesp openeepr random spdsock vni ipf pfil scsi_vhci" |
0 | 54 |
|
55 |
for dev in $additions |
|
56 |
do |
|
57 |
# if an entry for this driver exists in the source |
|
58 |
# file... |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
59 |
grep "^$dev[ ]" $src > /dev/null 2>&1 |
0 | 60 |
if [ $? = 0 ] ; then |
61 |
# ...and no entry exists in the destination |
|
62 |
# file... |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
63 |
grep "^$dev[ ]" $dest > /dev/null 2>&1 |
0 | 64 |
if [ $? != 0 ] ; then |
65 |
# ...then add the entry from |
|
66 |
# the source file to the |
|
67 |
# destination file. |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
68 |
grep "^$dev[ ]" $src >> $dest |
0 | 69 |
fi |
70 |
fi |
|
71 |
done |
|
72 |
||
73 |
# potential deletions |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
74 |
deletions="elx dld dld:ctl aggr:ctl vnic:ctl le" |
0 | 75 |
|
76 |
for dev in $deletions |
|
77 |
do |
|
78 |
# if an entry for this driver exists in the destination |
|
79 |
# file... |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
80 |
grep "^$dev[ ]" $dest > /dev/null 2>&1 |
0 | 81 |
if [ $? = 0 ] ; then |
82 |
# ...and no entry exists in the source |
|
83 |
# file... |
|
1804
102112240ff7
6312408 DDI_NT_MAC macro definition should be removed
ericheng
parents:
907
diff
changeset
|
84 |
grep "$dev[ ]" $src > /dev/null 2>&1 |
0 | 85 |
if [ $? != 0 ] ; then |
86 |
# ...then remove the entry from |
|
87 |
# the destination file. |
|
88 |
cp $dest $dest.$$ |
|
7408
eff7960d93cd
PSARC 2008/473 Fine-Grained Privileges for Datalink Administration
Sebastien Roy <Sebastien.Roy@Sun.COM>
parents:
5181
diff
changeset
|
89 |
grep -v "^$dev[ ]" $dest.$$ > $dest |
0 | 90 |
rm -f $dest.$$ |
91 |
fi |
|
92 |
fi |
|
93 |
done |
|
94 |
done |
|
95 |
||
96 |
exit 0 |