1*4746Srica#!/bin/sh 2*4746Srica# 3*4746Srica# CDDL HEADER START 4*4746Srica# 5*4746Srica# The contents of this file are subject to the terms of the 6*4746Srica# Common Development and Distribution License (the "License"). 7*4746Srica# You may not use this file except in compliance with the License. 8*4746Srica# 9*4746Srica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*4746Srica# or http://www.opensolaris.org/os/licensing. 11*4746Srica# See the License for the specific language governing permissions 12*4746Srica# and limitations under the License. 13*4746Srica# 14*4746Srica# When distributing Covered Code, include this CDDL HEADER in each 15*4746Srica# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*4746Srica# If applicable, add the following below this CDDL HEADER, with the 17*4746Srica# fields enclosed by brackets "[]" replaced with your own identifying 18*4746Srica# information: Portions Copyright [yyyy] [name of copyright owner] 19*4746Srica# 20*4746Srica# CDDL HEADER END 21*4746Srica# 22*4746Srica# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23*4746Srica# Use is subject to license terms. 24*4746Srica# 25*4746Srica#ident "%Z%%M% %I% %E% SMI" 26*4746Srica# 27*4746Srica# clonebylabel 28*4746Srica# 29*4746Srica# This script installs zones by cloning a zfs snapshot. 30*4746Srica# For each sensitivity label dominated by the clearance 31*4746Srica# a zone is installed if necessary. If the zone name is 32*4746Srica# not already defined in tnzonecfg, the user is prompted 33*4746Srica# to provide a unique zone name. 34*4746Srica# 35*4746Srica# $1 is the label upper bound (clearance) 36*4746Srica# 37*4746Srica# $2 is the zone snaphot to clone for a new zone 38*4746Srica 39*4746SricaZONECFG=/etc/security/tsol/tnzonecfg 40*4746Sricaclearance=$1 41*4746Sricaimage=$2 42*4746Srica 43*4746Srica# 44*4746Srica# Configure a zone 45*4746Srica# 46*4746Srica 47*4746Sricaconfigure() 48*4746Srica{ 49*4746Srica config=/tmp/zfg.$$ 50*4746Srica echo "create -F -t SUNWtsoldef" > $config 51*4746Srica echo "set zonepath=/zone/$zonename" >> $config 52*4746Srica echo "commit" >> $config 53*4746Srica /usr/sbin/zonecfg -z $zonename -f $config 54*4746Srica rm $config 55*4746Srica} 56*4746Srica 57*4746Srica# 58*4746Srica# Clone a zone 59*4746Srica# 60*4746Srica 61*4746Sricaclone() 62*4746Srica{ 63*4746Srica echo Cloning $zonename from $image ... 64*4746Srica found=`zoneadm -z $zonename list -p 2>/dev/null` 65*4746Srica if [ $found ]; then 66*4746Srica true 67*4746Srica else 68*4746Srica echo "$zonename is being configured." 69*4746Srica configure 70*4746Srica fi 71*4746Srica /usr/sbin/zfs clone $image zone/$zonename 72*4746Srica /usr/sbin/zoneadm -z $zonename attach -F 73*4746Srica} 74*4746Srica 75*4746Srica# 76*4746Srica# Create missing zones for each label dominated by clearance 77*4746Srica# 78*4746Srica 79*4746Sricafor label in `lslabels -h "$clearance"`; do 80*4746Srica zonename=`/bin/grep $label: $ZONECFG | cut -d ":" -f1` 81*4746Srica if [ $zonename ]; then 82*4746Srica state=`zoneadm -z $zonename list -p 2>/dev/null | cut -d ":" -f3` 83*4746Srica if [ $state ]; then 84*4746Srica if [ $state != configured ]; then 85*4746Srica echo $zonename is already installed. 86*4746Srica continue 87*4746Srica fi 88*4746Srica fi 89*4746Srica else 90*4746Srica zonelabel=`hextoalabel $label` 91*4746Srica echo Enter zone name for $zonelabel 92*4746Srica echo or RETURN to skip this label: 93*4746Srica read zonename 94*4746Srica if [ $zonename ]; then 95*4746Srica nz=`/bin/grep "^$zonename:" $ZONECFG | cut -d ":" -f1` 96*4746Srica if [ $nz ]; then 97*4746Srica echo $zonename is already used for another label. 98*4746Srica else 99*4746Srica echo "$zonename:$label:0::" >> $ZONECFG 100*4746Srica fi 101*4746Srica else 102*4746Srica echo Skipping zone for $zonelabel 103*4746Srica continue 104*4746Srica fi 105*4746Srica fi 106*4746Srica clone 107*4746Sricadone 108