xref: /illumos-gate/usr/src/cmd/tsol/demo/clonebylabel.sh (revision aa5636e518a7c706134caf5072a16f9f85f7497a)
1#!/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23# Use is subject to license terms.
24#
25#ident	"%Z%%M%	%I%	%E% SMI"
26#
27# clonebylabel
28#
29# This script installs zones by cloning a zfs snapshot.
30# For each sensitivity label dominated by the clearance
31# a zone is installed if necessary. If the zone name is
32# not already defined in tnzonecfg, the user is prompted
33# to provide a unique zone name.
34#
35# $1 is the label upper bound (clearance)
36#
37# $2 is the zone snaphot to clone for a new zone
38
39ZONECFG=/etc/security/tsol/tnzonecfg
40clearance=$1
41image=$2
42
43#
44# Configure a zone
45#
46
47configure()
48{
49	config=/tmp/zfg.$$
50	echo "create -F -t SUNWtsoldef" > $config
51	echo "set zonepath=/zone/$zonename" >> $config
52	echo "commit" >> $config
53	/usr/sbin/zonecfg -z $zonename -f $config
54	rm $config
55}
56
57#
58# Clone a zone
59#
60
61clone()
62{
63        echo Cloning $zonename from $image ...
64	found=`zoneadm -z $zonename list -p 2>/dev/null`
65        if [ $found ]; then
66		true
67	else
68		echo "$zonename is being configured."
69		configure
70        fi
71        /usr/sbin/zfs clone $image zone/$zonename
72	/usr/sbin/zoneadm -z $zonename attach -F
73}
74
75#
76# Create missing zones for each label dominated by clearance
77#
78
79for label in `lslabels -h "$clearance"`; do
80    zonename=`/bin/grep $label: $ZONECFG | cut -d ":" -f1`
81    if [ $zonename ]; then
82	state=`zoneadm -z $zonename list -p 2>/dev/null | cut -d ":" -f3`
83	if [ $state ]; then
84	    if [ $state != configured ]; then
85		echo $zonename is already installed.
86		continue
87	    fi
88	fi
89    else
90    	zonelabel=`hextoalabel $label`
91    	echo Enter zone name for $zonelabel
92    	echo or RETURN to skip this label:
93    	read zonename
94    	if [ $zonename ]; then
95    		nz=`/bin/grep "^$zonename:" $ZONECFG | cut -d ":" -f1`
96    		if [ $nz ]; then
97    	   		echo $zonename is already used for another label.
98    		else
99    	   		echo "$zonename:$label:0::" >> $ZONECFG
100    		fi
101    	else
102    		echo Skipping zone for $zonelabel
103    		continue
104    	fi
105    fi
106    clone
107done
108