1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23# 24 25# 26# This is a transient service for Trusted Extensions to perform miscellaneous 27# set-up in a labeled zone. It can be extended to disable any selected 28# services so they will not be started in zones. 29# 30 31. /lib/svc/share/smf_include.sh 32 33 34# Add pam entries for labeling. 35do_addpam() 36{ 37 pamconf=/etc/pam.conf 38 39 grep '^[ ]*other.*account.*pam_tsol_account' $pamconf \ 40 > /dev/null 2>&1 41 if [ $? -ne 0 ] ; then 42 # Append new entry 43 cat >> $pamconf << EOF 44other account required pam_tsol_account.so.1 45EOF 46 fi 47} 48 49 50# In the global zone, there's nothing to do so this service exits. 51if smf_is_globalzone; then 52 /usr/sbin/svcadm disable $SMF_FMRI 53 exit $SMF_EXIT_OK 54fi 55 56 57# Exit if Trusted Extensions is not enabled. 58smf_is_system_labeled || exit $SMF_EXIT_OK 59 60 61# Add pam entries for the labeled zone. 62do_addpam 63 64 65# Disable any services here (remember to add dependencies to the 66# tsol-zones XML manifest) ... 67 68 69exit $SMF_EXIT_OK 70