1f875b4ebSrica#!/sbin/sh 2f875b4ebSrica# 3f875b4ebSrica# CDDL HEADER START 4f875b4ebSrica# 5f875b4ebSrica# The contents of this file are subject to the terms of the 6f875b4ebSrica# Common Development and Distribution License (the "License"). 7f875b4ebSrica# You may not use this file except in compliance with the License. 8f875b4ebSrica# 9f875b4ebSrica# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10f875b4ebSrica# or http://www.opensolaris.org/os/licensing. 11f875b4ebSrica# See the License for the specific language governing permissions 12f875b4ebSrica# and limitations under the License. 13f875b4ebSrica# 14f875b4ebSrica# When distributing Covered Code, include this CDDL HEADER in each 15f875b4ebSrica# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16f875b4ebSrica# If applicable, add the following below this CDDL HEADER, with the 17f875b4ebSrica# fields enclosed by brackets "[]" replaced with your own identifying 18f875b4ebSrica# information: Portions Copyright [yyyy] [name of copyright owner] 19f875b4ebSrica# 20f875b4ebSrica# CDDL HEADER END 21f875b4ebSrica# 22*6d02032dSRic Aleshire# Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 23f875b4ebSrica# 24f875b4ebSrica 25f875b4ebSrica# 26*6d02032dSRic Aleshire# This is a transient service for Trusted Extensions to perform miscellaneous 27*6d02032dSRic Aleshire# set-up in a labeled zone. It can be extended to disable any selected 28*6d02032dSRic Aleshire# services so they will not be started in zones. 29f875b4ebSrica# 30f875b4ebSrica 31f875b4ebSrica. /lib/svc/share/smf_include.sh 32f875b4ebSrica 33*6d02032dSRic Aleshire 34*6d02032dSRic Aleshire# Add pam entries for labeling. 35*6d02032dSRic Aleshiredo_addpam() 36*6d02032dSRic Aleshire{ 37*6d02032dSRic Aleshire pamconf=/etc/pam.conf 38*6d02032dSRic Aleshire 39*6d02032dSRic Aleshire grep '^[ ]*other.*account.*pam_tsol_account' $pamconf \ 40*6d02032dSRic Aleshire > /dev/null 2>&1 41*6d02032dSRic Aleshire if [ $? -ne 0 ] ; then 42*6d02032dSRic Aleshire # Append new entry 43*6d02032dSRic Aleshire cat >> $pamconf << EOF 44*6d02032dSRic Aleshireother account required pam_tsol_account.so.1 45*6d02032dSRic AleshireEOF 46*6d02032dSRic Aleshire fi 47*6d02032dSRic Aleshire} 48*6d02032dSRic Aleshire 49f875b4ebSrica 50f875b4ebSrica# In the global zone, there's nothing to do so this service exits. 51*6d02032dSRic Aleshireif smf_is_globalzone; then 52*6d02032dSRic Aleshire /usr/sbin/svcadm disable $SMF_FMRI 53*6d02032dSRic Aleshire exit $SMF_EXIT_OK 54f875b4ebSricafi 55f875b4ebSrica 56*6d02032dSRic Aleshire 57*6d02032dSRic Aleshire# Exit if Trusted Extensions is not enabled. 58*6d02032dSRic Aleshiresmf_is_system_labeled || exit $SMF_EXIT_OK 59*6d02032dSRic Aleshire 60*6d02032dSRic Aleshire 61*6d02032dSRic Aleshire# Add pam entries for the labeled zone. 62*6d02032dSRic Aleshiredo_addpam 63*6d02032dSRic Aleshire 64*6d02032dSRic Aleshire 65f875b4ebSrica# Disable any services here (remember to add dependencies to the 66f875b4ebSrica# tsol-zones XML manifest) ... 67f875b4ebSrica 68f875b4ebSrica 69f875b4ebSricaexit $SMF_EXIT_OK 70