#!/bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2009 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # # NOTE: When a change is made to the source file for # /etc/minor_perm, a corresponding change must be made to # this class-action script. # # - If an existing entry in minor_perm is having its # attributes e.g. permissions, ownership changed, # add it to the list produced by make_chattr_list below. # # - If an existing entry must be deleted, add it to # the list produced by make_delete_list below. # # - If a new entry must be added to the file, add it to the # list produced by make_add_list. # # - If a new entry is being added to minor_perm, but there # may already be devices of that name on the system (e.g. # we used the system default permissions in a previous release), # and those old devices now need to have their attributes changed, # add it to the make_chattr_list AND the make_add_list lists # # # If an entry in /etc/minor_perm needs to have its attributes # changed, identify the entry in the list copied to /etc/chattr.$$ # by this function. The fields are: # # <device>:<minor> <old_attrs> <new_attrs> <optional list of logical # devices whose attributes # will need to be changed> # # where an <attribute list> := <perm> <user> <group> # # NOTE: this list should also contain entries for nodes that previously # were not in /etc/minor_perm (which means the default mode of 600, # owner/group == root/sys), but now have an entry # make_chattr_list() { cat > /tmp/chattr.$$ << EOF vol:volctl 0600 root sys 0666 root sys /dev/volctl clone:llc1 0600 root sys 0666 root sys /dev/llc1 log:conslog 0620 root sys 0666 root sys /dev/conslog sy:tty 0666 root sys 0666 root tty /dev/tty icmp:icmp 0600 root sys 0666 root sys /dev/rawip icmp6:icmp6 0600 root sys 0666 root sys /dev/rawip6 ip:ip 0660 root sys 0666 root sys /dev/ip ip6:ip6 0660 root sys 0666 root sys /dev/ip6 rts:rts 0660 root sys 0666 root sys /dev/rts keysock:keysock 0600 root sys 0666 root sys /dev/keysock ipsecah:ipsecah 0600 root sys 0666 root sys /dev/ipsecah ipsecesp:ipsecesp 0600 root sys 0666 root sys /dev/ipsecesp spdsock:spdsock 0600 root sys 0666 root sys /dev/spdsock sad:admin 0600 root sys 0666 root sys /dev/sad/admin fssnap:ctl 0600 root sys 0666 root sys /dev/fssnapctl fssnap:* 0600 root sys 0640 root sys /dev/fssnap/* clone:dnet 0600 root sys 0666 root sys /dev/dnet dnet:* 0600 root sys 0666 root sys /dev/dnet* clone:elxl 0600 root sys 0666 root sys /dev/elxl elxl:* 0600 root sys 0666 root sys /dev/elxl* clone:iprb 0600 root sys 0666 root sys /dev/iprb iprb:* 0600 root sys 0666 root sys /dev/iprb* clone:pcelx 0600 root sys 0666 root sys /dev/pcelx pcelx:* 0600 root sys 0666 root sys /dev/pcelx* clone:spwr 0600 root sys 0666 root sys /dev/spwr spwr:* 0600 root sys 0666 root sys /dev/spwr* cpc:* 0600 root sys 0666 root sys /devices/pseudo/cpc* ipf:* 0600 root sys 0666 root sys /dev/ipf pfil:* 0600 root sys 0666 root sys /dev/pfil scsi_vhci:devctl 0600 root sys 0666 root sys /devices/scsi_vhci:devctl fbt:fbt 0600 root sys 0644 root sys /dev/dtrace/provider/fbt lockstat:* 0600 root sys 0644 root sys /dev/dtrace/provider/lockstat profile:profile 0600 root sys 0644 root sys /dev/dtrace/provider/profile sdt:sdt 0600 root sys 0644 root sys /dev/dtrace/provider/sdt systrace:systrace 0600 root sys 0644 root sys /dev/dtrace/provider/systrace clone:bge 0600 root sys 0666 root sys /dev/bge clone:igb 0600 root sys 0666 root sys /dev/igb clone:ixgbe 0600 root sys 0666 root sys /dev/ixgbe clone:myri10ge 0600 root sys 0666 root sys /dev/myri10ge clone:rge 0600 root sys 0666 root sys /dev/rge clone:xge 0600 root sys 0666 root sys /dev/xge clone:nge 0600 root sys 0666 root sys /dev/nge clone:chxge 0600 root sys 0666 root sys /dev/chxge clone:pcn 0600 root sys 0666 root sys /dev/pcn clone:rtls 0600 root sys 0666 root sys /dev/rtls clone:arn 0600 root sys 0666 root sys /dev/arn clone:ath 0600 root sys 0666 root sys /dev/ath clone:atu 0600 root sys 0666 root sys /dev/atu clone:ipw 0600 root sys 0666 root sys /dev/ipw clone:iwh 0600 root sys 0666 root sys /dev/iwh clone:iwi 0600 root sys 0666 root sys /dev/iwi clone:iwk 0600 root sys 0666 root sys /dev/iwk clone:iwp 0600 root sys 0666 root sys /dev/iwp clone:mwl 0600 root sys 0666 root sys /dev/mwl clone:pcwl 0600 root sys 0666 root sys /dev/pcwl clone:pcan 0600 root sys 0666 root sys /dev/pcan clone:ral 0600 root sys 0666 root sys /dev/ral clone:rtw 0600 root sys 0666 root sys /dev/rtw clone:rum 0600 root sys 0666 root sys /dev/rum clone:rwd 0600 root sys 0666 root sys /dev/rwd clone:rwn 0600 root sys 0666 root sys /dev/rwn clone:uath 0600 root sys 0666 root sys /dev/uath clone:ural 0600 root sys 0666 root sys /dev/ural clone:urtw 0600 root sys 0666 root sys /dev/urtw clone:wpi 0600 root sys 0666 root sys /dev/wpi clone:zyd 0600 root sys 0666 root sys /dev/zyd clone:afe 0600 root sys 0666 root sys /dev/afe clone:dmfe 0600 root sys 0666 root sys /dev/dmfe clone:mxfe 0600 root sys 0666 root sys /dev/mxfe bge:* 0600 root sys 0666 root sys /dev/bge* igb:* 0600 root sys 0666 root sys /dev/igb* ixgbe:* 0600 root sys 0666 root sys /dev/ixgbe* myri10ge:* 0600 root sys 0666 root sys /dev/myri10ge* rge:* 0600 root sys 0666 root sys /dev/rge* xge:* 0600 root sys 0666 root sys /dev/xge* nge:* 0600 root sys 0666 root sys /dev/nge* e1000g:* 0666 root root 0666 root sys /dev/e1000g* chxge:* 0600 root sys 0666 root sys /dev/chxge* pcn:* 0600 root sys 0666 root sys /dev/pcn* rtls:* 0600 root sys 0666 root sys /dev/rtls* arn:* 0600 root sys 0666 root sys /dev/arn* ath:* 0600 root sys 0666 root sys /dev/ath* atu:* 0600 root sys 0666 root sys /dev/atu* ipw:* 0600 root sys 0666 root sys /dev/ipw* iwh:* 0600 root sys 0666 root sys /dev/iwh* iwi:* 0600 root sys 0666 root sys /dev/iwi* iwk:* 0600 root sys 0666 root sys /dev/iwk* iwp:* 0600 root sys 0666 root sys /dev/iwp* mwl:* 0600 root sys 0666 root sys /dev/mwl* pcwl:* 0600 root sys 0666 root sys /dev/pcwl* pcan:* 0600 root sys 0666 root sys /dev/pcan* ral:* 0600 root sys 0666 root sys /dev/ral* rtw:* 0600 root sys 0666 root sys /dev/rtw* rum:* 0600 root sys 0666 root sys /dev/rum* rwd:* 0600 root sys 0666 root sys /dev/rwd* rwn:* 0600 root sys 0666 root sys /dev/rwn* uath:* 0600 root sys 0666 root sys /dev/uath* ural:* 0600 root sys 0666 root sys /dev/ural* urtw:* 0600 root sys 0666 root sys /dev/urtw* wpi:* 0600 root sys 0666 root sys /dev/wpi* zyd:* 0600 root sys 0666 root sys /dev/zyd* afe:* 0600 root sys 0666 root sys /dev/afe* dmfe:* 0600 root sys 0666 root sys /dev/dmfe* mxfe:* 0600 root sys 0666 root sys /dev/mxfe* balloon:* 0600 root sys 0444 root sys /dev/xen/balloon domcaps:* 0600 root sys 0444 root sys /dev/xen/domcaps evtchn:* 0600 root sys 0666 root sys /dev/xen/evtchn privcmd:* 0600 root sys 0666 root sys /dev/xen/privcmd xenbus:* 0600 root sys 0666 root sys /dev/xen/xenbus xpvtap:* 0600 root sys 0666 root sys /devices/xpvd/xpvtap* EOF } # # If an entry in /etc/minor_perm needs to be deleted, identify # the entry in the list copied to /etc/delete.$$ by this function. # The fields are: # # <device>:<minor> <optional list of logical devices to be deleted> # make_delete_list() { cat > /tmp/delete.$$ << EOF rip:rawip consfb:consfb clone:el clone:elx clone:sle clone:sie clone:sp clone:ip clone:icmp clone:udp clone:tcp clone:rts clone:arp clone:ipsecah clone:ipsecesp clone:keysock clone:smc clone:tr clone:sbpro elx:* sbpro:* win:* cmtp:* profile:profile asy:[a-z] asy:[a-z],cu i2o_bs:* vni:* EOF } # # If an entry needs to be added to /etc/minor_perm, add the first # field of the entry to the list created by this function. The # remainder of the entry will be extracted from the /etc/minor_perm # in the package being installed, so it is not necessary to supply # it here. # make_add_list() { cat > /tmp/add.$$ << EOF vol:volctl clone:llc1 tnf:tnfctl tnf:tnfmap st:* pm:* devinfo:devinfo openeepr:openprom wc:* ip:ip ip6:ip6 ipnet:lo0 icmp:icmp icmp6:icmp6 udp:udp udp6:udp6 tcp:tcp tcp6:tcp6 rts:rts arp:arp poll:* pool:pool pool:poolctl cpc:shared sysmsg:msglog sysmsg:sysmsg ipsecah:ipsecah ipsecesp:ipsecesp keysock:keysock spdsock:spdsock devinfo:devinfo,ro lofi:* lofi:ctl sgen:* fssnap:* fssnap:ctl rsm:* random:* mm:allkmem clone:dnet dnet:* clone:elxl elxl:* clone:ibd ibd:* clone:iprb iprb:* clone:pcelx pcelx:* clone:spwr spwr:* sysevent:* ramdisk:* ramdisk:ctl cryptoadm:cryptoadm crypto:crypto dtrace:* fasttrap:fasttrap ipf:* pfil:* bl:* sctp:* sctp6:* dlpistub:* cpuid:self clone:bge clone:igb clone:ixgbe clone:myri10ge clone:rge clone:xge clone:nge clone:e1000g clone:chxge clone:pcn clone:rtls clone:arn clone:ath clone:atu clone:ipw clone:iwh clone:iwi clone:iwk clone:iwp clone:mwl clone:pcwl clone:pcan clone:ral clone:rtw clone:rum clone:rwd clone:rwn clone:uath clone:ural clone:urtw clone:wpi clone:zyd clone:afe clone:dmfe clone:mxfe bge:* igb:* ixgbe:* myri10ge:* rge:* xge:* nge:* e1000g:* chxge:* pcn:* rtls:* arn:* ath:* atu:* ipw:* iwh:* iwi:* iwk:* iwp:* mwl:* pcwl:* pcan:* ral:* rtw:* rum:* rwd:* rwn:* uath:* ural:* urtw:* wpi:* zyd:* afe:* dmfe:* mxfe:* bmc:bmc dld:* smbios:smbios zfs:* zfs:zfs scsi_vhci:* kssl:* fbt:fbt profile:profile sdt:sdt softmac:* systrace:systrace lx_ptm:lx_ptmajor lx_systrace:* physmem:* asy:* asy:*,cu ucode:* acpi_drv:* smbsrv:* vscan:* nsmb:* balloon:* domcaps:* evtchn:* privcmd:* xenbus:* iptunq:* fm:* amd_iommu:* xpvtap:* clone:bridge EOF } PATH="/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin" export PATH # Internal routine to create a sed script which can be used to # escape all shell globbing metacharacters in a path. create_esc_sedscript() { cat > /tmp/esc.sed.$$ << EOF s/\*/\\\\*/g s/\?/\\\\?/g s/\[/\\\\[/g s/\]/\\\\]/g EOF } # Internal routine to convert an entry in a /tmp/chwhatever.$$ file to # an appropriately escaped pattern which can be used to grep into minor_perm. entry2pattern() { # the first argument is the 'key' field from the change file. # entries can contain shell globbing characters to match # several devices - hence all the palaver below. printf '%s' `echo "$1" | sed \ -e 's/\*/\\\\*/g' -e 's/\?/\\\\?/g' \ -e 's/\./\\\\./g' -e 's/\[/\\\\[/g' \ -e 's/\]/\\\\]/g'` shift # the remaining optional arguments are tokens separated by white-space if [ $# = 0 ] ; then printf '[ \t]' else while [ -n "$1" ] do printf '[ \t][ \t]*%s' $1 shift done printf '[ \t]*$' fi } while read src dest do if [ ! -f $dest ] ; then cp $src $dest else rm -f /tmp/*.$$ create_esc_sedscript make_chattr_list make_delete_list make_add_list # # Process the list of devices whose attributes are to be # changed. Find those that actually need to be # applied to the file. For each change that needs # to be applied, add an entry for it to the sed # script that will eventually be applied to the # currently-installed /etc/minor_perm file. Also, # add an entry to the /tmp/chdevs.$$ file, which # contains the list of logical names of devices # whose permissions need to be changed. # cat /tmp/chattr.$$ | \ while read key oldp oldu oldg newp newu newg chdevs do do_chdevs=no # # First determine whether the device entry # is already in the file, but with the old # permissions. If so, the entry needs to be # modified and the devices in the chdevs list # need to have their permissions and ownerships # changed. # grepstr=`entry2pattern "${key}" $oldp $oldu $oldg` if grep "$grepstr" $dest > /dev/null 2>&1; then echo "s/${grepstr}/$key $newp $newu $newg/" \ >> /tmp/sedscript.$$ do_chdevs=yes fi # # Now determine whether the device entry is # in the file at all. If not, it is a new # entry, but there may already be devices # on the system whose permissions need to # be changed. # grepstr=`entry2pattern "${key}"` grep "${grepstr}" $dest > /dev/null 2>&1 if [ $? != 0 ] ; then do_chdevs=yes fi if [ $do_chdevs = yes -a "$chdevs" != "" ] ; then xchdevs=`echo "$chdevs" | \ sed -f /tmp/esc.sed.$$` for m in $xchdevs ; do echo "$m" $oldp $oldu $oldg \ $newp $newu $newg >> /tmp/chdevs.$$ done fi done # sort the "change attributes" list if [ -s /tmp/chdevs.$$ ] ; then sort -u /tmp/chdevs.$$ > /tmp/tmp.$$ mv /tmp/tmp.$$ /tmp/chdevs.$$ fi # # Process the list of devices to be deleted. # Find those that actually need to be deleted # from the file. For each entry to be deleted, # add an entry for it to the sed script that will # eventually be applied to the currently-installed # /etc/minor_perm file. Also, add an entry to the # /tmp/deldevs.$$ file, which contains the list of # logical names of devices to be deleted. # cat /tmp/delete.$$ | while read key deldevs do grepstr=`entry2pattern "${key}"` if grep "$grepstr" $dest > /dev/null 2>&1; then echo "/${grepstr}/d" >> /tmp/sedscript.$$ if [ "$deldevs" != "" ] ; then xdeldevs=`echo "$deldevs" | \ sed -f /tmp/esc.sed.$$` for m in $xdeldevs ; do echo "$m" >> /tmp/deldevs.$$ done fi fi done if [ -s /tmp/deldevs.$$ ] ; then sort -u /tmp/deldevs.$$ > /tmp/tmp.$$ mv /tmp/tmp.$$ /tmp/deldevs.$$ fi # # Apply the sed script possibly built above to the # currently-installed /etc/minor_perm file. # if [ -s /tmp/sedscript.$$ ] ; then sed -f /tmp/sedscript.$$ $dest > /tmp/tmp.$$ cp /tmp/tmp.$$ $dest fi # For all entries in minor_perm whose attributes had # to be corrected, correct the relevant attributes of the # already-existing devices that correspond to those # entries. # if [ -s /tmp/chdevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ "$PKG_INSTALL_ROOT" != "/" ] ; then cat /tmp/chdevs.$$ |\ while read device oldp oldu oldg newp newu newg do # # Note that we take pains -only- to change # the permission/ownership of devices that # have kept their original permissions. # for dev in $PKG_INSTALL_ROOT/$device; do find $dev -follow -perm $oldp -exec \ chmod $newp $dev \; >/dev/null 2>&1 find $dev -follow -user $oldu -exec \ chown $newu $dev \; >/dev/null 2>&1 find $dev -follow -group $oldg -exec \ chgrp $newg $dev \; >/dev/null 2>&1 done done fi # # For all entries in minor_perm that were deleted, # remove the /dev entries that point to device nodes # that correspond to those entries. # if [ -s /tmp/deldevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ "$PKG_INSTALL_ROOT" != "/" ] ; then cat /tmp/deldevs.$$ | while read device do rm -f $PKG_INSTALL_ROOT/$device done fi cat /tmp/add.$$ | while read key do grepstr=`entry2pattern "${key}"` grep "$grepstr" $dest > /dev/null 2>&1 if [ $? != 0 ] ; then grep "$grepstr" $src >> $dest fi done rm -f /tmp/*.$$ fi done exit 0