#! /bin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # # NOTE: When a change is made to the source file for # /etc/minor_perm, a corresponding change must be made to # this class-action script. # # - If an existing entry in minor_perm is having its # attributes e.g. permissions, ownership changed, # add it to the list produced by make_chattr_list below. # # - If an existing entry must be deleted, add it to # the list produced by make_delete_list below. # # - If a new entry must be added to the file, add it to the # list produced by make_add_list. # # - If a new entry is being added to minor_perm, but there # may already be devices of that name on the system (e.g. # we used the system default permissions in a previous release), # and those old devices now need to have their attributes changed, # add it to the make_chattr_list AND the make_add_list lists # # # If an entry in /etc/minor_perm needs to have its attributes # changed, identify the entry in the list copied to /etc/chattr.$$ # by this function. The fields are: # # <device>:<minor> <old_attrs> <new_attrs> <optional list of logical # devices whose attributes # will need to be changed> # # where an <attribute list> := <perm> <user> <group> # make_chattr_list() { cat > /tmp/chattr.$$ << EOF audio:* 0666 root sys 0600 root sys /dev/sound/* vol:volctl 0600 root sys 0666 root sys /dev/volctl sad:user 0600 root sys 0666 root sys /dev/sad/user se:* 0666 root sys 0600 uucp uucp /dev/cua/* zs:* 0666 root sys 0600 uucp uucp /dev/cua/* su:* 0666 root sys 0600 uucp uucp /dev/cua/* ssd:* 0666 root sys 0640 root sys /dev/dsk/* /dev/rdsk/* dad:* 0600 root sys 0640 root sys /dev/dsk/* /dev/rdsk/* cpc:* 0600 root sys 0666 root sys /devices/pseudo/cpc* log:conslog 0622 root sys 0666 root sys /dev/conslog sy:tty 0666 root sys 0666 root tty /dev/tty cvc:* 0666 root sys 0600 root sys cvcredir:* 0666 root sys 0600 root sys ssm:* 0600 root sys 0640 root sys /devices/ssm*:* icmp:icmp 0600 root sys 0666 root sys /dev/rawip icmp6:icmp6 0600 root sys 0666 root sys /dev/rawip6 ip:ip 0660 root sys 0666 root sys /dev/ip ip6:ip6 0660 root sys 0666 root sys /dev/ip6 rts:rts 0660 root sys 0666 root sys /dev/rts keysock:keysock 0600 root sys 0666 root sys /dev/keysock ipsecah:ipsecah 0600 root sys 0666 root sys /dev/ipsecah ipsecesp:ipsecesp 0600 root sys 0666 root sys /dev/ipsecesp spdsock:spdsock 0600 root sys 0666 root sys /dev/spdsock sad:admin 0600 root sys 0666 root sys /dev/sad/admin fssnap:ctl 0600 root sys 0666 root sys /dev/fssnapctl fssnap:* 0600 root sys 0640 root sys /dev/fssnap/* clone:ce 0600 root sys 0666 root sys /dev/ce clone:eri 0600 root sys 0666 root sys /dev/eri clone:ge 0600 root sys 0666 root sys /dev/ge clone:hme 0600 root sys 0666 root sys /dev/hme clone:qfe 0600 root sys 0666 root sys /dev/qfe clone:bge 0600 root sys 0666 root sys /dev/bge clone:igb 0600 root sys 0666 root sys /dev/igb clone:ixgbe 0600 root sys 0666 root sys /dev/ixgbe clone:myri10ge 0600 root sys 0666 root sys /dev/myri10ge clone:rge 0600 root sys 0666 root sys /dev/rge clone:xge 0600 root sys 0666 root sys /dev/xge clone:nge 0600 root sys 0666 root sys /dev/nge clone:e1000g 0666 root root 0666 root sys /dev/e1000g clone:chxge 0600 root sys 0666 root sys /dev/chxge clone:vsw 0600 root sys 0666 root sys /dev/vsw clone:vnet 0600 root sys 0666 root sys /dev/vnet clone:pcwl 0600 root sys 0666 root sys /dev/pcwl clone:pcan 0600 root sys 0666 root sys /dev/pcan clone:afe 0600 root sys 0666 root sys /dev/afe clone:mxfe 0600 root sys 0666 root sys /dev/mxfe clone:rtls 0600 root sys 0666 root sys /dev/rtls bge:* 0600 root sys 0666 root sys /dev/bge* igb:* 0600 root sys 0666 root sys /dev/igb* ixgbe:* 0600 root sys 0666 root sys /dev/ixgbe* myri10ge:* 0600 root sys 0666 root sys /dev/myri10ge* rge:* 0600 root sys 0666 root sys /dev/rge* xge:* 0600 root sys 0666 root sys /dev/xge* nge:* 0600 root sys 0666 root sys /dev/nge* e1000g:* 0666 root root 0666 root sys /dev/e1000g* chxge:* 0600 root sys 0666 root sys /dev/chxge* vsw:* 0600 root sys 0666 root sys /dev/vsw* vnet:* 0600 root sys 0666 root sys /dev/vnet* pcwl:* 0600 root sys 0666 root sys /dev/pcwl* pcan:* 0600 root sys 0666 root sys /dev/pcan* clone:dmfe 0600 root sys 0666 root sys /dev/dmfe dmfe:* 0600 root sys 0666 root sys /dev/dmfe* afe:* 0600 root sys 0666 root sys /dev/afe* mxfe:* 0600 root sys 0666 root sys /dev/mxfe* rtls:* 0600 root sys 0666 root sys /dev/rtls* ipf:* 0600 root sys 0666 root sys /dev/ipf pfil:* 0600 root sys 0666 root sys /dev/pfil scsi_vhci:devctl 0600 root sys 0666 root sys /devices/scsi_vhci:devctl fbt:fbt 0600 root sys 0644 root sys /dev/dtrace/provider/fbt lockstat:* 0600 root sys 0644 root sys /dev/dtrace/provider/lockstat profile:profile 0600 root sys 0644 root sys /dev/dtrace/provider/profile sdt:sdt 0600 root sys 0644 root sys /dev/dtrace/provider/sdt systrace:systrace 0600 root sys 0644 root sys /dev/dtrace/provider/systrace EOF } # # If an entry in /etc/minor_perm needs to be deleted, identify # the entry in the list copied to /etc/delete.$$ by this function. # The fields are: # # <device>:<minor> <optional list of logical devices to be deleted> # make_delete_list() { cat > /tmp/delete.$$ << EOF mm:mbio /dev/mbio /devices/pseudo/mm:mbio mm:mbmem /dev/mbmem /devices/pseudo/mm:mbmem clone:amd,0,aux,audio sw:drum rip:rawip zs:* consfb:consfb win:* rtvc:* gt:* mic:* cgeight-p4:* cgfour:* cgtwo:* id:* xd:* xt:* xy:* ie:* be:* se:ucm se:ucmctl clone:arp clone:icmp clone:ip clone:tcp clone:udp clone:rts clone:ipsecah clone:ipsecesp clone:keysock clone:le clone:pcelx su:* profile:profile clone:qe cgfourteen:* cgeight:* SUNW,sx:* sx_cmem:* stc:* dbri:* SUNW,DBRId:* SUNW,DBRIe:* SUNW,DBRIf:* pcelx:* vni:* EOF } # # If an entry needs to be added to /etc/minor_perm, add the first # field of the entry to the list created by this function. The # remainder of the entry will be extracted from the /etc/minor_perm # in the package being installed, so it is not necessary to supply # it here. # make_add_list() { cat > /tmp/add.$$ << EOF clone:llc1 stc:* mcpzsa:* mcpp:* vol:volctl tl:* tnf:tnfctl tnf:tnfmap zs:[a-z] zs:[a-z],cu sad:user se:* su:[a-z] su:[a-z],cu su:ssp su:sspctl fdthree:* ssd:* dad:* pm:* tod:* SUNW,pmc:* SUNW,mic:* SUNW,fas:devctl cvc:* cvcredir:* devinfo:devinfo envctrltwo:* se:[a-h] se:[a-h],cu se:[0-7],hdlc se:ssp se:sspctl clone:hme clone:eri wc:* arp:arp icmp:icmp icmp6:icmp6 ip:ip ip6:ip6 ipnet:lo0 tcp:tcp tcp6:tcp6 udp:udp udp6:udp6 rts:rts poll:* pool:pool pool:poolctl cpc:shared sysmsg:msglog sysmsg:sysmsg ipsecah:ipsecah ipsecesp:ipsecesp keysock:keysock spdsock:spdsock devinfo:devinfo,ro lofi:* lofi:ctl sgen:* fssnap:* fssnap:ctl pcf8574:* pcf8591:* gpio_87317:* rsm:* random:* mm:allkmem ssm:* bscv:* clone:bge clone:igb clone:ixgbe clone:myri10ge clone:rge clone:xge clone:nge clone:e1000g clone:chxge clone:vsw clone:vnet clone:pcwl clone:pcan clone:afe clone:mxfe clone:rtls bge:* igb:* ixgbe:* myri10ge:* rge:* xge:* nge:* e1000g:* chxge:* vsw:* vnet:* pcwl:* pcan:* afe:* mxfe:* rtls:* clone:dmfe dmfe:* clone:ibd ibd:* sysevent:* ramdisk:* ramdisk:ctl cryptoadm:cryptoadm crypto:crypto dtrace:* fasttrap:fasttrap ipf:* pfil:* bl:* sctp:* sctp6:* dlpistub:* cpuid:self ntwdt:* dld:* mdesc:* zfs:* zfs:zfs scsi_vhci:* kssl:* fbt:fbt profile:profile sdt:sdt softmac:* systrace:systrace physmem:* smbsrv:* vscan:* nsmb:* bmc:bmc iptunq:* fm:* clone:bridge EOF } PATH="/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin" export PATH # Internal routine to create a sed script which can be used to # escape all shell globbing metacharacters in a path. create_esc_sedscript() { cat > /tmp/esc.sed.$$ << EOF s/\*/\\\\*/g s/\?/\\\\?/g s/\[/\\\\[/g s/\]/\\\\]/g EOF } # Internal routine to convert an entry in a /tmp/chwhatever.$$ file to # an appropriately escaped pattern which can be used to grep into minor_perm. entry2pattern() { # the first argument is the 'key' field from the change file. # entries can contain shell globbing characters to match # several devices - hence all the palaver below. printf '%s' `echo "$1" | sed \ -e 's/\*/\\\\*/g' -e 's/\?/\\\\?/g' \ -e 's/\./\\\\./g' -e 's/\[/\\\\[/g' \ -e 's/\]/\\\\]/g'` shift # the remaining optional arguments are tokens separated by white-space if [ $# = 0 ] ; then printf '[ \t]' else while [ -n "$1" ] do printf '[ \t][ \t]*%s' $1 shift done printf '[ \t]*$' fi } while read src dest do if [ ! -f $dest ] ; then cp $src $dest else rm -f /tmp/*.$$ create_esc_sedscript make_chattr_list make_delete_list make_add_list # # Process the list of devices whose attributes are to be # changed. Find those that actually need to be # applied to the file. For each change that needs # to be applied, add an entry for it to the sed # script that will eventually be applied to the # currently-installed /etc/minor_perm file. Also, # add an entry to the /tmp/chdevs.$$ file, which # contains the list of logical names of devices # whose permissions need to be changed. # cat /tmp/chattr.$$ | \ while read key oldp oldu oldg newp newu newg chdevs do do_chdevs=no # # First determine whether the device entry # is already in the file, but with the old # permissions. If so, the entry needs to be # modified and the devices in the chdevs list # need to have their permissions and ownerships # changed. # grepstr=`entry2pattern "${key}" $oldp $oldu $oldg` if grep "$grepstr" $dest > /dev/null 2>&1; then echo "s/${grepstr}/$key $newp $newu $newg/" \ >> /tmp/sedscript.$$ do_chdevs=yes fi # # Now determine whether the device entry is # in the file at all. If not, it is a new # entry, but there may already be devices # on the system whose permissions need to # be changed. # grepstr=`entry2pattern "${key}"` grep "${grepstr}" $dest > /dev/null 2>&1 if [ $? != 0 ] ; then do_chdevs=yes fi if [ $do_chdevs = yes -a "$chdevs" != "" ] ; then xchdevs=`echo "$chdevs" | \ sed -f /tmp/esc.sed.$$` for m in $xchdevs ; do echo "$m" $oldp $oldu $oldg \ $newp $newu $newg >> /tmp/chdevs.$$ done fi done # # Make sure /dev/volctl gets its permissions corrected. # (systems upgraded from 2.2 to 2.3 may have a correct # entry for /dev/volctl in the /etc/minor_perm file # but the actual /dev/volctl node may have the wrong # permissions.) # echo /dev/volctl 0600 root sys 0666 root sys >> /tmp/chdevs.$$ if [ -s /tmp/chdevs.$$ ] ; then sort -u /tmp/chdevs.$$ > /tmp/tmp.$$ mv /tmp/tmp.$$ /tmp/chdevs.$$ fi # # Process the list of devices to be deleted. # Find those that actually need to be deleted # from the file. For each entry to be deleted, # add an entry for it to the sed script that will # eventually be applied to the currently-installed # /etc/minor_perm file. Also, add an entry to the # /tmp/deldevs.$$ file, which contains the list of # logical names of devices to be deleted. # cat /tmp/delete.$$ | while read key deldevs do grepstr=`entry2pattern "${key}"` if grep "$grepstr" $dest > /dev/null 2>&1; then echo "/${grepstr}/d" >> /tmp/sedscript.$$ if [ "$deldevs" != "" ] ; then xdeldevs=`echo "$deldevs" | \ sed -f /tmp/esc.sed.$$` for m in $xdeldevs ; do echo "$m" >> /tmp/deldevs.$$ done fi fi done if [ -s /tmp/deldevs.$$ ] ; then sort -u /tmp/deldevs.$$ > /tmp/tmp.$$ mv /tmp/tmp.$$ /tmp/deldevs.$$ fi # # Apply the sed script built above to the # currently-installed /etc/minor_perm file. # if [ -s /tmp/sedscript.$$ ] ; then sed -f /tmp/sedscript.$$ $dest > /tmp/tmp.$$ cp /tmp/tmp.$$ $dest fi # # Special case code to handle bug in 2.1, 2.2, and # early 2.3 releases: the link from /dev/sound/* # has one extra set of "../"'s in the link. This # doesn't cause problems in normal operation # because ".."'s that would take the search path # higher than the real root are ignored. However, # during upgrade, when the system being upgraded is # mounted at /a, the extra ".." in the link causes # the link to be unresolvable. The link must be # corrected so that the chmod of /dev/sound/* # works. # if [ "$PKG_INSTALL_ROOT" != "" -a "$PKG_INSTALL_ROOT" != "/" ] then for i in $PKG_INSTALL_ROOT/dev/sound/* ; do if [ "$i" = "$PKG_INSTALL_ROOT/dev/sound/*" ] then break; fi # if it's not a symlink, continue if [ ! -h $i ] ; then continue fi ls -L $i >/dev/null 2>&1 if [ $? = 0 ] ; then # link is already OK continue fi # otherwise, link can't be followed # build the correct link link=`ls -l $i | sed 's,.* ,,'` link=`expr $link : '\.\.\/\(.*\)'` if [ "$link" = "" ] ; then continue; fi # build a test link rm -f $PKG_INSTALL_ROOT/dev/sound/test.$$ ln -s $link $PKG_INSTALL_ROOT/dev/sound/test.$$ # test the link ls -L $PKG_INSTALL_ROOT/dev/sound/test.$$ \ >/dev/null 2>&1 # it worked, so replace old link with new if [ $? = 0 ] ; then rm -f $i ln -s $link $i fi rm -f $PKG_INSTALL_ROOT/dev/sound/test.$$ done fi # For all entries in minor_perm whose attributes had # to be corrected, correct the relevant attributes of the # already-existing devices that correspond to those # entries. # if [ -s /tmp/chdevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ "$PKG_INSTALL_ROOT" != "/" ] ; then cat /tmp/chdevs.$$ |\ while read device oldp oldu oldg newp newu newg do # # Note that we take pains -only- to change # the permission/ownership of devices that # have kept their original permissions. # for dev in $PKG_INSTALL_ROOT/$device; do find $dev -follow -perm $oldp -exec \ chmod $newp $dev \; >/dev/null 2>&1 find $dev -follow -user $oldu -exec \ chown $newu $dev \; >/dev/null 2>&1 find $dev -follow -group $oldg -exec \ chgrp $newg $dev \; >/dev/null 2>&1 done done fi # # For all entries in minor_perm that were deleted, # remove the /dev entries that point to device nodes # that correspond to those entries. # if [ -s /tmp/deldevs.$$ -a "$PKG_INSTALL_ROOT" != "" -a \ "$PKG_INSTALL_ROOT" != "/" ] ; then cat /tmp/deldevs.$$ | while read device do rm -f $PKG_INSTALL_ROOT/$device done fi cat /tmp/add.$$ | while read key do grepstr=`entry2pattern "${key}"` grep "$grepstr" $dest > /dev/null 2>&1 if [ $? != 0 ] ; then grep "$grepstr" $src >> $dest fi done rm -f /tmp/*.$$ fi done exit 0