Print this page
smf: switch to a tri-state for process-security properties true=on,false=off,nil=default
*** 31,40 ****
--- 31,41 ----
#include "libscf_impl.h"
#include <assert.h>
#include <libuutil.h>
#include <string.h>
+ #include <strings.h>
#include <stdlib.h>
#include <sys/systeminfo.h>
#include <sys/uadmin.h>
#include <sys/utsname.h>
#include <sys/secflags.h>
*** 361,376 ****
*
* Unfortunately, this symbol must _exist_ in the native build, for the sake
* of the mapfile, even though we don't ever use it, and it will never work.
*/
struct group_desc {
! secflagset_t *set;
char *fmri;
};
int
! scf_default_secflags(scf_handle_t *hndl, psecflags_t *flags)
{
#if !defined(NATIVE_BUILD)
scf_property_t *prop;
scf_value_t *val;
const char *flagname;
--- 362,377 ----
*
* Unfortunately, this symbol must _exist_ in the native build, for the sake
* of the mapfile, even though we don't ever use it, and it will never work.
*/
struct group_desc {
! secflagdelta_t *delta;
char *fmri;
};
int
! scf_default_secflags(scf_handle_t *hndl, scf_secflags_t *flags)
{
#if !defined(NATIVE_BUILD)
scf_property_t *prop;
scf_value_t *val;
const char *flagname;
*** 384,401 ****
{NULL, "svc:/system/process-security/"
":properties/upper"},
{NULL, NULL}
};
! groups[0].set = &flags->psf_inherit;
! groups[1].set = &flags->psf_lower;
! groups[2].set = &flags->psf_upper;
! /* Ensure sane defaults */
! psecflags_default(flags);
! for (g = groups; g->set != NULL; g++) {
for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
flag++) {
char *pfmri;
uint8_t flagval = 0;
--- 385,401 ----
{NULL, "svc:/system/process-security/"
":properties/upper"},
{NULL, NULL}
};
! bzero(flags, sizeof (*flags));
! groups[0].delta = &flags->ss_default;
! groups[1].delta = &flags->ss_lower;
! groups[2].delta = &flags->ss_upper;
! for (g = groups; g->delta != NULL; g++) {
for (flag = 0; (flagname = secflag_to_str(flag)) != NULL;
flag++) {
char *pfmri;
uint8_t flagval = 0;
*** 419,442 ****
goto next;
(void) scf_value_get_boolean(val, &flagval);
if (flagval != 0)
! secflag_set(g->set, flag);
else
! secflag_clear(g->set, flag);
next:
uu_free(pfmri);
scf_value_destroy(val);
scf_property_destroy(prop);
}
}
- if (!psecflags_validate(flags))
- return (-1);
-
return (0);
#else
assert(0);
abort();
#endif /* !NATIVE_BUILD */
--- 419,439 ----
goto next;
(void) scf_value_get_boolean(val, &flagval);
if (flagval != 0)
! secflag_set(&g->delta->psd_add, flag);
else
! secflag_set(&g->delta->psd_rem, flag);
next:
uu_free(pfmri);
scf_value_destroy(val);
scf_property_destroy(prop);
}
}
return (0);
#else
assert(0);
abort();
#endif /* !NATIVE_BUILD */