from-****@i-lov*****
from-****@i-lov*****
2007年 7月 13日 (金) 14:29:59 JST
熊猫です。 > Do you want to enable TOMOYO Linux?[Y/n] > (input "N" key within 10 seconds) それができると嬉しいのですが /bin/bash では 1文字だけ入力するという方法が無いような気がします。 /sbin/getkey が全てのディストリで使えれば良いんですけど。 ↓は現状の /.init ですが、隠し機能として disabled ではなく数字を入力することでプロファイルを切り替えることができるようになっています。 ( disable ではなく disabled と指定させるのは、 SELinux=disabled に倣っているためです。) #! /bin/bash # # Policy Loader. # # Copyright (C) 2005-2007 NTT DATA CORPORATION # # Version: 1.4 2007/04/01 # # Run this script by passing init= to kernel command line option. # You had better not to register this script to /etc/ccs/manager.txt # because all programs can update policies before activating MAC # but this script needn't to be run again after MAC activated. # POLICY_DIR=/etc/ccs/ STATUS="" TOMOYO_NOLOAD=0 TOMOYO_QUIET=0 REAL_INIT=/sbin/init PROC_UNMOUNT=0 if [ ! -d /proc/self/ ]; then mount -nt proc none /proc && PROC_UNMOUNT=1 fi if [ ! -d /proc/ccs/ ]; then [ $PROC_UNMOUNT == 1 ] && umount -n /proc [ $$ == 1 ] && exec $REAL_INIT "$@" echo "You can't run this program for this kernel." exit 1 fi for i in `cat /proc/cmdline` do case $i in (CCS=default) STATUS="default" ;; (CCS=disabled) STATUS="disabled" ;; (CCS=boottest) STATUS="boottest" ;; (CCS=*) STATUS=`echo $i | cut -b 5-` [ -r $POLICY_DIR/status-$STATUS.txt ] || STATUS="" ;; (TOMOYO_NOLOAD) TOMOYO_NOLOAD=1 ;; (TOMOYO_QUIET) TOMOYO_QUIET=1 ;; esac done if [ "x$STATUS" == "x" ]; then TMOUT=10 while : do echo "Press 'Enter' or wait for $TMOUT seconds to use default status." echo "You may input 'disabled' and press 'Enter' to disable MAC in case of emergency." STATUS="" read -p "> " STATUS [ "x$STATUS" == "x" ] && STATUS="default" [ "x$STATUS" == "xdefault" ] && break [ "x$STATUS" == "xdisabled" ] && break [ "x$STATUS" == "xboottest" ] && break [ -r $POLICY_DIR/status-$STATUS.txt ] && break [ "x$STATUS" == "xTOMOYO_NOLOAD" ] && TOMOYO_NOLOAD=1 [ "x$STATUS" == "xTOMOYO_QUIET" ] && TOMOYO_QUIET=1 done fi [ -r $POLICY_DIR/manager.txt ] && cat $POLICY_DIR/manager.txt > /proc/ccs/policy/manager [ -r $POLICY_DIR/system_policy.txt ] && cat $POLICY_DIR/system_policy.txt > /proc/ccs/policy/system_policy [ -r $POLICY_DIR/exception_policy.txt ] && cat $POLICY_DIR/exception_policy.txt > /proc/ccs/policy/exception_policy [ $TOMOYO_NOLOAD == 0 ] && [ -r $POLICY_DIR/domain_policy.txt ] && cat $POLICY_DIR/domain_policy.txt > /proc/ccs/policy/domain_policy [ -r $POLICY_DIR/mapping.txt ] && cat $POLICY_DIR/mapping.txt > /proc/ccs/info/mapping if [ -r $POLICY_DIR/status-$STATUS.txt ]; then cat $POLICY_DIR/status-$STATUS.txt > /proc/ccs/status fi if [ "x$STATUS" == "xdefault" ]; then [ -r $POLICY_DIR/status.txt ] && cat $POLICY_DIR/status.txt > /proc/ccs/status fi if [ "x$STATUS" == "xdisabled" ]; then for i in `seq 0 255`; do echo $i-COMMENT= > /proc/ccs/status; done grep -vF -- -COMMENT= /proc/ccs/status | sed -e 's/[0-9]*$/0/' > /proc/ccs/status fi if [ "x$STATUS" == "xboottest" ]; then echo '0-MAC_FOR_CAPABILITY::=0' > /proc/ccs/status fi if [ $TOMOYO_QUIET == 1 ]; then grep -F TOMOYO_VERBOSE /proc/ccs/status | sed -e 's/[0-9]*$/0/' > /proc/ccs/status fi awk ' BEGIN { domain=0; acl=0; } { if ( $1 == "<kernel>" ) domain++; else if ( $1 != "" && $1 != "use_profile") acl++; } END { print domain " domains. " acl " ACL entries."; } ' /proc/ccs/policy/domain_policy awk ' BEGIN { shared_mem=0; private_mem=0; } { if ( $1 == "Shared:" ) shared_mem = $NF / 1024; else if ( $1 == "Private:" ) private_mem = $NF / 1024; } END { print shared_mem " KB shared. " private_mem " KB private."; } ' /proc/ccs/info/meminfo [ $PROC_UNMOUNT == 1 ] && umount -n /proc [ $$ == 1 ] && exec $REAL_INIT "$@" exit 1