xref: /illumos-gate/usr/src/cmd/tsol/misc/relabel.sh (revision 2a8bcb4e) 
1#!/bin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23# Use is subject to license terms.
24#
25# This program is invoked to do the actual file transfer
26# associated with an invocation of the setflabel(3TSOL) function.
27#
28# It executes in the global zone with the user's identity and
29# basic privileges plus the file_dac_search privilege.  This
30# script should not not assume that stdio is available or that
31# any particular environment variables are set.  In particular,
32# the DISPLAY variable will not normally be pre-set.
33#
34# Authorization checks and zone limit privilege checks
35# are done before calling this script. Auditing is done
36# upon return.
37#
38##############################################################
39#
40# Calling sequence:
41#
42# $1 is the global zone real pathname of the source file
43#
44# $2 is the global zone real destination pathname
45#
46# Exit status:
47#
48# 0 on success
49# 1 on error
50#
51##############################################################
52#
53# This script can be customized or replaced to perform
54# additional processing such as tranquility checks, dirty
55# word filtering, copying instead of moving, etc.
56#
57# By default it does a check to determine if the source file
58# is in use by calling fuser(1). However, this check
59# does not work for filesystems that were automounted in
60# non-global zones.
61#
62# Perform a simple tranquility check
63#
64inuse=`/usr/sbin/fuser $1 2>&1 | /usr/bin/cut -d ":" -f2`
65if [ $inuse ]; then
66#
67#	file is in use
68#
69	exit 1
70else
71#
72# Perform an inter-zone move of the data
73	/usr/bin/mv $1 $2
74	exit $?
75fi
76