%defattr(600,root,root,700)
%attr(700,root,root) %{_libdir}/security/pam_*.so
%attr(700,root,root) %{_sbindir}/nsattach
+%attr(700,root,root) %{_sbindir}/activate-zone
%config /etc/pam.d/*
INSTALL(TARGETS ${PAM_ZONE_CLI_NAME} DESTINATION sbin)
INSTALL(FILES pam.d/nsattach DESTINATION ${PAMD_INSTALL_DIR})
INSTALL(FILES pam.d/systemd-user-zone DESTINATION ${PAMD_INSTALL_DIR})
+INSTALL(FILES cli/activate-zone DESTINATION sbin)
--- /dev/null
+#!/bin/bash
+
+usage() {
+ echo "Usage :"
+ echo " Zone-enable : $0 y" >&2
+ echo " Zone-disable : $0 n" >&2
+ echo " Activation state : $0 info" >&2
+ exit 1
+}
+
+nowstate()
+{
+ if [ -f /etc/pam.d/systemd-user.bak ]
+ then
+ echo "enabled"
+ else
+ echo "disabled"
+ fi
+}
+
+zoneenable()
+{
+ if [ `nowstate` = "enabled" ]
+ then
+ echo "Already zone-enabled";
+ exit 0
+ fi
+
+ /bin/mv /etc/pam.d/systemd-user /etc/pam.d/systemd-user.bak
+ /bin/cp /etc/pam.d/systemd-user-zone /etc/pam.d/systemd-user
+ /bin/sync
+}
+
+zonedisable()
+{
+ if [ `nowstate` = "disabled" ]
+ then
+ echo "Already zone-disabled";
+ exit 0
+ fi
+
+ /bin/mv /etc/pam.d/systemd-user.bak /etc/pam.d/systemd-user
+ /bin/sync
+}
+
+if [ $EUID -ne 0 ]; then
+ echo "Root permission is required." 1>&2
+ exit 1
+fi
+
+case "${1}" in
+"y"|"Y")
+ zoneenable ;;
+"n"|"N")
+ zonedisable ;;
+"i"|"info")
+ nowstate ;;
+*)
+ usage
+esac
+
+exit 0
+
+