* grub-core/commands/legacycfg.c (legacy_file): Default to restricted

entries.
	* grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise.
	* docs/grub.texi: Update menuentry description.
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2012-05-02 10:26:09 +02:00
parent 8db10f47fe
commit dc478aeae5
4 changed files with 32 additions and 9 deletions

View file

@ -1,3 +1,10 @@
2012-05-02 Vladimir Serbinenko <phcoder@gmail.com>
* grub-core/commands/legacycfg.c (legacy_file): Default to restricted
entries.
* grub-core/commands/menuentry.c (grub_cmd_menuentry): Likewise.
* docs/grub.texi: Update menuentry description.
2012-05-02 Vladimir Serbinenko <phcoder@gmail.com> 2012-05-02 Vladimir Serbinenko <phcoder@gmail.com>
* util/grub-setup.c (setup): Remove duplicate call to embed. Fixes * util/grub-setup.c (setup): Remove duplicate call to embed. Fixes

View file

@ -1437,7 +1437,7 @@ definitions do not affect the exit status in @code{$?}. When executed, the
exit status of a function is the exit status of the last command executed in exit status of a function is the exit status of the last command executed in
the body. the body.
@item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @} @item menuentry @var{title} [@option{--class=class} @dots{}] [@option{--users=users}] [@option{--unrestricted}] [@option{--hotkey=key}] @{ @var{command}; @dots{} @}
@xref{menuentry}. @xref{menuentry}.
@end table @end table
@ -2960,7 +2960,7 @@ These commands can only be used in the menu:
@deffn Command menuentry @var{title} @ @deffn Command menuentry @var{title} @
[@option{--class=class} @dots{}] [@option{--users=users}] @ [@option{--class=class} @dots{}] [@option{--users=users}] @
[@option{--hotkey=key}] @ [@option{--unrestricted}] [@option{--hotkey=key}] @
@{ @var{command}; @dots{} @} @{ @var{command}; @dots{} @}
This defines a GRUB menu entry named @var{title}. When this entry is This defines a GRUB menu entry named @var{title}. When this entry is
selected from the menu, GRUB will set the @var{chosen} environment variable selected from the menu, GRUB will set the @var{chosen} environment variable
@ -2975,6 +2975,9 @@ different styles.
The @option{--users} option grants specific users access to specific menu The @option{--users} option grants specific users access to specific menu
entries. @xref{Security}. entries. @xref{Security}.
The @option{--unrestricted} option grants all users access to specific menu
entries. @xref{Security}.
The @option{--hotkey} option associates a hotkey with a menu entry. The @option{--hotkey} option associates a hotkey with a menu entry.
@var{key} may be a single letter, or one of the aliases @samp{backspace}, @var{key} may be a single letter, or one of the aliases @samp{backspace},
@samp{tab}, or @samp{delete}. @samp{tab}, or @samp{delete}.
@ -2986,7 +2989,7 @@ The @option{--hotkey} option associates a hotkey with a menu entry.
@deffn Command submenu @var{title} @ @deffn Command submenu @var{title} @
[@option{--class=class} @dots{}] [@option{--users=users}] @ [@option{--class=class} @dots{}] [@option{--users=users}] @
[@option{--hotkey=key}] @ [@option{--unrestricted}] [@option{--hotkey=key}] @
@{ @var{menu entries} @dots{} @} @{ @var{menu entries} @dots{} @}
This defines a submenu. An entry called @var{title} will be added to the This defines a submenu. An entry called @var{title} will be added to the
menu; when that entry is selected, a new menu will be displayed showing all menu; when that entry is selected, a new menu will be displayed showing all
@ -4061,8 +4064,10 @@ restricted to superusers.
Other users may be given access to specific menu entries by giving a list of Other users may be given access to specific menu entries by giving a list of
usernames (as above) using the @option{--users} option to the usernames (as above) using the @option{--users} option to the
@samp{menuentry} command (@pxref{menuentry}). If the @option{--users} @samp{menuentry} command (@pxref{menuentry}). If the @option{--unrestricted}
option is not used for a menu entry, then that entry is unrestricted. option is used for a menu entry, then that entry is unrestricted.
If the @option{--users} option is not used for a menu entry, then that
only superusers are able to use it.
Putting this together, a typical @file{grub.cfg} fragment might look like Putting this together, a typical @file{grub.cfg} fragment might look like
this: this:
@ -4073,7 +4078,7 @@ set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring
password user1 insecure password user1 insecure
menuentry "May be run by any user" @{ menuentry "May be run by any user" --unrestricted @{
set root=(hd0,1) set root=(hd0,1)
linux /vmlinuz linux /vmlinuz
@} @}

View file

@ -123,7 +123,8 @@ legacy_file (const char *filename)
return grub_errno; return grub_errno;
} }
args[0] = oldname; args[0] = oldname;
grub_normal_add_menu_entry (1, args, NULL, NULL, NULL, NULL, NULL, grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
NULL, NULL,
entrysrc, 0); entrysrc, 0);
grub_free (args); grub_free (args);
entrysrc[0] = 0; entrysrc[0] = 0;

View file

@ -37,6 +37,8 @@ static const struct grub_arg_option options[] =
{"source", 4, 0, {"source", 4, 0,
N_("Use STRING as menu entry body."), N_("STRING"), ARG_TYPE_STRING}, N_("Use STRING as menu entry body."), N_("STRING"), ARG_TYPE_STRING},
{"id", 0, 0, N_("Menu entry identifier."), N_("STRING"), ARG_TYPE_STRING}, {"id", 0, 0, N_("Menu entry identifier."), N_("STRING"), ARG_TYPE_STRING},
{"unrestricted", 0, 0, N_("This entry can be booted by any user."),
0, ARG_TYPE_NONE},
{0, 0, 0, 0, 0, 0} {0, 0, 0, 0, 0, 0}
}; };
@ -254,6 +256,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
char *prefix; char *prefix;
unsigned len; unsigned len;
grub_err_t r; grub_err_t r;
const char *users;
if (! argc) if (! argc)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments"); return grub_error (GRUB_ERR_BAD_ARGUMENT, "missing arguments");
@ -264,12 +267,19 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
if (! ctxt->state[3].set && ! ctxt->script) if (! ctxt->state[3].set && ! ctxt->script)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition"); return grub_error (GRUB_ERR_BAD_ARGUMENT, "no menuentry definition");
if (ctxt->state[1].set)
users = ctxt->state[1].arg;
else if (ctxt->state[5].set)
users = NULL;
else
users = "";
if (! ctxt->script) if (! ctxt->script)
return grub_normal_add_menu_entry (argc, (const char **) args, return grub_normal_add_menu_entry (argc, (const char **) args,
(ctxt->state[0].set ? ctxt->state[0].args (ctxt->state[0].set ? ctxt->state[0].args
: NULL), : NULL),
ctxt->state[4].arg, ctxt->state[4].arg,
ctxt->state[1].arg, users,
ctxt->state[2].arg, 0, ctxt->state[2].arg, 0,
ctxt->state[3].arg, ctxt->state[3].arg,
ctxt->extcmd->cmd->name[0] == 's'); ctxt->extcmd->cmd->name[0] == 's');
@ -287,7 +297,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
r = grub_normal_add_menu_entry (argc - 1, (const char **) args, r = grub_normal_add_menu_entry (argc - 1, (const char **) args,
ctxt->state[0].args, ctxt->state[4].arg, ctxt->state[0].args, ctxt->state[4].arg,
ctxt->state[1].arg, users,
ctxt->state[2].arg, prefix, src + 1, ctxt->state[2].arg, prefix, src + 1,
ctxt->extcmd->cmd->name[0] == 's'); ctxt->extcmd->cmd->name[0] == 's');