$NetBSD: patch-bf,v 1.1.1.1 2006/07/02 16:49:31 bouyer Exp $

--- security/example.txt.orig	2006-01-31 17:09:21.000000000 +0100
+++ security/example.txt
@@ -22,10 +22,10 @@ Other policies work similarly. Feedback 
 Successful execution should print:
 
     [root@laptopxn security]# xensec_xml2bin chwall_ste
-    Validating label file /etc/xen/acm-security/policies/chwall_ste/chwall_ste-security_label_template.xml...
-    XML Schema /etc/xen/acm-security/policies/security_policy.xsd valid.
-    Validating policy file /etc/xen/acm-security/policies/chwall_ste/chwall_ste-security_policy.xml...
-    XML Schema /etc/xen/acm-security/policies/security_policy.xsd valid.
+    Validating label file @XENDCONFDIR@/acm-security/policies/chwall_ste/chwall_ste-security_label_template.xml...
+    XML Schema @XENDCONFDIR@/acm-security/policies/security_policy.xsd valid.
+    Validating policy file @XENDCONFDIR@/acm-security/policies/chwall_ste/chwall_ste-security_policy.xml...
+    XML Schema @XENDCONFDIR@/acm-security/policies/security_policy.xsd valid.
     Creating ssid mappings ...
     Creating label mappings ...
     Max chwall labels:  7
@@ -35,14 +35,14 @@ Successful execution should print:
     Max ste-types:      6
     Max ste-ssids:      10
 
-By default, the tool looks in directory /etc/xen/acm-security/policies
+By default, the tool looks in directory @XENDCONFDIR@/acm-security/policies
 for a directory that matches the policy name (i.e. chwall_ste) to find
 the label and policy files.
-The '-d' option can be used to override the /etc/xen/acm-security/policies
+The '-d' option can be used to override the @XENDCONFDIR@/acm-security/policies
 directory, for example if running the tool in the Xen security tool build
 directory.
 
-The default policy directory structure under /etc/xen/acm-security (and
+The default policy directory structure under @XENDCONFDIR@/acm-security (and
 the Xen security tool build directory - tools/security) looks like:
 
 policies
@@ -71,7 +71,7 @@ definitions that group types together an
 users.
 
 After executing the above xensec_xml2bin command, you will find 2 new
-files in the /etc/xen/acm-security/policies/chwall_ste sub-directory:
+files in the @XENDCONFDIR@/acm-security/policies/chwall_ste sub-directory:
 
   chwall_ste.map ... this file includes the mapping
     of names from the xml files into their binary code representation.
@@ -92,11 +92,11 @@ To activate the policy from the command 
 currently established policy is the minimal boot-policy that is
 hard-coded into the hypervisor):
 
-# xensec_tool loadpolicy /etc/xen/acm-security/policies/chwall_ste/chwall_ste.bin
+# xensec_tool loadpolicy @XENDCONFDIR@/acm-security/policies/chwall_ste/chwall_ste.bin
 
 To activate the policy at next reboot:
 
-# cp /etc/xen/acm-security/policies/chwall_ste/chwall_ste.bin /boot
+# cp @XENDCONFDIR@/acm-security/policies/chwall_ste/chwall_ste.bin /boot
 
 Add a module line to your /boot/grub/grub.conf Xen entry.
 My boot entry with chwall_ste enabled looks like this:
@@ -134,12 +134,12 @@ assign labels to user domains.
 
 To show available labels for the chwall_ste policy:
 
-# /etc/xen/acm-security/scripts/setlabel.sh -l
+# @XENDCONFDIR@/acm-security/scripts/setlabel.sh -l
 
 lists all available labels. For the default chwall_ste it should print
 the following:
 
-    [root@laptopxn security]# /etc/xen/acm-security/scripts/setlabel.sh -l chwall_ste
+    [root@laptopxn security]# @XENDCONFDIR@/acm-security/scripts/setlabel.sh -l chwall_ste
     The following labels are available:
     dom_SystemManagement
     dom_HomeBanking
@@ -162,7 +162,7 @@ since only those are used at this time.
 
 If you would like to assign the dom_HomeBanking label to one of your
 user domains (which you hopefully keep clean), look at the hypothetical
-domain configuration contained in /etc/xen/homebanking.xm:
+domain configuration contained in @XENDCONFDIR@/homebanking.xm:
 
     #------HOMEBANKING---------
     kernel = "/boot/vmlinuz-2.6.12-xenU"
@@ -177,7 +177,7 @@ domain configuration contained in /etc/x
 
 Now we label this domain
 
-[root@laptopxn security]# /etc/xen/acm-securit/scripts/setlabel.sh /etc/xen/homebanking.xm dom_HomeBanking chwall_ste
+[root@laptopxn security]# @XENDCONFDIR@/acm-securit/scripts/setlabel.sh @XENDCONFDIR@/homebanking.xm dom_HomeBanking chwall_ste
 Mapped label 'dom_HomeBanking' to ssidref '0x00020002'.
 
 The domain configuration my look now like:
@@ -259,14 +259,14 @@ a) the policy definition (types etc.) fi
 b) the label template definition (labels etc.) file
 
 If your policy name is "mypolicy", you need to create a
-subdirectory mypolicy in /etc/xen/acm-security/policies.
+subdirectory mypolicy in @XENDCONFDIR@/acm-security/policies.
 
 Then you create
-/etc/xen/acm-security/policies/mypolicy/mypolicy-security_policy.xml and
-/etc/xen/acm-security/policies/mypolicy/mypolicy-security_label_template.xml.
+@XENDCONFDIR@/acm-security/policies/mypolicy/mypolicy-security_policy.xml and
+@XENDCONFDIR@/acm-security/policies/mypolicy/mypolicy-security_label_template.xml.
 
 You need to keep to the schema as defined in
-/etc/xen/acm-security/security_policy.xsd since the translation tool
+@XENDCONFDIR@/acm-security/security_policy.xsd since the translation tool
 xensec_xml2bin is written against this schema.
 
 If you keep to the security policy schema, then you can use all the
@@ -333,7 +333,7 @@ files:
   the policy name that you choose to use.
 
   To get a feel for the tool, you could use one of the example policy definition
-  files from /etc/xen/acm-security/policies as input.
+  files from @XENDCONFDIR@/acm-security/policies as input.
 
 
   Security Policy Labeling:
@@ -379,4 +379,4 @@ files:
   naming conventions based on the policy name that you choose to use.
 
   To get a feel for the tool, you could use one of the example policy definition
-  and label template definition files from /etc/xen/acm-security/policies as input.
+  and label template definition files from @XENDCONFDIR@/acm-security/policies as input.
