Xen devel - Jun 2006 - [PATCH][ACM][UPDATE] python tools and support for resource labeling

Same as previous patch, except that we no longer use xml marshaling.

Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com>
Signed-off-by: Reiner Sailer <sailer@us.ibm.com>





_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On Wed, Jun 28, 2006 at 05:28:26PM -0400, Bryan D. Payne wrote:
> Same as previous patch, except that we no longer use xml marshaling.
> 
> Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com>
> Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
This patch continues to be a problem:
> @@ -999,6 +1008,19 @@ def xm_block_attach(args):
>      if len(args) == 5:
>          vbd.append([''backend'', args[4]])
>  
> +    # verify that policy permits attaching this resource
> +    try:
> +        dominfo = server.xend.domain(dom)
> +        domid = sxp.child_value(dominfo, ''domid'')
> +        (tmp1, label, tmp2, tmp3) = security.get_ssid(domid)
> +        security.res_security_check(args[1], label)
> +    except security.ACMError, e:
> +        print e.value
> +        sys.exit(1)
> +    except:
> +        traceback.print_exc(limit=1)
> +        sys.exit(1)
> +
>      server.xend.domain.device_create(dom, vbd)
If there is no security policy in force, then get_ssid throws an ACMError.
This means that all xm-test''s block-attach tests are currently failing.

Ewan.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

> If there is no security policy in force, then get_ssid throws an
ACMError.
> This means that all xm-test''s block-attach tests are currently
failing.
Sorry about that.  I''ll fix it and re-test it all at this end.

Cheers,
bryan


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel