[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] Don't canonicalise the resource inside res_security_check if security is off.
# HG changeset patch # User Ewan Mellor <ewan@xxxxxxxxxxxxx> # Date 1167744925 0 # Node ID 71eadf04a1f90eb544e83a8ee65b79caa41e0853 # Parent abcd545e7f4c0097c91f3b8f6fd046df6680bb93 Don't canonicalise the resource inside res_security_check if security is off. This had broken use of relative paths to refer to ISOs etc. Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx> --- tools/python/xen/util/security.py | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-) diff -r abcd545e7f4c -r 71eadf04a1f9 tools/python/xen/util/security.py --- a/tools/python/xen/util/security.py Tue Jan 02 13:32:35 2007 +0000 +++ b/tools/python/xen/util/security.py Tue Jan 02 13:35:25 2007 +0000 @@ -637,11 +637,11 @@ def res_security_check(resource, domain_ """ rtnval = 1 - #build canonical resource name - resource = unify_resname(resource) - # if security is on, ask the hypervisor for a decision if on(): + #build canonical resource name + resource = unify_resname(resource) + (label, ssidref, policy) = get_res_security_details(resource) domac = ['access_control'] domac.append(['policy', active_policy]) @@ -660,6 +660,8 @@ def res_security_check(resource, domain_ # security is off, make sure resource isn't labeled else: + # Note, we can't canonicalise the resource here, because people using + # xm without ACM are free to use relative paths. (label, policy) = get_res_label(resource) if policy != 'NULL': raise ACMError("Security is off, but '"+resource+"' is labeled") _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |