|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-3.0.4-testing] Don't canonicalise the resource inside res_security_check if security is off.
# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Date 1167744925 0
# Node ID f014329a4a3aba0135d9d0a613d9cc7292f108c2
# Parent c309f86fde0e3a4dfd5fda745a02e592e6c85560
Don't canonicalise the resource inside res_security_check if security is off.
This had broken use of relative paths to refer to ISOs etc.
Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Based on xen-unstable changeset 13203:71eadf04a1f90eb544e83a8ee65b79caa41e0853
---
tools/python/xen/util/security.py | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff -r c309f86fde0e -r f014329a4a3a tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Tue Jan 02 13:32:35 2007 +0000
+++ b/tools/python/xen/util/security.py Tue Jan 02 13:35:25 2007 +0000
@@ -637,11 +637,11 @@ def res_security_check(resource, domain_
"""
rtnval = 1
- #build canonical resource name
- resource = unify_resname(resource)
-
# if security is on, ask the hypervisor for a decision
if on():
+ #build canonical resource name
+ resource = unify_resname(resource)
+
(label, ssidref, policy) = get_res_security_details(resource)
domac = ['access_control']
domac.append(['policy', active_policy])
@@ -660,6 +660,8 @@ def res_security_check(resource, domain_
# security is off, make sure resource isn't labeled
else:
+ # Note, we can't canonicalise the resource here, because people using
+ # xm without ACM are free to use relative paths.
(label, policy) = get_res_label(resource)
if policy != 'NULL':
raise ACMError("Security is off, but '"+resource+"' is labeled")
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |