[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] XSM:FLASK support for domain management under Xen-API



# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190547907 -3600
# Node ID 40d88481cd3f4abc01053508b9c9290e5aa9662e
# Parent  5957d62f72901859327506629a8c7a78e7417c4f
XSM:FLASK support for domain management under Xen-API
Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
---
 tools/python/xen/util/xsm/acm/acm.py     |   25 +++++++++++++++++++++++--
 tools/python/xen/util/xsm/dummy/dummy.py |    3 +++
 tools/python/xen/util/xsm/flask/flask.py |    4 ++++
 tools/python/xen/xend/XendDomainInfo.py  |   21 ++-------------------
 tools/python/xen/xm/xenapi_create.py     |    9 +++------
 5 files changed, 35 insertions(+), 27 deletions(-)

diff -r 5957d62f7290 -r 40d88481cd3f tools/python/xen/util/xsm/acm/acm.py
--- a/tools/python/xen/util/xsm/acm/acm.py      Sun Sep 23 12:18:36 2007 +0100
+++ b/tools/python/xen/util/xsm/acm/acm.py      Sun Sep 23 12:45:07 2007 +0100
@@ -1308,12 +1308,33 @@ def parse_security_label(security_label)
         return security_label
 
 def set_security_label(policy, label):
-    policytype = xsconstants.ACM_POLICY_ID
     if label != "" and policy != "":
-        return "%s:%s:%s" % (policytype, policy, label)
+        return "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
     else:
         return ""
 
 def ssidref2security_label(ssidref):
     from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
     return XSPolicyAdminInstance().ssidref_to_vmlabel(ssidref)
+
+def get_security_label(self, xspol=None):
+    """
+       Get the security label of a domain
+       @param xspol   The policy to use when converting the ssid into
+                      a label; only to be passed during the updating
+                      of the policy
+    """
+    domid = self.getDomid()
+
+    if not xspol:
+        from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
+        xspol = XSPolicyAdminInstance().get_loaded_policy()
+
+    if domid == 0:
+        if xspol:
+            label = xspol.policy_get_domain_label_formatted(domid)
+        else:
+            label = ""
+    else:
+        label = self.info.get('security_label', '')
+    return label
diff -r 5957d62f7290 -r 40d88481cd3f tools/python/xen/util/xsm/dummy/dummy.py
--- a/tools/python/xen/util/xsm/dummy/dummy.py  Sun Sep 23 12:18:36 2007 +0100
+++ b/tools/python/xen/util/xsm/dummy/dummy.py  Sun Sep 23 12:45:07 2007 +0100
@@ -51,3 +51,6 @@ def ssidref2security_label(ssidref):
 
 def has_authorization(ssidref):
     return True
+
+def get_security_label(self, xspol=None):
+    return ""
diff -r 5957d62f7290 -r 40d88481cd3f tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py  Sun Sep 23 12:18:36 2007 +0100
+++ b/tools/python/xen/util/xsm/flask/flask.py  Sun Sep 23 12:45:07 2007 +0100
@@ -35,3 +35,7 @@ def set_security_label(policy, label):
 
 def ssidref2security_label(ssidref):
     return ssidref2label(ssidref)
+
+def get_security_label(self, xspol=None):
+    label = self.info.get('security_label', '')
+    return label
diff -r 5957d62f7290 -r 40d88481cd3f tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Sun Sep 23 12:18:36 2007 +0100
+++ b/tools/python/xen/xend/XendDomainInfo.py   Sun Sep 23 12:45:07 2007 +0100
@@ -2275,25 +2275,8 @@ class XendDomainInfo:
 
 
     def get_security_label(self, xspol=None):
-        """
-           Get the security label of a domain
-           @param xspol   The policy to use when converting the ssid into
-                          a label; only to be passed during the updating
-                          of the policy
-        """
-        domid = self.getDomid()
-
-        if not xspol:
-            from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
-            xspol = XSPolicyAdminInstance().get_loaded_policy()
-
-        if domid == 0:
-            if xspol:
-                label = xspol.policy_get_domain_label_formatted(domid)
-            else:
-                label = ""
-        else:
-            label = self.info.get('security_label', '')
+        import xen.util.xsm.xsm as security
+        label = security.get_security_label(self, xspol)
         return label
 
     def set_security_label(self, seclab, old_seclab, xspol=None,
diff -r 5957d62f7290 -r 40d88481cd3f tools/python/xen/xm/xenapi_create.py
--- a/tools/python/xen/xm/xenapi_create.py      Sun Sep 23 12:18:36 2007 +0100
+++ b/tools/python/xen/xm/xenapi_create.py      Sun Sep 23 12:45:07 2007 +0100
@@ -26,6 +26,7 @@ from xen.xend.XendAPIConstants import XE
      XEN_API_ON_CRASH_BEHAVIOUR
 from xen.xm.opts import OptionError
 from xen.util import xsconstants
+import xen.util.xsm.xsm as security
 
 import sys
 import os
@@ -569,7 +570,7 @@ class sxp2xml:
         if sec_data:
             try :
                 vm.attributes['security_label'] = \
-                      "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, 
sec_data[0][1][1],sec_data[0][2][1])
+                                    
security.set_security_label(sec_data[0][1][1],sec_data[0][2][1])
             except Exception, e:
                 raise "Invalid security data format: %s" % str(sec_data)
 
@@ -753,11 +754,7 @@ class sxp2xml:
         policy = get_child_by_name(vif_sxp, "policy")
         label = get_child_by_name(vif_sxp, "label")
 
-        if label and policy:
-            vif.attributes["security_label"] \
-                 = "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, policy, label)
-        else:
-            vif.attributes["security_label"] = ""
+        vif.attributes["security_label"] = security.set_security_label(policy, 
label)
 
         if get_child_by_name(vif_sxp, "bridge") is not None:
             vif.attributes["network"] \

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.