[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] Merge with ia64 tree.



# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1191416850 -3600
# Node ID b1f6e77b69a5f1b459f7269a9b278fa86970408f
# Parent  3165e43ce73421bf6308844a3d0d4f27dab47639
# Parent  aa8944bc4987ee181ca2539bb10112f6b6d1bccb
Merge with ia64 tree.
---
 docs/xen-api/xenapi-datamodel.tex            |   74 +++++++++++++
 tools/libxen/include/xen/api/xen_acmpolicy.h |   17 ++-
 tools/libxen/src/xen_acmpolicy.c             |   35 ++++++
 tools/python/xen/lowlevel/acm/acm.c          |   37 ++++++
 tools/python/xen/util/acmpolicy.py           |    8 +
 tools/python/xen/util/xsm/acm/acm.py         |   47 +++++++-
 tools/python/xen/xend/XendXSPolicy.py        |   31 +++++
 tools/python/xen/xend/XendXSPolicyAdmin.py   |    5 
 tools/python/xen/xm/dumppolicy.py            |   31 +++++
 tools/python/xen/xm/labels.py                |    6 -
 tools/security/secpol_tool.c                 |  150 +++++++++++++++++++--------
 11 files changed, 387 insertions(+), 54 deletions(-)

diff -r 3165e43ce734 -r b1f6e77b69a5 docs/xen-api/xenapi-datamodel.tex
--- a/docs/xen-api/xenapi-datamodel.tex Tue Oct 02 11:31:55 2007 -0600
+++ b/docs/xen-api/xenapi-datamodel.tex Wed Oct 03 14:07:30 2007 +0100
@@ -15057,7 +15057,7 @@ Get the binary policy representation of 
 Get the binary policy representation of the referenced policy.
 
  \noindent {\bf Signature:}
-\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim}
+\begin{verbatim} string get_binary (session_id s, xs ref self)\end{verbatim}
 
 
 \noindent{\bf Arguments:}
@@ -15080,6 +15080,78 @@ string
 
 
 Base64-encoded representation of the binary policy.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_enforced\_binary}
+
+{\bf Overview:}
+Get the binary policy representation of the currently enforced ACM policy.
+In case the default policy is loaded in the hypervisor, a policy may be
+managed by xend that is not yet loaded into the hypervisor.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_enforced_binary (session_id s, xs ref 
self)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt xs ref } & self & reference to the object \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+string
+}
+
+
+Base64-encoded representation of the binary policy.
+\vspace{0.3cm}
+\vspace{0.3cm}
+\vspace{0.3cm}
+\subsubsection{RPC name:~get\_VM\_ssidref}
+
+{\bf Overview:}
+Get the ACM ssidref of the given virtual machine.
+
+ \noindent {\bf Signature:}
+\begin{verbatim} string get_VM_ssidref (session_id s, vm ref vm)\end{verbatim}
+
+
+\noindent{\bf Arguments:}
+
+
+\vspace{0.3cm}
+\begin{tabular}{|c|c|p{7cm}|}
+ \hline
+{\bf type} & {\bf name} & {\bf description} \\ \hline
+{\tt vm ref } & vm & reference to a valid VM \\ \hline
+
+\end{tabular}
+
+\vspace{0.3cm}
+
+ \noindent {\bf Return Type:}
+{\tt
+int
+}
+
+
+The ssidref of the given virtual machine.
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:}
+  {\tt HANDLE\_INVALID, VM\_BAD\_POWER\_STATE, SECURITY\_ERROR}
+
 \vspace{0.3cm}
 \vspace{0.3cm}
 \vspace{0.3cm}
diff -r 3165e43ce734 -r b1f6e77b69a5 
tools/libxen/include/xen/api/xen_acmpolicy.h
--- a/tools/libxen/include/xen/api/xen_acmpolicy.h      Tue Oct 02 11:31:55 
2007 -0600
+++ b/tools/libxen/include/xen/api/xen_acmpolicy.h      Wed Oct 03 14:07:30 
2007 +0100
@@ -108,7 +108,22 @@ xen_acmpolicy_get_binary(xen_session *se
                          xen_xspolicy xspolicy);
 
 /**
- * Get the UUID filed of the given policy.
+ * Get the binary representation (base64-encoded) of the currently
+ * enforced policy.
+ */
+extern bool
+xen_acmpolicy_get_enforced_binary(xen_session *session, char **binary,
+                                  xen_xspolicy xspolicy);
+
+/**
+ * Get the ACM ssidref of the given VM.
+ */
+bool
+xen_acmpolicy_get_VM_ssidref(xen_session *session, int64_t *result,
+                             xen_vm vm);
+
+/**
+ * Get the UUID field of the given policy.
  */
 bool
 xen_acmpolicy_get_uuid(xen_session *session, char **result,
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/libxen/src/xen_acmpolicy.c
--- a/tools/libxen/src/xen_acmpolicy.c  Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/libxen/src/xen_acmpolicy.c  Wed Oct 03 14:07:30 2007 +0100
@@ -217,6 +217,41 @@ xen_acmpolicy_get_binary(xen_session *se
 
 
 bool
+xen_acmpolicy_get_enforced_binary(xen_session *session, char **result,
+                                  xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_enforced_binary");
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_VM_ssidref(xen_session *session,
+                             int64_t *result, xen_vm vm)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = vm }
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    XEN_CALL_("ACMPolicy.get_VM_ssidref");
+    return session->ok;
+}
+
+
+bool
 xen_acmpolicy_get_uuid(xen_session *session, char **result,
                        xen_xspolicy xspolicy)
 {
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/lowlevel/acm/acm.c
--- a/tools/python/xen/lowlevel/acm/acm.c       Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/lowlevel/acm/acm.c       Wed Oct 03 14:07:30 2007 +0100
@@ -26,6 +26,7 @@
 #include <sys/mman.h>
 #include <sys/types.h>
 #include <stdlib.h>
+#include <arpa/inet.h>
 #include <sys/ioctl.h>
 #include <netinet/in.h>
 #include <xen/xsm/acm.h>
@@ -258,6 +259,41 @@ static PyObject *chgpolicy(PyObject *sel
 }
 
 
+static PyObject *getpolicy(PyObject *self, PyObject *args)
+{
+    struct acm_getpolicy getpolicy;
+    int xc_handle, rc;
+    uint8_t pull_buffer[8192];
+    PyObject *result;
+    uint32_t len = sizeof(pull_buffer);
+
+    memset(&getpolicy, 0x0, sizeof(getpolicy));
+    set_xen_guest_handle(getpolicy.pullcache, pull_buffer);
+    getpolicy.pullcache_size = sizeof(pull_buffer);
+
+    if ((xc_handle = xc_interface_open()) <= 0) {
+        PyErr_SetString(PyExc_IOError, ctrlif_op);
+        return NULL;
+    }
+
+    rc = xc_acm_op(xc_handle, ACMOP_getpolicy, &getpolicy, sizeof(getpolicy));
+
+    xc_interface_close(xc_handle);
+
+    if (rc == 0) {
+        struct acm_policy_buffer *header =
+                       (struct acm_policy_buffer *)pull_buffer;
+        if (ntohl(header->len) < sizeof(pull_buffer))
+            len = ntohl(header->len);
+    } else {
+        len = 0;
+    }
+
+    result = Py_BuildValue("is#", rc, pull_buffer, len);
+    return result;
+}
+
+
 static PyObject *relabel_domains(PyObject *self, PyObject *args)
 {
     struct acm_relabel_doms reldoms;
@@ -313,6 +349,7 @@ static PyMethodDef acmMethods[] = {
     {"getssid",     getssid,     METH_VARARGS, "Retrieve label information and 
ssidref for a domain"},
     {"getdecision", getdecision, METH_VARARGS, "Retrieve ACM access control 
decision"},
     {"chgpolicy",   chgpolicy,   METH_VARARGS, "Change the policy in one 
step"},
+    {"getpolicy",   getpolicy,   METH_NOARGS , "Get the binary policy from the 
hypervisor"},
     {"relabel_domains", relabel_domains, METH_VARARGS, "Relabel domains"},
     /* end of list (extend list above this line) */
     {NULL, NULL, 0, NULL}
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py        Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/util/acmpolicy.py        Wed Oct 03 14:07:30 2007 +0100
@@ -1264,3 +1264,11 @@ class ACMPolicy(XSPolicy):
             log.info("The following Ch. Wall types in labels were unknown:" \
                      " %s" % list(unknown_chw))
         return rc, mapfile, all_bin.tostring()
+
+    def get_enforced_binary(self):
+        rc, binpol = security.hv_get_policy()
+        if rc != 0:
+            raise SecurityError(-xsconstants.XSERR_HV_OP_FAILED)
+        return binpol
+
+    get_enforced_binary = classmethod(get_enforced_binary)
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/util/xsm/acm/acm.py
--- a/tools/python/xen/util/xsm/acm/acm.py      Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/util/xsm/acm/acm.py      Wed Oct 03 14:07:30 2007 +0100
@@ -109,10 +109,12 @@ def refresh_security_policy():
     """
     global active_policy
 
-    try:
-        active_policy = acm.policy()
-    except:
-        active_policy = "INACTIVE"
+    active_policy = 'INACCESSIBLE'
+    if os.access("/proc/xen/privcmd", os.R_OK|os.W_OK):
+        try:
+            active_policy = acm.policy()
+        except:
+            active_policy = "INACTIVE"
 
 # now set active_policy
 refresh_security_policy()
@@ -295,7 +297,7 @@ def label2ssidref(labelname, policyname,
     maps current policy to default directory
     to find mapping file    """
 
-    if policyname in ['NULL', 'INACTIVE', 'DEFAULT']:
+    if policyname in ['NULL', 'INACTIVE', 'DEFAULT', 'INACCESSIBLE' ]:
         err("Cannot translate labels for \'" + policyname + "\' policy.")
 
     allowed_types = ['ANY']
@@ -507,6 +509,22 @@ def hv_chg_policy(bin_pol, del_array, ch
         rc = -xsconstants.XSERR_HV_OP_FAILED
     return rc, errors
 
+def hv_get_policy():
+    """
+        Gte the binary policy enforced in the hypervisor
+    """
+    rc = -xsconstants.XSERR_GENERAL_FAILURE
+    bin_pol = ""
+    if not on():
+        err("No policy active.")
+    try:
+        rc, bin_pol = acm.getpolicy()
+    except Exception, e:
+        pass
+    if len(bin_pol) == 0:
+        bin_pol = None
+    return rc, bin_pol
+
 
 def make_policy(policy_name):
     policy_file = string.join(string.split(policy_name, "."), "/")
@@ -541,18 +559,31 @@ def load_policy(policy_name):
 
 
 def dump_policy():
-    if active_policy in ['NULL', 'INACTIVE']:
+    if active_policy in ['NULL', 'INACTIVE', 'INACCESSIBLE' ]:
         err("\'" + active_policy + "\' policy. Nothing to dump.")
 
     (ret, output) = commands.getstatusoutput(xensec_tool + " getpolicy")
     if ret:
-       err("Dumping hypervisor policy failed:\n" + output)
+        err("Dumping hypervisor policy failed:\n" + output)
+
     print output
 
 
+def dump_policy_file(filename, ssidref=None):
+    ssid = ""
+    if ssidref:
+        ssid = " " + str(ssidref)
+    (ret, output) = commands.getstatusoutput(xensec_tool + " dumppolicy " +
+                                             filename + ssid)
+    if ret:
+        err("Dumping policy failed:\n" + output)
+
+    print output
+
 
 def list_labels(policy_name, condition):
-    if (not policy_name) and (active_policy) in ["NULL", "INACTIVE", 
"DEFAULT"]:
+    if (not policy_name) and active_policy in \
+              [ 'NULL', 'INACTIVE', 'DEFAULT', 'INACCESSIBLE' ]:
         err("Current policy \'" + active_policy + "\' has no labels 
defined.\n")
 
     (primary, secondary, f, pol_exists) = getmapfile(policy_name)
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/xend/XendXSPolicy.py
--- a/tools/python/xen/xend/XendXSPolicy.py     Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/xend/XendXSPolicy.py     Wed Oct 03 14:07:30 2007 +0100
@@ -16,13 +16,15 @@
 # Copyright (c) 2006 Xensource
 #============================================================================
 
+import base64
 import logging
+from xen.xend import XendDomain
 from xen.xend.XendBase import XendBase
 from xen.xend.XendError import *
+from xen.xend.XendAPIConstants import *
 from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
 from xen.util import xsconstants
 import xen.util.xsm.xsm as security
-import base64
 
 log = logging.getLogger("xend.XendXSPolicy")
 log.setLevel(logging.TRACE)
@@ -184,8 +186,13 @@ class XendACMPolicy(XendXSPolicy):
                    'header' ]
         return XendXSPolicy.getAttrRO() + attrRO
 
+    def getFuncs(self):
+        funcs = [ 'get_enforced_binary', 'get_VM_ssidref' ]
+        return XendBase.getFuncs() + funcs
+
     getClass    = classmethod(getClass)
     getAttrRO   = classmethod(getAttrRO)
+    getFuncs    = classmethod(getFuncs)
 
     def __init__(self, acmpol, record, uuid):
         """ acmpol = actual ACMPolicy object """
@@ -221,3 +228,25 @@ class XendACMPolicy(XendXSPolicy):
     def get_binary(self):
         polbin = self.acmpol.get_bin()
         return base64.b64encode(polbin)
+
+    def get_VM_ssidref(self, vm_ref):
+        dom = XendDomain.instance().get_vm_by_uuid(vm_ref)
+        if not dom:
+            raise InvalidHandleError("VM", vm_ref)
+        if dom._stateGet() not in [ XEN_API_VM_POWER_STATE_RUNNING, \
+                                    XEN_API_VM_POWER_STATE_PAUSED ]:
+            raise VMBadState("Domain is not running or paused.")
+        ssid = security.get_ssid(dom.getDomid())
+        if not ssid:
+            raise SecurityError(-xsconstants.XSERR_GENERAL_FAILURE)
+        return ssid[3]
+
+    def get_enforced_binary(self):
+        polbin = XSPolicyAdminInstance(). \
+                   get_enforced_binary(xsconstants.XS_POLICY_ACM)
+        if polbin:
+            return base64.b64encode(polbin)
+        return None
+
+    get_enforced_binary = classmethod(get_enforced_binary)
+    get_VM_ssidref = classmethod(get_VM_ssidref)
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/xend/XendXSPolicyAdmin.py
--- a/tools/python/xen/xend/XendXSPolicyAdmin.py        Tue Oct 02 11:31:55 
2007 -0600
+++ b/tools/python/xen/xend/XendXSPolicyAdmin.py        Wed Oct 03 14:07:30 
2007 +0100
@@ -324,6 +324,11 @@ class XSPolicyAdmin:
             stes = loadedpol.policy_get_stes_of_vmlabel(tmp[2])
         return stes
 
+    def get_enforced_binary(self, xstype):
+        res = None
+        if xstype == xsconstants.XS_POLICY_ACM:
+            res = ACMPolicy.get_enforced_binary()
+        return res
 
 poladmin = None
 
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/xm/dumppolicy.py
--- a/tools/python/xen/xm/dumppolicy.py Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/xm/dumppolicy.py Wed Oct 03 14:07:30 2007 +0100
@@ -17,9 +17,18 @@
 #============================================================================
 """Display currently enforced policy (low-level hypervisor representation).
 """
+import os
 import sys
-from xen.util.xsm.xsm import XSMError, err, dump_policy
+import base64
+import tempfile
+import commands
+from xen.util.xsm.xsm import XSMError, err, dump_policy, dump_policy_file
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.main import server
+from xen.util import xsconstants
+
+DOM0_UUID = "00000000-0000-0000-0000-000000000000"
 
 def help():
     return """
@@ -30,7 +39,25 @@ def main(argv):
     if len(argv) != 1:
         raise OptionError("No arguments expected.")
 
-    dump_policy()
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        try:
+            bin_pol = server.xenapi.ACMPolicy.get_enforced_binary()
+            if bin_pol:
+                dom0_ssid = server.xenapi.ACMPolicy.get_VM_ssidref(DOM0_UUID)
+                bin = base64.b64decode(bin_pol)
+                try:
+                    fd, filename = tempfile.mkstemp(suffix=".bin")
+                    os.write(fd, bin)
+                    os.close(fd)
+                    dump_policy_file(filename, dom0_ssid)
+                finally:
+                    os.unlink(filename)
+            else:
+                err("No policy is installed.")
+        except Exception, e:
+            err("An error occurred getting the running policy: %s" % str(e))
+    else:
+        dump_policy()
 
 if __name__ == '__main__':
     try:
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/python/xen/xm/labels.py
--- a/tools/python/xen/xm/labels.py     Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/python/xen/xm/labels.py     Wed Oct 03 14:07:30 2007 +0100
@@ -62,6 +62,8 @@ def labels(policy, ptype):
         policy = active_policy
         if active_policy in ['NULL', 'INACTIVE', 'DEFAULT']:
             raise OptionError('No policy active, you must specify a <policy>')
+        if active_policy in ['INACCESSIBLE']:
+            raise OptionError('Cannot access the policy. Try as root.')
 
     if not ptype or ptype == 'dom':
         condition = vm_label_re
@@ -104,9 +106,9 @@ def labels_xapi(policy, ptype):
         for n in names:
             print n
     elif int(policystate['type']) == 0:
-        print "No policy installed on the system."
+        err("No policy installed on the system.")
     else:
-        print "Unsupported type of policy installed on the system."
+        err("Unsupported type of policy installed on the system.")
 
 if __name__ == '__main__':
     main(sys.argv)
diff -r 3165e43ce734 -r b1f6e77b69a5 tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c      Tue Oct 02 11:31:55 2007 -0600
+++ b/tools/security/secpol_tool.c      Wed Oct 03 14:07:30 2007 +0100
@@ -49,7 +49,9 @@ void usage(char *progname)
            "ACTION is one of:\n"
            "\t getpolicy\n"
            "\t dumpstats\n"
-           "\t loadpolicy <binary policy file>\n", progname);
+           "\t loadpolicy <binary policy file>\n"
+           "\t dumppolicy <binary policy file> [Dom-0 ssidref]\n",
+           progname);
     exit(-1);
 }
 
@@ -288,53 +290,93 @@ int acm_domain_getpolicy(int xc_handle)
     return ret;
 }
 
-/************************ load binary policy ******************************/
-
-int acm_domain_loadpolicy(int xc_handle, const char *filename)
+/************************ dump binary policy ******************************/
+
+static int load_file(const char *filename,
+                     uint8_t **buffer, off_t *len)
 {
     struct stat mystat;
-    int ret, fd;
-    off_t len;
-    uint8_t *buffer;
-    uint16_t chwall_ssidref, ste_ssidref;
-
-    if ((ret = stat(filename, &mystat))) {
+    int ret = 0;
+    int fd;
+
+    if ((ret = stat(filename, &mystat)) != 0) {
         printf("File %s not found.\n", filename);
+        ret = errno;
         goto out;
     }
 
-    len = mystat.st_size;
-    if ((buffer = malloc(len)) == NULL) {
+    *len = mystat.st_size;
+
+    if ((*buffer = malloc(*len)) == NULL) {
         ret = -ENOMEM;
         goto out;
     }
+
     if ((fd = open(filename, O_RDONLY)) <= 0) {
         ret = -ENOENT;
         printf("File %s not found.\n", filename);
         goto free_out;
     }
-    ret =acm_get_ssidref(xc_handle, 0, &chwall_ssidref, &ste_ssidref);
-    if (ret < 0) {
+
+    if (*len == read(fd, *buffer, *len))
+        return 0;
+
+free_out:
+    free(*buffer);
+    *buffer = NULL;
+    *len = 0;
+out:
+    return ret;
+}
+
+static int acm_domain_dumppolicy(const char *filename, uint32_t ssidref)
+{
+    uint8_t *buffer = NULL;
+    off_t len;
+    int ret = 0;
+    uint16_t chwall_ssidref, ste_ssidref;
+
+    chwall_ssidref = (ssidref      ) & 0xffff;
+    ste_ssidref    = (ssidref >> 16) & 0xffff;
+
+    if ((ret = load_file(filename, &buffer, &len)) == 0) {
+        acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
+        free(buffer);
+    }
+
+    return ret;
+}
+
+/************************ load binary policy ******************************/
+
+int acm_domain_loadpolicy(int xc_handle, const char *filename)
+{
+    int ret;
+    off_t len;
+    uint8_t *buffer;
+    uint16_t chwall_ssidref, ste_ssidref;
+    struct acm_setpolicy setpolicy;
+
+    ret = load_file(filename, &buffer, &len);
+    if (ret != 0)
+        goto out;
+
+    ret = acm_get_ssidref(xc_handle, 0, &chwall_ssidref, &ste_ssidref);
+    if (ret < 0)
         goto free_out;
-    }
-    if (len == read(fd, buffer, len)) {
-        struct acm_setpolicy setpolicy;
-        /* dump it and then push it down into xen/acm */
-        acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
-        set_xen_guest_handle(setpolicy.pushcache, buffer);
-        setpolicy.pushcache_size = len;
-        ret = xc_acm_op(xc_handle, ACMOP_setpolicy, &setpolicy, 
sizeof(setpolicy));
-
-        if (ret)
-            printf
-                ("ERROR setting policy.\n");
-        else
-            printf("Successfully changed policy.\n");
-
+
+    /* dump it and then push it down into xen/acm */
+    acm_dump_policy_buffer(buffer, len, chwall_ssidref, ste_ssidref);
+    set_xen_guest_handle(setpolicy.pushcache, buffer);
+    setpolicy.pushcache_size = len;
+    ret = xc_acm_op(xc_handle, ACMOP_setpolicy, &setpolicy, sizeof(setpolicy));
+
+    if (ret) {
+        printf("ERROR setting policy.\n");
     } else {
-        ret = -1;
-    }
-    close(fd);
+        printf("Successfully changed policy.\n");
+    }
+
   free_out:
     free(buffer);
   out:
@@ -435,26 +477,56 @@ int main(int argc, char **argv)
     if (argc < 2)
         usage(argv[0]);
 
-    if ((xc_handle = xc_interface_open()) <= 0) {
-        printf("ERROR: Could not open xen privcmd device!\n");
-        exit(-1);
-    }
 
     if (!strcmp(argv[1], "getpolicy")) {
         if (argc != 2)
             usage(argv[0]);
+
+        if ((xc_handle = xc_interface_open()) <= 0) {
+            printf("ERROR: Could not open xen privcmd device!\n");
+            exit(-1);
+        }
+
         ret = acm_domain_getpolicy(xc_handle);
+
+        xc_interface_close(xc_handle);
     } else if (!strcmp(argv[1], "loadpolicy")) {
         if (argc != 3)
             usage(argv[0]);
+
+        if ((xc_handle = xc_interface_open()) <= 0) {
+            printf("ERROR: Could not open xen privcmd device!\n");
+            exit(-1);
+        }
+
         ret = acm_domain_loadpolicy(xc_handle, argv[2]);
+
+        xc_interface_close(xc_handle);
     } else if (!strcmp(argv[1], "dumpstats")) {
         if (argc != 2)
             usage(argv[0]);
+
+        if ((xc_handle = xc_interface_open()) <= 0) {
+            printf("ERROR: Could not open xen privcmd device!\n");
+            exit(-1);
+        }
+
         ret = acm_domain_dumpstats(xc_handle);
+
+        xc_interface_close(xc_handle);
+    } else if (!strcmp(argv[1], "dumppolicy")) {
+        uint32_t ssidref = 0xffffffff;
+        if (argc < 3 || argc > 4)
+            usage(argv[0]);
+        if (argc == 4) {
+            if (!sscanf(argv[3], "%i", &ssidref)) {
+                printf("Error: Could not parse ssidref.\n");
+                exit(-1);
+            }
+        }
+        ret = acm_domain_dumppolicy(argv[2], ssidref);
     } else
         usage(argv[0]);
 
-    xc_interface_close(xc_handle);
-    return ret;
-}
+    return ret;
+}

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.