[Xen-changelog] [xen-unstable] ACM: Recover if XML policy representation is missing.

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1196943192 0
# Node ID 3221dff4b460c88f93297f02acca53894ffda7b6
# Parent  3df07c94c9aac344276ce4fcb22da6f33d2c1930
ACM: Recover if XML policy representation is missing.

Recover the system if the XML representation of the currently loaded
policy is missing. Force the installation of the DEFAULT policy.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/python/xen/util/acmpolicy.py         |   27 +++++++++++++++++++++++++++
 tools/python/xen/xend/XendXSPolicyAdmin.py |    6 ++++++
 2 files changed, 33 insertions(+)

diff -r 3df07c94c9aa -r 3221dff4b460 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py        Thu Dec 06 12:12:29 2007 +0000
+++ b/tools/python/xen/util/acmpolicy.py        Thu Dec 06 12:13:12 2007 +0000
@@ -347,6 +347,33 @@ class ACMPolicy(XSPolicy):
             rc = self.compile()
         return rc, errors
 
+    def force_default_policy(klass):
+        """
+           Force the installation of the DEFAULT policy if for
+           example no XML of the current policy is available and
+           the update path with comparisons of old and new policy
+           cannot be taken.
+           This only succeeds if only Domain-0 is running or
+           all guest have the same ssidref as Domain-0.
+        """
+        errors = ""
+
+        acmpol_new = ACMPolicy(xml = get_DEFAULT_policy())
+
+        from xen.lowlevel import acm
+        dom0_ssidref = acm.getssid(0)
+        del_array = ""
+        chg_array = struct.pack("ii",
+                                dom0_ssidref['ssidref'] & 0xffff,
+                                0x1)
+
+        rc, pol_map, bin_pol = acmpol_new.policy_create_map_and_bin()
+        if rc != xsconstants.XSERR_SUCCESS:
+            return rc, errors, acmpol_new
+        rc, errors = security.hv_chg_policy(bin_pol, del_array, chg_array)
+        return rc, errors, acmpol_new
+
+    force_default_policy = classmethod(force_default_policy)
 
     def __do_update_version_check(self, acmpol_new):
         acmpol_old = self
diff -r 3df07c94c9aa -r 3221dff4b460 tools/python/xen/xend/XendXSPolicyAdmin.py
--- a/tools/python/xen/xend/XendXSPolicyAdmin.py        Thu Dec 06 12:12:29 
2007 +0000
+++ b/tools/python/xen/xend/XendXSPolicyAdmin.py        Thu Dec 06 12:13:12 
2007 +0000
@@ -57,6 +57,12 @@ class XSPolicyAdmin:
         except Exception, e:
             log.error("Could not find XML representation of policy '%s': "
                       "%s" % (act_pol_name,e))
+            rc, errors, acmpol_def = ACMPolicy.force_default_policy()
+            if rc == xsconstants.XSERR_SUCCESS:
+                self.xsobjs[ref] = acmpol_def
+                self.policies[ref] = (acmpol_def.get_name(),
+                                      xsconstants.ACM_POLICY_ID)
+                log.info("Switched to DEFAULT policy.")
 
         log.debug("XSPolicyAdmin: Known policies: %s" % self.policies)
 

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog