[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] xsm, python tools: remove autogenerated xsm.py



# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1220523788 -3600
# Node ID 5b133625223ad0d95b80467535ff1384d6317f16
# Parent  bed1b98b63cc98364b2b5ad04bffc00d588c5ef4
xsm, python tools: remove autogenerated xsm.py

- The patch does away with the autogenerated xsm.py file and
introduces a config parameter in xend-config.sxp to determine the
security module. The parameter is (xsm_module_name {acm, dummy,
flask}).  The default setting/option is dummy.  .hgignore is also
updated to stop ignoring xsm.py on commits.

- The patch has created an xsconstant for XS_POLICY_FLASK and updated
  the toolchain to check the instance of XS_POLICY_USE.  XS_POLICY_USE
  evalauates to XS_POLICY_FLASK or XS_POLICY_ACM or XS_POLICY_DUMMY
  depending on configuration.

- Flask relies on the current value of ssidref returned by dominfo to
  ensure that the label to sid mapping is consistent.  ssidref had
  been pop'ed from the dominfo object.  The patch addresses this
  issue.

- Flask python module style cleanups.

Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
---
 .hgignore                                |    1 -
 tools/examples/xend-config.sxp           |    4 ++++
 tools/python/Makefile                    |   26 +++-----------------------
 tools/python/xen/util/xsconstants.py     |    4 +++-
 tools/python/xen/util/xsm/dummy/dummy.py |    2 +-
 tools/python/xen/util/xsm/flask/flask.py |    8 +++++---
 tools/python/xen/util/xsm/xsm.py         |   19 +++++++++++++++++++
 tools/python/xen/xend/XendConfig.py      |    2 +-
 tools/python/xen/xend/XendDomainInfo.py  |    6 +-----
 tools/python/xen/xend/XendOptions.py     |    8 ++++++++
 tools/python/xen/xend/server/blkif.py    |    2 +-
 tools/python/xen/xend/server/netif.py    |    2 +-
 12 files changed, 47 insertions(+), 37 deletions(-)

diff -r bed1b98b63cc -r 5b133625223a .hgignore
--- a/.hgignore Thu Sep 04 11:19:17 2008 +0100
+++ b/.hgignore Thu Sep 04 11:23:08 2008 +0100
@@ -185,7 +185,6 @@
 ^tools/misc/xenperf$
 ^tools/pygrub/build/.*$
 ^tools/python/build/.*$
-^tools/python/xen/util/xsm/xsm\.py$
 ^tools/security/secpol_tool$
 ^tools/security/xen/.*$
 ^tools/security/xensec_tool$
diff -r bed1b98b63cc -r 5b133625223a tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp    Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/examples/xend-config.sxp    Thu Sep 04 11:23:08 2008 +0100
@@ -14,6 +14,10 @@
 #(logfile /var/log/xen/xend.log)
 #(loglevel DEBUG)
 
+# Uncomment the line below.  Set the value to flask, acm, or dummy to 
+# select a security module.
+
+#(xsm_module_name dummy)
 
 # The Xen-API server configuration.
 #
diff -r bed1b98b63cc -r 5b133625223a tools/python/Makefile
--- a/tools/python/Makefile     Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/Makefile     Thu Sep 04 11:23:08 2008 +0100
@@ -1,13 +1,5 @@ XEN_ROOT = ../..
 XEN_ROOT = ../..
 include $(XEN_ROOT)/tools/Rules.mk
-
-XEN_SECURITY_MODULE = dummy
-ifeq ($(FLASK_ENABLE),y)
-XEN_SECURITY_MODULE = flask
-endif
-ifeq ($(ACM_SECURITY),y)
-XEN_SECURITY_MODULE = acm
-endif
 
 .PHONY: all
 all: build
@@ -23,8 +15,8 @@ NLSDIR = /usr/share/locale
 NLSDIR = /usr/share/locale
 
 .PHONY: build buildpy
-buildpy: xsm.py
-       CC="$(CC)" CFLAGS="$(CFLAGS)" 
XEN_SECURITY_MODULE="$(XEN_SECURITY_MODULE)" python setup.py build
+buildpy: 
+       CC="$(CC)" CFLAGS="$(CFLAGS)" python setup.py build
 
 build: buildpy refresh-pot refresh-po $(CATALOGS)
 
@@ -61,18 +53,6 @@ refresh-po: $(POTFILE)
 %.mo: %.po
        $(MSGFMT) -c -o $@ $<
 
-xsm.py:
-       @(set -e; \
-         echo "XEN_SECURITY_MODULE = \""$(XEN_SECURITY_MODULE)"\""; \
-         echo "from xsm_core import *"; \
-         echo ""; \
-         echo "import 
xen.util.xsm."$(XEN_SECURITY_MODULE)"."$(XEN_SECURITY_MODULE)" as xsm_module"; \
-         echo ""; \
-         echo "xsm_init(xsm_module)"; \
-         echo "from 
xen.util.xsm."$(XEN_SECURITY_MODULE)"."$(XEN_SECURITY_MODULE)" import *"; \
-         echo "del xsm_module"; \
-         echo "") >xen/util/xsm/$@
-
 .PHONY: install
 ifndef XEN_PYTHON_NATIVE_INSTALL
 install: LIBPATH=$(shell PYTHONPATH=xen/util python -c "import auxbin; print 
auxbin.libpath()")
@@ -104,4 +84,4 @@ test:
 
 .PHONY: clean
 clean:
-       rm -rf build *.pyc *.pyo *.o *.a *~ $(CATALOGS) xen/util/xsm/xsm.py 
xen/util/auxbin.pyc
+       rm -rf build *.pyc *.pyo *.o *.a *~ $(CATALOGS) xen/util/auxbin.pyc
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/util/xsconstants.py
--- a/tools/python/xen/util/xsconstants.py      Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/util/xsconstants.py      Thu Sep 04 11:23:08 2008 +0100
@@ -20,8 +20,10 @@ XS_INST_BOOT = (1 << 0)
 XS_INST_BOOT = (1 << 0)
 XS_INST_LOAD = (1 << 1)
 
-XS_POLICY_NONE  = 0
+XS_POLICY_DUMMY  = 0
 XS_POLICY_ACM = (1 << 0)
+XS_POLICY_FLASK = (1 << 1)
+XS_POLICY_USE = 0
 
 # Some internal variables used by the Xen-API
 ACM_LABEL_VM  = (1 << 0)
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/util/xsm/dummy/dummy.py
--- a/tools/python/xen/util/xsm/dummy/dummy.py  Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/util/xsm/dummy/dummy.py  Thu Sep 04 11:23:08 2008 +0100
@@ -36,7 +36,7 @@ def err(msg):
     raise XSMError(msg)
 
 def on():
-    return 0
+    return xsconstants.XS_POLICY_DUMMY
 
 def ssidref2label(ssidref):
     return 0
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py  Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/util/xsm/flask/flask.py  Thu Sep 04 11:23:08 2008 +0100
@@ -1,5 +1,6 @@ import sys
 import sys
 from xen.lowlevel import flask
+from xen.util import xsconstants
 from xen.xend import sxp
 
 #Functions exported through XML-RPC
@@ -12,7 +13,7 @@ def err(msg):
     raise XSMError(msg)
 
 def on():
-    return 0 #xsconstants.XS_POLICY_FLASK
+    return xsconstants.XS_POLICY_FLASK
 
 def ssidref2label(ssidref):
     try:
@@ -37,8 +38,9 @@ def set_security_label(policy, label):
     return label
 
 def ssidref2security_label(ssidref):
-    return ssidref2label(ssidref)
+    label = ssidref2label(ssidref)
+    return label
 
 def get_security_label(self, xspol=None):
-    label = self.info.get('security_label', '')
+    label = self.info['security_label']
     return label
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/util/xsm/xsm.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/util/xsm/xsm.py  Thu Sep 04 11:23:08 2008 +0100
@@ -0,0 +1,19 @@
+import sys
+import string
+from xen.xend import XendOptions
+from xen.util import xsconstants
+from xsm_core import xsm_init
+
+xoptions = XendOptions.instance()
+xsm_module_name = xoptions.get_xsm_module_name()
+
+xsconstants.XS_POLICY_USE = 
eval("xsconstants.XS_POLICY_"+string.upper(xsm_module_name))
+
+xsm_module_path = "xen.util.xsm." + xsm_module_name + "." + xsm_module_name
+xsm_module = __import__(xsm_module_path, globals(), locals(), ['*'], -1)
+
+xsm_init(xsm_module)
+
+for op in dir(xsm_module):
+    if not hasattr(sys.modules[__name__], op):
+        setattr(sys.modules[__name__], op, getattr(xsm_module, op, None))
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py       Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/xend/XendConfig.py       Thu Sep 04 11:23:08 2008 +0100
@@ -729,7 +729,7 @@ class XendConfig(dict):
             self.parse_cpuid(cfg, 'cpuid_check')
 
         import xen.util.xsm.xsm as security
-        if security.on() == xsconstants.XS_POLICY_ACM:
+        if security.on() == xsconstants.XS_POLICY_USE:
             from xen.util.acmpolicy import ACM_LABEL_UNLABELED
             if not 'security' in cfg and sxp.child_value(sxp_cfg, 'security'):
                 cfg['security'] = sxp.child_value(sxp_cfg, 'security')
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/xend/XendDomainInfo.py   Thu Sep 04 11:23:08 2008 +0100
@@ -2069,7 +2069,7 @@ class XendDomainInfo:
         balloon.free(2*1024) # 2MB should be plenty
 
         ssidref = 0
-        if security.on() == xsconstants.XS_POLICY_ACM:
+        if security.on() == xsconstants.XS_POLICY_USE:
             ssidref = security.calc_dom_ssidref_from_info(self.info)
             if security.has_authorization(ssidref) == False:
                 raise VmError("VM is not authorized to run.")
@@ -2855,10 +2855,6 @@ class XendDomainInfo:
             info["maxmem_kb"] = XendNode.instance() \
                                 .physinfo_dict()['total_memory'] * 1024
 
-        #ssidref field not used any longer
-        if 'ssidref' in info:
-            info.pop('ssidref')
-
         # make sure state is reset for info
         # TODO: we should eventually get rid of old_dom_states
 
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/xend/XendOptions.py
--- a/tools/python/xen/xend/XendOptions.py      Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/xend/XendOptions.py      Thu Sep 04 11:23:08 2008 +0100
@@ -131,6 +131,9 @@ class XendOptions:
 
     """Default script to configure a backend network interface"""
     vif_script = osdep.vif_script
+
+    """Default Xen Security Module"""
+    xsm_module_default = 'dummy'
 
     """Default rotation count of qemu-dm log file."""
     qemu_dm_logrotate_count = 10
@@ -427,6 +430,11 @@ class XendOptionsFile(XendOptions):
         return self.get_config_value('xen-api-server',
                                      self.xen_api_server_default)
 
+    def get_xsm_module_name(self):
+        """Get the Xen Security Module name.
+        """
+        return self.get_config_string('xsm_module_name', 
self.xsm_module_default)
+
 if os.uname()[0] == 'SunOS':
     class XendOptionsSMF(XendOptions):
 
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/xend/server/blkif.py
--- a/tools/python/xen/xend/server/blkif.py     Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/xend/server/blkif.py     Thu Sep 04 11:23:08 2008 +0100
@@ -78,7 +78,7 @@ class BlkifController(DevController):
         if uuid:
             back['uuid'] = uuid
 
-        if security.on() == xsconstants.XS_POLICY_ACM:
+        if security.on() == xsconstants.XS_POLICY_USE:
             self.do_access_control(config, uname)
 
         (device_path, devid) = blkif.blkdev_name_to_number(dev)
diff -r bed1b98b63cc -r 5b133625223a tools/python/xen/xend/server/netif.py
--- a/tools/python/xen/xend/server/netif.py     Thu Sep 04 11:19:17 2008 +0100
+++ b/tools/python/xen/xend/server/netif.py     Thu Sep 04 11:23:08 2008 +0100
@@ -156,7 +156,7 @@ class NetifController(DevController):
             front = { 'handle' : "%i" % devid,
                       'mac'    : mac }
 
-        if security.on() == xsconstants.XS_POLICY_ACM:
+        if security.on() == xsconstants.XS_POLICY_USE:
             self.do_access_control(config)
 
         return (devid, back, front)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.