[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH][ACM] python tools and support for resource labeling

On Wed, Jun 28, 2006 at 04:05:59PM +0100, Ewan Mellor wrote:

> On Mon, Jun 26, 2006 at 06:14:15PM -0400, Bryan D. Payne wrote:
> > This patch adds new xm subcommands to support working with resource 
> > labels.  The new subcommands are 'xm resources', 'xm rmlabel', 'xm 
> > getlabel' and 'xm dry-run'.  In addition, the 'xm addlabel' subcommand 
> > now uses an updated syntax to support labeling both domains and 
> > resources.  See the xm man page for details on each subcommand.
> > 
> > Beyond the new subcommands, this patch allows users to immediately see 
> > when security checks will fail by pushing some basic security checking 
> > into the beginning of 'xm create' and 'xm block-attach'.  ACM security 
> > attributes for block devices are added to XenStore in order to support 
> > the final security enforcement, which will be performed in the kernel 
> > and included in a separate patch.
> > 
> > Signed-off-by: Bryan D. Payne <bdpayne@xxxxxxxxxx>
> > Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>
> Looks good!  I've applied that, thanks.

It seems I spoke too soon!  The code uses xml.marshal.generic to parse the
resource label file, but that module isn't in the base Python distribution --
it's a separate library.

Could you come up with an alternative scheme here?  I'd _really_ like to avoid
introducing a new dependency.  I've commented that code out for now.



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.