--- xen-unstable.hg/tools/python/xen/xm/addlabel.py | 15 ++++++++------ xen-unstable.hg/tools/python/xen/xm/rmlabel.py | 24 ++++++++++++++--------- xen-unstable.hg/tools/python/xen/xm/setpolicy.py | 12 ++++++----- 3 files changed, 31 insertions(+), 20 deletions(-) Index: root/xen-unstable.hg/tools/python/xen/xm/addlabel.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/xm/addlabel.py +++ root/xen-unstable.hg/tools/python/xen/xm/addlabel.py @@ -117,15 +117,18 @@ def add_resource_label(label, resource, res_xapi, "") except Exception, e: - security.err("Could not label this resource: %s" % e) + raise security.XSMError("Could not label this resource: %s" % + str(e)) else: - security.err("'%s' is already labeled with '%s'" % (resource,old)) + raise security.XSMError("'%s' is already labeled with '%s'" % + (resource,old)) def add_domain_label(label, configfile, policyref): # sanity checks: make sure this label can be instantiated later on ssidref = security.label2ssidref(label, policyref, 'dom') - new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label) + new_label = "access_control = ['policy=%s,label=%s']\n" % \ + (policyref, label) if not os.path.isfile(configfile): security.err("Configuration file \'" + configfile + "\' not found.") config_fd = open(configfile, "ra+") @@ -150,14 +153,14 @@ def add_domain_label_xapi(label, domainn try: old_lab = server.xenapi.VM.get_security_label(uuid) rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab) - except: - rc = -1 + except Exception, e: + raise security.XSMError("Could not label the domain: %s" % e) if int(rc) < 0: raise OptionError('Could not label domain.') else: ssidref = int(rc) if ssidref != 0: - print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % \ + print "Set the label of domain '%s' to '%s'. New ssidref = %08x" %\ (domainname,label,ssidref) else: print "Set the label of dormant domain '%s' to '%s'." % \ Index: root/xen-unstable.hg/tools/python/xen/xm/rmlabel.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/xm/rmlabel.py +++ root/xen-unstable.hg/tools/python/xen/xm/rmlabel.py @@ -50,9 +50,10 @@ def rm_resource_label(resource): server.xenapi.XSPolicy.set_resource_label(resource,"", oldlabel) else: - raise security.ACMError("Resource not labeled") + raise security.XSMError("Resource not labeled") except Exception, e: - print "Could not remove label from resource: %s" % e + raise security.XSMError("Could not remove label " + "from resource: %s" % e) return #build canonical resource name @@ -128,7 +129,7 @@ def rm_domain_label_xapi(domainname): old_lab = server.xenapi.VM.get_security_label(uuid) server.xenapi.VM.set_security_label(uuid, "", old_lab) except Exception, e: - print('Could not remove label from domain: %s' % e) + raise security.XSMError('Could not remove label from domain: %s' % e) def rm_vif_label(vmname, idx): if xm_main.serverType != xm_main.SERVER_XEN_API: @@ -142,16 +143,21 @@ def rm_vif_label(vmname, idx): raise OptionError("Bad VIF index.") vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx]) if not vif_ref: - print "A VIF with this UUID does not exist." + raise security.XSMError("A VIF with this UUID does not exist.") try: old_lab = server.xenapi.VIF.get_security_label(vif_ref) - rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab) - if int(rc) != 0: - print "Could not remove the label from the VIF." + if old_lab != "": + rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab) + if int(rc) != 0: + raise security.XSMError("Could not remove the label from" + " the VIF.") + else: + print "Successfully removed the label from the VIF." else: - print "Successfully removed the label from the VIF." + raise security.XSMError("VIF is not labeled.") except Exception, e: - print "Could not remove the label the VIF: %s" % str(e) + raise security.XSMError("Could not remove the label from the VIF: %s" % + str(e)) def main (argv): Index: root/xen-unstable.hg/tools/python/xen/xm/setpolicy.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/xm/setpolicy.py +++ root/xen-unstable.hg/tools/python/xen/xm/setpolicy.py @@ -23,6 +23,7 @@ import base64 import struct import sys import string +import xen.util.xsm.xsm as security from xen.util import xsconstants from xen.util.acmpolicy import ACMPolicy from xen.xm.opts import OptionError @@ -100,21 +101,22 @@ def setpolicy(policytype, policy_name, f flags, overwrite) except Exception, e: - print "An error occurred setting the policy: %s" % str(e) - return + raise security.XSMError("An error occurred setting the " + "policy: %s" % str(e)) xserr = int(policystate['xserr']) if xserr != 0: - print "An error occurred trying to set the policy: %s" % \ + txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(xserr)) errors = policystate['errors'] if len(errors) > 0: - print "Hypervisor reported errors:" + txt += "Hypervisor reported errors:" err = base64.b64decode(errors) i = 0 while i + 7 < len(err): code, data = struct.unpack("!ii", errors[i:i+8]) - print "(0x%08x, 0x%08x)" % (code, data) + txt += "(0x%08x, 0x%08x)" % (code, data) i += 8 + raise security.XSMError(txt) else: print "Successfully set the new policy."