--- xen-unstable.hg/tools/python/xen/util/acmpolicy.py | 3 ++- xen-unstable.hg/tools/python/xen/util/xsm/acm/acm.py | 10 +++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) Index: root/xen-unstable.hg/tools/python/xen/util/xsm/acm/acm.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/util/xsm/acm/acm.py +++ root/xen-unstable.hg/tools/python/xen/util/xsm/acm/acm.py @@ -1342,7 +1342,8 @@ def relabel_domains(relabel_list): def change_acm_policy(bin_pol, del_array, chg_array, - vmlabel_map, reslabel_map, cur_acmpol, new_acmpol): + vmlabel_map, reslabel_map, cur_acmpol, new_acmpol, + is_reset): """ Change the ACM policy of the system by relabeling domains and resources first and doing some access checks. @@ -1451,8 +1452,11 @@ def change_acm_policy(bin_pol, del_array continue new_vmlabel = vmlabel - if vmlabel_map.has_key(vmlabel): - # renaming of the label + if vmlabel_map.has_key(vmlabel) and \ + (not is_reset or name == "Domain-0") : + # renaming of the label; this is only allowed if it's + # not a reset of the policy or if it is a reset, then + # only for Domain-0 new_vmlabel = vmlabel_map[vmlabel] polname = new_policyname elif new_vmlabel not in polnew_vmlabels and \ Index: root/xen-unstable.hg/tools/python/xen/util/acmpolicy.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/util/acmpolicy.py +++ root/xen-unstable.hg/tools/python/xen/util/acmpolicy.py @@ -337,7 +337,8 @@ class ACMPolicy(XSPolicy): rc, errors = security.change_acm_policy(bin_pol, del_array, chg_array, vmlabel_map, reslabel_map, - self, acmpol_new) + self, acmpol_new, + acmpol_new.is_default_policy()) if rc == 0: # Replace the old DOM with the new one and save it