# HG changeset patch
# User Steven Hand <steven@xxxxxxxxxxxxx>
# Node ID 956e9aaf88c9e7928b315b3e4b2f7a62c80dfe76
# Parent bfd00b317815f2d1c8989b55a4cfd174da043e43
This patch fixes return codes for the acm-related Xen management scripts
(error conditions) and addresses minor issues that 'pycheck' complains
about. It is tested with xm-test and by manually running the xm
commands. It also handles the return case (reported by Masaki Kanno)
that was missed in the originally patch.
Signed-off by: Reiner Sailer <sailer@xxxxxxxxxx>
---
tools/python/xen/xm/addlabel.py | 6 +----
tools/python/xen/xm/cfgbootpolicy.py | 6 ++---
tools/python/xen/xm/create.py | 4 +--
tools/python/xen/xm/dry-run.py | 13 +++++++----
tools/python/xen/xm/dumppolicy.py | 8 +++----
tools/python/xen/xm/getlabel.py | 38 ++++++++++++++++-------------------
tools/python/xen/xm/labels.py | 4 ++-
tools/python/xen/xm/loadpolicy.py | 5 ++--
tools/python/xen/xm/makepolicy.py | 3 +-
tools/python/xen/xm/resources.py | 21 +++++++++++--------
tools/python/xen/xm/rmlabel.py | 10 +++------
11 files changed, 62 insertions(+), 56 deletions(-)
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/addlabel.py
--- a/tools/python/xen/xm/addlabel.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/addlabel.py Tue Sep 12 11:09:22 2006 +0100
@@ -20,8 +20,6 @@
"""Labeling a domain configuration file or a resoruce.
"""
import sys, os
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -33,6 +31,7 @@ def usage():
print " resource. It derives the policy from the running hypervisor"
print " if it is not given (optional parameter). If a label already"
print " exists for the given domain or resource, then addlabel fails.\n"
+ security.err("Usage")
def validate_config_file(configfile):
@@ -134,7 +133,6 @@ def main (argv):
for prefix in [".", "/etc/xen"]:
configfile = prefix + "/" + configfile
if os.path.isfile(configfile):
- fd = open(configfile, "rb")
break
if not validate_config_file(configfile):
usage()
@@ -147,7 +145,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/cfgbootpolicy.py
--- a/tools/python/xen/xm/cfgbootpolicy.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/cfgbootpolicy.py Tue Sep 12 11:09:22 2006 +0100
@@ -70,7 +70,7 @@ def determine_kernelversion(user_specifi
within_xen_title = 0
within_xen_entry = 0
if len(version_list) > 1:
- err("Cannot decide between entries for kernels: " + version_list)
+ err("Cannot decide between entries for kernels %s" % version_list)
elif len(version_list) == 0:
err("Cannot find a boot entry candidate (please create a Xen boot
entry first).")
else:
@@ -87,7 +87,6 @@ def insert_policy(boot_file, kernel_vers
within_xen_entry = 0
insert_at_end_of_entry = 0
path_prefix = ''
- done = False
(tmp_fd, tmp_grub) = tempfile.mkstemp()
#follow symlink since menue.lst might be linked to grub.conf
if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
@@ -175,9 +174,10 @@ def main(argv):
print "Boot entry created and \'%s\' copied to /boot" % (policy +
".bin")
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/create.py Tue Sep 12 11:09:22 2006 +0100
@@ -1155,7 +1155,7 @@ def create_security_check(config):
else:
print "Checking resources: (skipped)"
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
return passed
@@ -1176,7 +1176,7 @@ def main(argv):
PrettyPrint.prettyprint(config)
else:
if not create_security_check(config):
- print "Security configuration prevents domain from starting"
+ err("Security configuration prevents domain from starting.")
else:
dom = make_domain(opts, config)
if opts.vals.console_autoconnect:
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/dry-run.py
--- a/tools/python/xen/xm/dry-run.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/dry-run.py Tue Sep 12 11:09:22 2006 +0100
@@ -18,6 +18,7 @@
"""Tests the security settings for a domain and its resources.
"""
+import sys
from xen.util import security
from xen.xm import create
from xen.xend import sxp
@@ -28,14 +29,14 @@ def usage():
print "to see if the domain created by the configfile can access"
print "the resources. The status of each resource is listed"
print "individually along with the final security decision.\n"
+ security.err("Usage")
def main (argv):
- if len(argv) != 2:
- usage()
- return
+ try:
+ if len(argv) != 2:
+ usage()
- try:
passed = 0
(opts, config) = create.parseCommandLine(argv)
if create.check_domain_label(config, verbose=1):
@@ -48,8 +49,10 @@ def main (argv):
print "Dry Run: PASSED"
else:
print "Dry Run: FAILED"
+ sys.exit(-1)
+
except security.ACMError:
- pass
+ sys.exit(-1)
if __name__ == '__main__':
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/dumppolicy.py
--- a/tools/python/xen/xm/dumppolicy.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/dumppolicy.py Tue Sep 12 11:09:22 2006 +0100
@@ -18,7 +18,6 @@
"""Display currently enforced policy (low-level hypervisor representation).
"""
import sys
-import traceback
from xen.util.security import ACMError, err, dump_policy
@@ -31,12 +30,13 @@ def usage():
def main(argv):
try:
+ if len(argv) != 1:
+ usage()
+
dump_policy()
except ACMError:
- pass
- except:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/getlabel.py
--- a/tools/python/xen/xm/getlabel.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/getlabel.py Tue Sep 12 11:09:22 2006 +0100
@@ -19,8 +19,6 @@
"""Show the label for a domain or resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -28,6 +26,7 @@ def usage():
print "\nUsage: xm getlabel dom <configfile>"
print " xm getlabel res <resource>\n"
print " This program shows the label for a domain or resource.\n"
+ security.err("Usage")
def get_resource_label(resource):
@@ -38,8 +37,7 @@ def get_resource_label(resource):
try:
access_control = dictio.dict_read("resources", file)
except:
- print "Resource label file not found"
- return
+ security.err("Resource label file not found")
# get the entry and print label
if access_control.has_key(resource):
@@ -47,7 +45,7 @@ def get_resource_label(resource):
label = access_control[resource][1]
print "policy="+policy+",label="+label
else:
- print "Resource not labeled"
+ security.err("Resource not labeled")
def get_domain_label(configfile):
@@ -63,8 +61,7 @@ def get_domain_label(configfile):
fd = open(file, "rb")
break
if not fd:
- print "Configuration file '"+configfile+"' not found."
- return
+ security.err("Configuration file '"+configfile+"' not found.")
# read in the domain config file, finding the label line
ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
@@ -82,8 +79,7 @@ def get_domain_label(configfile):
# send error message if we didn't find anything
if acline == "":
- print "Label does not exist in domain configuration file."
- return
+ security.err("Domain not labeled")
# print out the label
(title, data) = acline.split("=", 1)
@@ -94,19 +90,21 @@ def get_domain_label(configfile):
def main (argv):
- if len(argv) != 3:
- usage()
- return
+ try:
+ if len(argv) != 3:
+ usage()
- if argv[1].lower() == "dom":
- configfile = argv[2]
- get_domain_label(configfile)
- elif argv[1].lower() == "res":
- resource = argv[2]
- get_resource_label(resource)
- else:
- usage()
+ if argv[1].lower() == "dom":
+ configfile = argv[2]
+ get_domain_label(configfile)
+ elif argv[1].lower() == "res":
+ resource = argv[2]
+ get_resource_label(resource)
+ else:
+ usage()
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/labels.py
--- a/tools/python/xen/xm/labels.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/labels.py Tue Sep 12 11:09:22 2006 +0100
@@ -70,10 +70,12 @@ def main(argv):
labels.sort()
for label in labels:
print label
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/loadpolicy.py
--- a/tools/python/xen/xm/loadpolicy.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/loadpolicy.py Tue Sep 12 11:09:22 2006 +0100
@@ -34,11 +34,12 @@ def main(argv):
if len(argv) != 2:
usage()
load_policy(argv[1])
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
-
+ sys.exit(-1)
if __name__ == '__main__':
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/makepolicy.py
--- a/tools/python/xen/xm/makepolicy.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/makepolicy.py Tue Sep 12 11:09:22 2006 +0100
@@ -37,9 +37,10 @@ def main(argv):
make_policy(argv[1])
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/resources.py
--- a/tools/python/xen/xm/resources.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/resources.py Tue Sep 12 11:09:22 2006 +0100
@@ -18,8 +18,7 @@
"""List the resource label information from the global resource label file
"""
-import sys, os
-import string
+import sys
from xen.util import dictio
from xen.util import security
@@ -27,6 +26,7 @@ def usage():
print "\nUsage: xm resource\n"
print " This program lists information for each resource in the"
print " global resource label file\n"
+ security.err("Usage")
def print_resource_data(access_control):
@@ -41,14 +41,19 @@ def print_resource_data(access_control):
def main (argv):
try:
- file = security.res_label_filename
- access_control = dictio.dict_read("resources", file)
- except:
- print "Resource file not found."
- return
+ if len(argv) != 1:
+ usage()
- print_resource_data(access_control)
+ try:
+ file = security.res_label_filename
+ access_control = dictio.dict_read("resources", file)
+ except:
+ security.err("Error reading resource file.")
+ print_resource_data(access_control)
+
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
diff -r bfd00b317815 -r 956e9aaf88c9 tools/python/xen/xm/rmlabel.py
--- a/tools/python/xen/xm/rmlabel.py Mon Sep 11 01:55:03 2006 +0100
+++ b/tools/python/xen/xm/rmlabel.py Tue Sep 12 11:09:22 2006 +0100
@@ -19,8 +19,6 @@
"""Remove a label from a domain configuration file or a resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -31,6 +29,7 @@ def usage():
print " for a domain or from the global resource label file for a"
print " resource. If the label does not exist for the given domain or"
print " resource, then rmlabel fails.\n"
+ security.err("Usage")
def rm_resource_label(resource):
@@ -48,7 +47,7 @@ def rm_resource_label(resource):
del access_control[resource]
dictio.dict_write(access_control, "resources", file)
else:
- security.err("Label does not exist in resource label file.")
+ security.err("Resource not labeled.")
def rm_domain_label(configfile):
@@ -85,7 +84,7 @@ def rm_domain_label(configfile):
# send error message if we didn't find anything to remove
if not removed:
- security.err("Label does not exist in domain configuration file.")
+ security.err("Domain not labeled.")
# write the data back out to the file
fd = open(file, "wb")
@@ -97,7 +96,6 @@ def main (argv):
try:
if len(argv) != 3:
usage()
- return
if argv[1].lower() == "dom":
configfile = argv[2]
@@ -109,7 +107,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|