 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-unstable] Don't canonicalise the resource inside re
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] Don't canonicalise the resource inside res_security_check if security is off. |
| From: | Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx> |
| Date: | Tue, 02 Jan 2007 08:10:07 -0800 |
| Delivery-date: | Tue, 02 Jan 2007 08:10:11 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Date 1167744925 0
# Node ID 71eadf04a1f90eb544e83a8ee65b79caa41e0853
# Parent abcd545e7f4c0097c91f3b8f6fd046df6680bb93
Don't canonicalise the resource inside res_security_check if security is off.
This had broken use of relative paths to refer to ISOs etc.
Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx>
---
tools/python/xen/util/security.py | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff -r abcd545e7f4c -r 71eadf04a1f9 tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Tue Jan 02 13:32:35 2007 +0000
+++ b/tools/python/xen/util/security.py Tue Jan 02 13:35:25 2007 +0000
@@ -637,11 +637,11 @@ def res_security_check(resource, domain_
"""
rtnval = 1
- #build canonical resource name
- resource = unify_resname(resource)
-
# if security is on, ask the hypervisor for a decision
if on():
+ #build canonical resource name
+ resource = unify_resname(resource)
+
(label, ssidref, policy) = get_res_security_details(resource)
domac = ['access_control']
domac.append(['policy', active_policy])
@@ -660,6 +660,8 @@ def res_security_check(resource, domain_
# security is off, make sure resource isn't labeled
else:
+ # Note, we can't canonicalise the resource here, because people using
+ # xm without ACM are free to use relative paths.
(label, policy) = get_res_label(resource)
if policy != 'NULL':
raise ACMError("Security is off, but '"+resource+"' is labeled")
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] Install hvm and arch-x86 subdirectories of xen/include/public, Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] [PV-on-HVM] blkfront: use %Lu instead of %llu to xenbus_gather., Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] Install hvm and arch-x86 subdirectories of xen/include/public, Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] [PV-on-HVM] blkfront: use %Lu instead of %llu to xenbus_gather., Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
