WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [Xend/ACM] Automatic loading of policy af

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [Xend/ACM] Automatic loading of policy after xend has started.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Sep 2007 03:41:32 -0700
Delivery-date: Wed, 26 Sep 2007 04:29:34 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1190667130 -3600
# Node ID ad339d88639d56f08546ba0dab55b2c717b4d60b
# Parent  66fa2bc70e2a7e7dfd27ea490e85ac9cf5dc40f7
[Xend/ACM] Automatic loading of policy after xend has started.

On systems where the grub bootloader is not available or active the
to-be-activated policy is written a simple textfile. Once xend has
started the contents can be read. Using 'xm setpolicy' the policy can
be activated and the Domain-0 label set (using 'xm addlabel').
I fixed some bugs in the grub bootloader handler on the way and
removed some dead functions.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/python/xen/util/bootloader.py  |  155 ++++++++++++++++++++++++++++-------
 tools/python/xen/util/xsm/acm/acm.py |    3 
 2 files changed, 128 insertions(+), 30 deletions(-)

diff -r 66fa2bc70e2a -r ad339d88639d tools/python/xen/util/bootloader.py
--- a/tools/python/xen/util/bootloader.py       Mon Sep 24 21:41:46 2007 +0100
+++ b/tools/python/xen/util/bootloader.py       Mon Sep 24 21:52:10 2007 +0100
@@ -21,7 +21,9 @@ import tempfile
 import tempfile
 import shutil
 import threading
+
 from xen.xend.XendLogging import log
+from xen.util import mkdir, security
 
 __bootloader = None
 
@@ -70,8 +72,9 @@ def set_boot_policy(title_idx, filename)
 
 def loads_default_policy(filename):
     """ Determine whether the given policy is loaded by the default boot title 
"""
-    polfile = get_default_policy()
-    if polfile != None:
+    policy = get_default_policy()
+    if policy:
+        polfile = policy + ".bin"
         if     polfile == filename or \
            "/"+polfile == filename:
             return True
@@ -220,28 +223,6 @@ class Grub(Bootloader):
         return boot_file
 
 
-    def __get_titles(self):
-        """ Get the names of all boot titles in the grub config file
-          @rtype: list
-          @return: list of names of available boot titles
-        """
-        titles = []
-        try:
-            boot_file = self.__get_bootfile()
-        except:
-            return []
-        try:
-            self.__bootfile_lock.acquire()
-            grub_fd = open(boot_file)
-            for line in grub_fd:
-                if self.title_re.match(line):
-                    line = line.rstrip().lstrip()
-                    titles.append(line.lstrip('title').lstrip())
-        finally:
-            self.__bootfile_lock.release()
-        return titles
-
-
     def get_default_title(self):
         """ Get the index (starting with 0) of the default boot title
             This number is read from the grub configuration file.
@@ -261,8 +242,8 @@ class Grub(Bootloader):
             for line in grub_fd:
                 line = line.rstrip()
                 if def_re.match(line):
-                    line = line.rstrip()
-                    line = line.lstrip("default=")
+                    #remove 'default='
+                    line = line.lstrip()[8:]
                     default = int(line)
                     break
         finally:
@@ -295,11 +276,13 @@ class Grub(Bootloader):
                     if self.policy_re.match(line):
                         start = line.find("module")
                         pol = line[start+6:]
-                        pol = pol.lstrip().rstrip()
+                        pol = pol.strip()
                         if pol[0] == '/':
                             pol = pol[1:]
                         if pol[0:5] == "boot/":
                             pol = pol[5:]
+                        if pol.endswith(".bin"):
+                            pol = pol[:-4]
                         policies[idx] = pol
         finally:
             self.__bootfile_lock.release()
@@ -399,7 +382,7 @@ class Grub(Bootloader):
                     if self.policy_re.match(line):
                         start = line.find("module")
                         pol = line[start+6:len(line)]
-                        pol = pol.lstrip().rstrip()
+                        pol = pol.strip()
                         if pol in namelist:
                             omit_line = True
                             found = True
@@ -499,7 +482,7 @@ class Grub(Bootloader):
                         within_title = 0
                     ctr = ctr + 1
                 if within_title and self.kernel_re.match(line):
-                    line = line.rstrip().lstrip()
+                    line = line.strip()
                     items = line.split(" ")
                     i = 0
                     while i < len(items):
@@ -513,9 +496,123 @@ class Grub(Bootloader):
             self.__bootfile_lock.release()
         return None # Not found
 
+class LatePolicyLoader(Bootloader):
+    """ A fake bootloader file that holds the policy to load automatically
+        once xend has started up and the Domain-0 label to set. """
+    def __init__(self):
+        self.__bootfile_lock = threading.RLock()
+        self.PATH = security.security_dir_prefix
+        self.FILENAME = self.PATH + "/xen_boot_policy"
+        self.DEFAULT_TITLE = "ANY"
+        self.POLICY_ATTR = "POLICY"
+        Bootloader.__init__(self)
+
+    def probe(self):
+        _dir=os.path.dirname(self.FILENAME)
+        mkdir.parents(_dir, stat.S_IRWXU)
+        return True
+
+    def get_default_title(self):
+        return self.DEFAULT_TITLE
+
+    def get_boot_policies(self):
+        policies = {}
+        try:
+            self.__bootfile_lock.acquire()
+
+            res = self.__loadcontent()
+
+            pol = res.get( self.POLICY_ATTR )
+            if pol:
+                policies.update({ self.DEFAULT_TITLE : pol })
+
+        finally:
+            self.__bootfile_lock.release()
+
+        return policies
+
+    def add_boot_policy(self, index, binpolname):
+        try:
+            self.__bootfile_lock.acquire()
+
+            res = self.__loadcontent()
+            if binpolname.endswith(".bin"):
+                binpolname = binpolname[0:-4]
+            res[ self.POLICY_ATTR ] = binpolname
+            self.__writecontent(res)
+        finally:
+            self.__bootfile_lock.release()
+
+        return True
+
+    def rm_policy_from_boottitle(self, index, unamelist):
+        try:
+            self.__bootfile_lock.acquire()
+
+            res = self.__loadcontent()
+            if self.POLICY_ATTR in res:
+                del(res[self.POLICY_ATTR])
+            self.__writecontent(res)
+        finally:
+            self.__bootfile_lock.release()
+
+        return True
+
+    def set_kernel_attval(self, index, att, val):
+        try:
+            self.__bootfile_lock.acquire()
+
+            res = self.__loadcontent()
+            res[att] = val
+            self.__writecontent(res)
+        finally:
+            self.__bootfile_lock.release()
+
+        return True
+
+    def get_kernel_val(self, index, att):
+        try:
+            self.__bootfile_lock.acquire()
+
+            res = self.__loadcontent()
+            return res.get(att)
+        finally:
+            self.__bootfile_lock.release()
+
+    def __loadcontent(self):
+        res={}
+        try:
+            file = open(self.FILENAME)
+            for line in file:
+                tmp = line.split("=",1)
+                if len(tmp) == 2:
+                   res[tmp[0]] = tmp[1].strip()
+            file.close()
+        except:
+            pass
+
+        return res
+
+    def __writecontent(self, items):
+        rc = True
+        try:
+            file = open(self.FILENAME,"w")
+            if file:
+                for key, value in items.items():
+                    file.write("%s=%s\n" % (str(key),str(value)))
+                file.close()
+        except:
+            rc = False
+
+        return rc
+
 
 __bootloader = Bootloader()
 
 grub = Grub()
 if grub.probe() == True:
     __bootloader = grub
+else:
+    late = LatePolicyLoader()
+    if late.probe() == True:
+        __bootloader = late
diff -r 66fa2bc70e2a -r ad339d88639d tools/python/xen/util/xsm/acm/acm.py
--- a/tools/python/xen/util/xsm/acm/acm.py      Mon Sep 24 21:41:46 2007 +0100
+++ b/tools/python/xen/util/xsm/acm/acm.py      Mon Sep 24 21:52:10 2007 +0100
@@ -33,7 +33,8 @@ from xen.xend.XendConstants import *
 from xen.xend.XendConstants import *
 
 #global directories and tools for security management
-policy_dir_prefix = "/etc/xen/acm-security/policies"
+security_dir_prefix = "/etc/xen/acm-security"
+policy_dir_prefix = security_dir_prefix + "/policies"
 res_label_filename = policy_dir_prefix + "/resource_labels"
 boot_filename = "/boot/grub/menu.lst"
 altboot_filename = "/boot/grub/grub.conf"

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [Xend/ACM] Automatic loading of policy after xend has started., Xen patchbot-unstable <=