WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] xend: Flask MLS security label handling

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] xend: Flask MLS security label handling
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Aug 2009 07:50:29 -0700
Delivery-date: Wed, 26 Aug 2009 07:50:38 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1251297314 -3600
# Node ID 71389988f5d4e6417f7da1d86da984acd5118efc
# Parent  49bfec374bafbbb09c8e7dad6d96474eb6f6c6a4
xend: Flask MLS security label handling

Changed the way security labels are handled to allow domains to be
labeled with Flask MLS security labels.  Changed the error message
generated when an invalid context is submitted to be more useful.

Signed-off-by: Machon B. Gregory <mbgrego@xxxxxxxxxxxxxx>
Signed-off-by: George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
---
 tools/python/xen/util/xsm/flask/flask.py |    2 +-
 tools/python/xen/xend/XendConfig.py      |    5 -----
 tools/python/xen/xm/create.py            |   16 +++++-----------
 3 files changed, 6 insertions(+), 17 deletions(-)

diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py  Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/util/xsm/flask/flask.py  Wed Aug 26 15:35:14 2009 +0100
@@ -25,7 +25,7 @@ def label2ssidref(label, policy, type):
     try:
         return flask.flask_context_to_sid(label)
     except:
-        return ""
+       raise XSMError('Invalid context %s' % label)
 
 def parse_security_label(security_label):
     return security_label
diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py       Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/xend/XendConfig.py       Wed Aug 26 15:35:14 2009 +0100
@@ -802,11 +802,6 @@ class XendConfig(dict):
                 if not sxp.child_value(sxp_cfg, 'security_label'):
                     del cfg['security']
 
-            sec_lab = cfg['security_label'].split(":")
-            if len(sec_lab) != 3:
-                raise XendConfigError("Badly formatted security label: %s"
-                                      % cfg['security_label'])
-
         old_state = sxp.child_value(sxp_cfg, 'state')
         if old_state:
             for i in range(len(CONFIG_OLD_DOM_STATES)):
diff -r 49bfec374baf -r 71389988f5d4 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py     Tue Aug 25 16:26:02 2009 +0100
+++ b/tools/python/xen/xm/create.py     Wed Aug 26 15:35:14 2009 +0100
@@ -1163,17 +1163,11 @@ def preprocess_access_control(vals):
     num = len(vals.access_control)
     if num == 1:
         access_control = (vals.access_control)[0]
-        d = {}
-        a = access_control.split(',')
-        if len(a) > 2:
-            err('Too many elements in access_control specifier: ' + 
access_control)
-        for b in a:
-            (k, v) = b.strip().split('=', 1)
-            k = k.strip()
-            v = v.strip()
-            if k not in ['policy','label']:
-                err('Invalid access_control specifier: ' + access_control)
-            d[k] = v
+        acc_re = 'policy=(?P<policy>.*),label=(?P<label>.*)'
+        acc_match = re.match(acc_re,access_control)
+        if acc_match == None:
+            err('Invalid access_control specifier: ' + access_control)
+        d = acc_match.groupdict();
         access_controls.append(d)
         vals.access_control = access_controls
     elif num > 1:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] xend: Flask MLS security label handling, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] stubdom: Backport fix for SIZE_MAX from newlib 1.17.0, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] xend: Do not pass pointer to a 16-bit domid_t to PyArg_ParseTuple(), Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] stubdom: Backport fix for SIZE_MAX from newlib 1.17.0, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] xend: Do not pass pointer to a 16-bit domid_t to PyArg_ParseTuple(), Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy