WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] [TPM] Allow all tests of the xm test suit

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [TPM] Allow all tests of the xm test suite to be run when ACM
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 18 Oct 2006 16:50:14 +0000
Delivery-date: Wed, 18 Oct 2006 09:51:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 05bf8693c7354d224867f62adeda698140919095
# Parent  4ecfbf08b44911dbd86c5e59b63c672c642c3220
[TPM] Allow all tests of the xm test suite to be run when ACM
security is turned on in hypervisor. This is done by implicitly
labeling VMs and resources if they have not been labeled through
explicit calls.
To allow the xm tests suite to label resources automatically, run

./configure --enable-full-labeling

once. To turn it off, the '--enable-full-labeling' parameter should be
omitted.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/xm-test/README                       |    4 ++--
 tools/xm-test/lib/XmTestLib/XenDomain.py   |    5 ++++-
 tools/xm-test/lib/XmTestLib/acm.py         |   13 ++++++++++++-
 tools/xm-test/lib/XmTestLib/block_utils.py |    2 ++
 tools/xm-test/runtest.sh                   |    2 ++
 5 files changed, 22 insertions(+), 4 deletions(-)

diff -r 4ecfbf08b449 -r 05bf8693c735 tools/xm-test/README
--- a/tools/xm-test/README      Wed Oct 18 16:07:55 2006 +0100
+++ b/tools/xm-test/README      Wed Oct 18 16:08:58 2006 +0100
@@ -125,8 +125,8 @@ following command from the xm-test direc
 
 Some of these tests will work even without support of ACM by Xen.
 
-Several of these tests require the privilege of being allowed to label
-resources and will otherwise be skipped. By default the test suite
+The xm test suite has been extended to support labeling of resources
+as required by the existing tests. However, by default the test suite
 is not allowed to automatically label resources since this may affect
 existing labels. To enable this, the test suite must be configured with
 the following parameter passed to the configure scripts (in addition to
diff -r 4ecfbf08b449 -r 05bf8693c735 tools/xm-test/lib/XmTestLib/XenDomain.py
--- a/tools/xm-test/lib/XmTestLib/XenDomain.py  Wed Oct 18 16:07:55 2006 +0100
+++ b/tools/xm-test/lib/XmTestLib/XenDomain.py  Wed Oct 18 16:08:58 2006 +0100
@@ -29,6 +29,7 @@ from config import *
 from config import *
 from Console import *
 from XenDevice import *
+from acm import *
 
 BLOCK_ROOT_DEV = "hda"
 
@@ -103,7 +104,8 @@ class XenConfig:
         self.defaultOpts["vif"]  = []
         self.defaultOpts["vtpm"] = []
         if isACMEnabled():
-            self.defaultOpts["access_control"] = []
+            #A default so every VM can start with ACM enabled
+            self.defaultOpts["access_control"] = ['policy=xm-test,label=red']
 
         self.opts = self.defaultOpts
 
@@ -131,6 +133,7 @@ class XenConfig:
         output = file(filename, "w")
         output.write(self.toString())
         output.close()
+        ACMPrepareSystem(self.opts)
 
     def __str__(self):
         """When used as a string, we represent ourself by a config
diff -r 4ecfbf08b449 -r 05bf8693c735 tools/xm-test/lib/XmTestLib/acm.py
--- a/tools/xm-test/lib/XmTestLib/acm.py        Wed Oct 18 16:07:55 2006 +0100
+++ b/tools/xm-test/lib/XmTestLib/acm.py        Wed Oct 18 16:08:58 2006 +0100
@@ -26,7 +26,7 @@ except:
     ACM_LABEL_RESOURCES = False
 
 labeled_resources = {}
-acm_verbose = False
+acm_verbose = True
 
 def isACMEnabled():
     return security.on()
@@ -43,6 +43,17 @@ def ACMLoadPolicy(policy='xm-test'):
              "Start the system without any policy.\n%s" %
              (policy, o))
 
+def ACMPrepareSystem(resources):
+    if isACMEnabled():
+        ACMLoadPolicy()
+        ACMLabelResources(resources)
+
+def ACMLabelResources(resources):
+    for k, v in resources.items():
+        if k == "disk":
+            for vv in v:
+                res = vv.split(',')[0]
+                ACMLabelResource(res)
 
 # Applications may label resources explicitly by calling this function
 def ACMLabelResource(resource, label='red'):
diff -r 4ecfbf08b449 -r 05bf8693c735 tools/xm-test/lib/XmTestLib/block_utils.py
--- a/tools/xm-test/lib/XmTestLib/block_utils.py        Wed Oct 18 16:07:55 
2006 +0100
+++ b/tools/xm-test/lib/XmTestLib/block_utils.py        Wed Oct 18 16:08:58 
2006 +0100
@@ -6,6 +6,7 @@ import time
 import time
 
 from XmTestLib import *
+from acm import *
 
 import xen.util.blkif
 
@@ -26,6 +27,7 @@ def get_state(domain, devname):
 
 
 def block_attach(domain, phy, virt):
+    ACMLabelResource(phy)
     status, output = traceCommand("xm block-attach %s %s %s w" %
                                   (domain.getName(), phy, virt))
     if status != 0:
diff -r 4ecfbf08b449 -r 05bf8693c735 tools/xm-test/runtest.sh
--- a/tools/xm-test/runtest.sh  Wed Oct 18 16:07:55 2006 +0100
+++ b/tools/xm-test/runtest.sh  Wed Oct 18 16:08:58 2006 +0100
@@ -197,6 +197,8 @@ unsafe=no
 unsafe=no
 GROUPENTERED=default
 
+cp -f tests/security-acm/xm-test-security_policy.xml 
/etc/xen/acm-security/policies
+
 # Resolve options
 while [ $# -gt 0 ]
   do

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [TPM] Allow all tests of the xm test suite to be run when ACM, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] [TPM] Add tests cases for the ACM security hooks and tools to, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] Clean up linker flag definitions., Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] [TPM] Add tests cases for the ACM security hooks and tools to, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] Clean up linker flag definitions., Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy