This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-3.0.4-testing] Don't canonicalise the resource insi

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.0.4-testing] Don't canonicalise the resource inside res_security_check if security is off.
From: "Xen patchbot-3.0.4-testing" <patchbot-3.0.4-testing@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 03 Jan 2007 14:15:48 -0800
Delivery-date: Wed, 03 Jan 2007 14:49:33 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Date 1167744925 0
# Node ID f014329a4a3aba0135d9d0a613d9cc7292f108c2
# Parent  c309f86fde0e3a4dfd5fda745a02e592e6c85560
Don't canonicalise the resource inside res_security_check if security is off.
This had broken use of relative paths to refer to ISOs etc.

Signed-off-by: Ewan Mellor <ewan@xxxxxxxxxxxxx>

Based on xen-unstable changeset 13203:71eadf04a1f90eb544e83a8ee65b79caa41e0853
 tools/python/xen/util/security.py |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff -r c309f86fde0e -r f014329a4a3a tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Tue Jan 02 13:32:35 2007 +0000
+++ b/tools/python/xen/util/security.py Tue Jan 02 13:35:25 2007 +0000
@@ -637,11 +637,11 @@ def res_security_check(resource, domain_
     rtnval = 1
-    #build canonical resource name
-    resource = unify_resname(resource)
     # if security is on, ask the hypervisor for a decision
     if on():
+        #build canonical resource name
+        resource = unify_resname(resource)
         (label, ssidref, policy) = get_res_security_details(resource)
         domac = ['access_control']
         domac.append(['policy', active_policy])
@@ -660,6 +660,8 @@ def res_security_check(resource, domain_
     # security is off, make sure resource isn't labeled
+        # Note, we can't canonicalise the resource here, because people using
+        # xm without ACM are free to use relative paths.
         (label, policy) = get_res_label(resource)
         if policy != 'NULL':
             raise ACMError("Security is off, but '"+resource+"' is labeled")

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.0.4-testing] Don't canonicalise the resource inside res_security_check if security is off., Xen patchbot-3.0.4-testing <=