This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-unstable] [ACM/XEND] Fix case where resource label

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [ACM/XEND] Fix case where resource label file does not exist.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 07 Sep 2007 09:13:29 -0700
Delivery-date: Fri, 07 Sep 2007 10:33:48 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1188484753 -3600
# Node ID 8f1c807ace978eab1292f0a4afbbdce5eb475af4
# Parent  3805cc382dbe9d16571e44bda5e575709fb8fd17
[ACM/XEND] Fix case where resource label file does not exist.

Fix the case where the resource label file does not exist but its
contents would be needed for access control evaluations.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
 tools/python/xen/util/security.py |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff -r 3805cc382dbe -r 8f1c807ace97 tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Thu Aug 30 15:35:10 2007 +0100
+++ b/tools/python/xen/util/security.py Thu Aug 30 15:39:13 2007 +0100
@@ -934,7 +934,8 @@ def resources_compatible_with_vmlabel(xs
             access_control = dictio.dict_read("resources",
-            return False
+            # No labeled resources -> must be compatible
+            return True
         return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
@@ -950,6 +951,7 @@ def __resources_compatible_with_vmlabel(
         given VM label. The access_control parameter provides a
         dictionary of the resource name to resource label mappings
         under which the evaluation should be done.
+        Call this only for a paused or running domain.
     def collect_labels(reslabels, s_label, polname):
         if len(s_label) != 3 or polname != s_label[1]:
@@ -1204,7 +1206,7 @@ def change_acm_policy(bin_pol, del_array
         access_control = {}
             access_control = dictio.dict_read("resources", res_label_filename)
-        finally:
+        except:
         for key, labeldata in access_control.items():
             if len(labeldata) == 2:

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [ACM/XEND] Fix case where resource label file does not exist., Xen patchbot-unstable <=