ia64/xen-unstable

view tools/python/xen/util/Brctl.py @ 10720:8922c1fbe684

[XM][ACM] Add xm subcommands to work with security resource labels.

This patch adds new xm subcommands to support working with resource
labels. The new subcommands are 'xm resources', 'xm rmlabel', 'xm
getlabel' and 'xm dry-run'. In addition, the 'xm addlabel' subcommand
now uses an updated syntax to support labeling both domains and
resources. See the xm man page for details on each subcommand.

Beyond the new subcommands, this patch allows users to immediately see
when security checks will fail by pushing some basic security checking
into the beginning of 'xm create' and 'xm block-attach'. ACM security
attributes for block devices are added to XenStore in order to support
the final security enforcement, which will be performed in the kernel
and included in a separate patch.

Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com>
Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
author kfraser@localhost.localdomain
date Mon Jul 10 17:18:07 2006 +0100 (2006-07-10)
parents 903d88857972
children 069d1364af53
line source
1 """Bridge control utilities.
2 """
3 import os
4 import os.path
5 import re
6 import sys
8 CMD_IFCONFIG = 'ifconfig'
9 CMD_ROUTE = 'route'
10 CMD_BRCTL = 'brctl'
11 CMD_IPTABLES = "iptables"
13 opts = None
15 class Opts:
17 def __init__(self, defaults):
18 for (k, v) in defaults.items():
19 setattr(self, k, v)
20 pass
22 def cmd(p, s):
23 """Print and execute command 'p' with args 's'.
24 """
25 global opts
26 c = p + ' ' + s
27 if opts.verbose: print c
28 if not opts.dryrun:
29 os.system(c)
31 def vif_bridge_add(params):
32 """Add the network interface for vif on dom to a bridge.
33 """
34 cmd(CMD_BRCTL, 'addif %(bridge)s %(vif)s' % params)
36 def vif_bridge_rem(params):
37 """Remove the network interface for vif on dom from a bridge.
38 """
39 cmd(CMD_BRCTL, 'delif %(bridge)s %(vif)s' % params)
41 def vif_restrict_addr(vif, addr, delete=0):
42 d = { 'vif': vif, 'addr': addr}
43 if delete:
44 d['flag'] = '-D'
45 else:
46 d['flag'] = '-A'
47 cmd(CMD_IPTABLES, '-P FORWARD DROP')
48 cmd(CMD_IPTABLES, '%(flag)s FORWARD -m physdev --physdev-in %(vif)s -s %(addr)s -j ACCEPT' % d)
49 cmd(CMD_IPTABLES, '%(flag)s FORWARD -m physdev --physdev-out %(vif)s -d %(addr)s -j ACCEPT' % d)
51 def bridge_create(bridge, **kwd):
52 """Create a bridge.
53 Defaults hello time to 0, forward delay to 0 and stp off.
54 """
55 cmd(CMD_BRCTL, 'addbr %s' % bridge)
56 if kwd.get('hello', None) is None:
57 kwd['hello'] = 0
58 if kwd.get('fd', None) is None:
59 kwd['fd'] = 0
60 if kwd.get('stp', None) is None:
61 kwd['stp'] = 'off'
62 bridge_set(bridge, **kwd)
63 cmd(CMD_IFCONFIG, "%s up" % bridge)
65 def bridge_set(bridge, hello=None, fd=None, stp=None):
66 """Set bridge parameters.
67 """
68 if hello is not None:
69 cmd(CMD_BRCTL, 'sethello %s %d' % (bridge, hello))
70 if fd is not None:
71 cmd(CMD_BRCTL, 'setfd %s %d' % (bridge, fd))
72 if stp is not None:
73 cmd(CMD_BRCTL, 'stp %s %s' % (bridge, stp))
75 def bridge_del(bridge):
76 """Delete a bridge.
77 """
78 cmd(CMD_IFCONFIG, '%s down' % bridge)
79 cmd(CMD_BRCTL, 'delbr %s' % bridge)
81 def routes():
82 """Return a list of the routes.
83 """
84 fin = os.popen(CMD_ROUTE + ' -n', 'r')
85 routes = []
86 for x in fin:
87 if x.startswith('Kernel'): continue
88 if x.startswith('Destination'): continue
89 x = x.strip()
90 y = x.split()
91 z = { 'destination': y[0],
92 'gateway' : y[1],
93 'mask' : y[2],
94 'flags' : y[3],
95 'metric' : y[4],
96 'ref' : y[5],
97 'use' : y[6],
98 'interface' : y[7] }
99 routes.append(z)
100 return routes
102 def ifconfig(interface):
103 """Return the ip config for an interface,
104 """
105 fin = os.popen(CMD_IFCONFIG + ' %s' % interface, 'r')
106 inetre = re.compile('\s*inet\s*addr:(?P<address>\S*)\s*Bcast:(?P<broadcast>\S*)\s*Mask:(?P<mask>\S*)')
107 info = None
108 for x in fin:
109 m = inetre.match(x)
110 if not m: continue
111 info = m.groupdict()
112 info['interface'] = interface
113 break
114 return info
116 def reconfigure(interface, bridge):
117 """Reconfigure an interface to be attached to a bridge, and give the bridge
118 the IP address etc. from interface. Move the default route to the interface
119 to the bridge.
121 """
122 global opts
123 intf_info = ifconfig(interface)
124 if not intf_info:
125 print >>sys.stderr, 'Interface not found:', interface
126 return
127 #bridge_info = ifconfig(bridge)
128 #if not bridge_info:
129 # print >>sys.stderr, 'Bridge not found:', bridge
130 # return
131 route_info = routes()
132 intf_info['bridge'] = bridge
133 intf_info['gateway'] = None
134 for r in route_info:
135 if (r['destination'] == '0.0.0.0' and
136 'G' in r['flags'] and
137 r['interface'] == interface):
138 intf_info['gateway'] = r['gateway']
139 if not intf_info['gateway']:
140 print >>sys.stderr, 'Gateway not found: ', interface
141 return
142 cmd(CMD_IFCONFIG,
143 '%(bridge)s %(address)s netmask %(mask)s broadcast %(broadcast)s up'
144 % intf_info)
145 cmd(CMD_ROUTE,
146 'add default gateway %(gateway)s dev %(bridge)s'
147 % intf_info)
148 cmd(CMD_BRCTL, 'addif %(bridge)s %(interface)s' % intf_info)
149 cmd(CMD_IFCONFIG, '%(interface)s 0.0.0.0' % intf_info)
151 defaults = {
152 'verbose' : 1,
153 'dryrun' : 0,
154 }
156 opts = Opts(defaults)
158 def set_opts(val):
159 global opts
160 opts = val
161 return opts