view tools/python/xen/xm/dry-run.py @ 10720:8922c1fbe684

[XM][ACM] Add xm subcommands to work with security resource labels.

This patch adds new xm subcommands to support working with resource
labels. The new subcommands are 'xm resources', 'xm rmlabel', 'xm
getlabel' and 'xm dry-run'. In addition, the 'xm addlabel' subcommand
now uses an updated syntax to support labeling both domains and
resources. See the xm man page for details on each subcommand.

Beyond the new subcommands, this patch allows users to immediately see
when security checks will fail by pushing some basic security checking
into the beginning of 'xm create' and 'xm block-attach'. ACM security
attributes for block devices are added to XenStore in order to support
the final security enforcement, which will be performed in the kernel
and included in a separate patch.

Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com>
Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
author kfraser@localhost.localdomain
date Mon Jul 10 17:18:07 2006 +0100 (2006-07-10)
children 956e9aaf88c9
line source
1 #============================================================================
2 # This library is free software; you can redistribute it and/or
3 # modify it under the terms of version 2.1 of the GNU Lesser General Public
4 # License as published by the Free Software Foundation.
5 #
6 # This library is distributed in the hope that it will be useful,
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # Lesser General Public License for more details.
10 #
11 # You should have received a copy of the GNU Lesser General Public
12 # License along with this library; if not, write to the Free Software
13 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14 #============================================================================
15 # Copyright (C) 2006 International Business Machines Corp.
16 # Author: Bryan D. Payne <bdpayne@us.ibm.com>
17 #============================================================================
19 """Tests the security settings for a domain and its resources.
20 """
21 from xen.util import security
22 from xen.xm import create
23 from xen.xend import sxp
25 def usage():
26 print "\nUsage: xm dry-run <configfile>\n"
27 print "This program checks each resource listed in the configfile"
28 print "to see if the domain created by the configfile can access"
29 print "the resources. The status of each resource is listed"
30 print "individually along with the final security decision.\n"
33 def main (argv):
34 if len(argv) != 2:
35 usage()
36 return
38 try:
39 passed = 0
40 (opts, config) = create.parseCommandLine(argv)
41 if create.check_domain_label(config, verbose=1):
42 if create.config_security_check(config, verbose=1):
43 passed = 1
44 else:
45 print "Checking resources: (skipped)"
47 if passed:
48 print "Dry Run: PASSED"
49 else:
50 print "Dry Run: FAILED"
51 except security.ACMError:
52 pass
55 if __name__ == '__main__':
56 main(sys.argv)