ia64/xen-unstable

view tools/python/xen/xm/setpolicy.py @ 16273:ceb195042ca7

acm, xm: Propagate error codes.

Fix propagation of error codes to the shell in some of the security
related xm commands.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Tue Oct 30 09:33:49 2007 +0000 (2007-10-30)
parents 993655d24b55
children 5255eac35270
line source
1 #============================================================================
2 # This library is free software; you can redistribute it and/or
3 # modify it under the terms of version 2.1 of the GNU Lesser General Public
4 # License as published by the Free Software Foundation.
5 #
6 # This library is distributed in the hope that it will be useful,
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9 # Lesser General Public License for more details.
10 #
11 # You should have received a copy of the GNU Lesser General Public
12 # License along with this library; if not, write to the Free Software
13 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14 #============================================================================
15 # Copyright (C) 2007 International Business Machines Corp.
16 # Author: Stefan Berger <stefanb@us.ibm.com>
17 #============================================================================
19 """Get the managed policy of the system.
20 """
22 import base64
23 import struct
24 import sys
25 import string
26 import xen.util.xsm.xsm as security
27 from xen.util import xsconstants
28 from xen.util.acmpolicy import ACMPolicy
29 from xen.xm.opts import OptionError
30 from xen.util.xsm.acm.acm import policy_dir_prefix
31 from xen.xm import main as xm_main
32 from xen.xm.main import server
34 def help():
35 return """
36 Usage: xm setpolicy <policytype> <policy> [options]
38 Set the policy managed by xend.
40 The only policytype that is currently supported is 'ACM'.
42 The following options are defined
43 --load Load the policy immediately
44 --boot Have the system load the policy during boot
45 --update Automatically adapt the policy so that it will be
46 treated as an update to the current policy
47 """
49 def create_update_xml(xml):
50 """
51 Adapt the new policy's xml header to be a simple type of an
52 update to the currently enforce policy on the remote system.
53 Increases the minor number by '1'.
54 """
55 policystate = server.xenapi.XSPolicy.get_xspolicy()
56 if int(policystate['type']) == 0:
57 return xml
58 curpol = ACMPolicy(xml = policystate['repr'])
59 curpol_version = curpol.get_version()
60 tmp = curpol_version.split('.')
61 if len(tmp) == 2:
62 maj = int(tmp[0])
63 min = int(tmp[1])
64 else:
65 maj = int(tmp)
66 min = 0
67 min += 1
68 newpol_version = ""+str(maj)+"."+str(min)
70 newpol = ACMPolicy(xml = xml)
71 newpol.set_frompolicy_name(curpol.get_name())
72 newpol.set_frompolicy_version(curpol.get_version())
73 newpol.set_policy_version(newpol_version)
74 return newpol.toxml()
76 def setpolicy(policytype, policy_name, flags, overwrite, is_update=False):
77 if xm_main.serverType != xm_main.SERVER_XEN_API:
78 raise OptionError('xm needs to be configured to use the xen-api.')
79 if policytype != xsconstants.ACM_POLICY_ID:
80 raise OptionError("Unsupported policytype '%s'." % policytype)
81 else:
82 xs_type = xsconstants.XS_POLICY_ACM
84 policy_file = policy_dir_prefix + "/" + \
85 string.join(string.split(policy_name, "."), "/")
86 policy_file += "-security_policy.xml"
88 try:
89 f = open(policy_file,"r")
90 xml = f.read(-1)
91 f.close()
92 except:
93 raise OptionError("Not a valid policy file")
95 if is_update:
96 xml = create_update_xml(xml)
98 try:
99 policystate = server.xenapi.XSPolicy.set_xspolicy(xs_type,
100 xml,
101 flags,
102 overwrite)
103 except Exception, e:
104 raise security.XSMError("An error occurred setting the "
105 "policy: %s" % str(e))
106 xserr = int(policystate['xserr'])
107 if xserr != 0:
108 txt = "An error occurred trying to set the policy: %s." % \
109 xsconstants.xserr2string(abs(xserr))
110 errors = policystate['errors']
111 if len(errors) > 0:
112 txt += "Hypervisor reported errors:"
113 err = base64.b64decode(errors)
114 i = 0
115 while i + 7 < len(err):
116 code, data = struct.unpack("!ii", errors[i:i+8])
117 txt += "(0x%08x, 0x%08x)" % (code, data)
118 i += 8
119 raise security.XSMError(txt)
120 else:
121 print "Successfully set the new policy."
124 def main(argv):
125 if len(argv) < 3:
126 raise OptionError("Need at least 3 arguments.")
128 if "-?" in argv:
129 help()
130 return
132 policytype = argv[1]
133 policy_name = argv[2]
134 is_update = False
136 flags = 0
137 if '--load' in argv:
138 flags |= xsconstants.XS_INST_LOAD
139 if '--boot' in argv:
140 flags |= xsconstants.XS_INST_BOOT
141 if '--update' in argv:
142 is_update = True
144 overwrite = True
145 if '--nooverwrite' in argv:
146 overwrite = False
148 setpolicy(policytype, policy_name, flags, overwrite, is_update)
150 if __name__ == '__main__':
151 try:
152 main(sys.argv)
153 except Exception, e:
154 sys.stderr.write('Error: %s\n' % str(e))
155 sys.exit(-1)