ia64/xen-unstable

view tools/python/xen/xm/addlabel.py @ 9835:cf20dbbf5c2b

This patch adds new python access control management scripts, which
integrate into Xen Management and which support the new access control
labels (labels replace the ssidref numbers at the management user
interface).

Signed-off by: Reiner Sailer <sailer@us.ibm.com>
author smh22@firebug.cl.cam.ac.uk
date Mon Apr 24 10:58:25 2006 +0100 (2006-04-24)
parents
children 0de8a4a023d0
line source
1 #============================================================================
2 # This library is free software; you can redistribute it and/or
3 # modify it under the terms of version 2.1 of the GNU Lesser General Public
4 # License as published by the Free Software Foundation.
5 #
6 # This library is distributed in the hope that it will be useful,
7 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9 # Lesser General Public License for more details.
10 #
11 # You should have received a copy of the GNU Lesser General Public
12 # License along with this library; if not, write to the Free Software
13 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14 #============================================================================
15 # Copyright (C) 2006 International Business Machines Corp.
16 # Author: Reiner Sailer <sailer@us.ibm.com>
17 #============================================================================
19 """Labeling a domain configuration file.
20 """
21 import sys, os
22 import traceback
25 from xen.util.security import ACMError, err, active_policy, label2ssidref, on, access_control_re
28 def usage():
29 print "\nUsage: xm addlabel <configfile> <label> [<policy>]\n"
30 print " This program adds an acm_label entry into the 'configfile'."
31 print " It derives the policy from the running hypervisor if it"
32 print " is not given (optional parameter). If the configfile is"
33 print " already labeled, then addlabel fails.\n"
34 err("Usage")
37 def main(argv):
38 try:
39 policyref = None
40 if len(argv) not in [3,4]:
41 usage()
42 configfile = argv[1]
43 label = argv[2]
45 if len(argv) == 4:
46 policyref = argv[3]
47 elif on():
48 policyref = active_policy
49 else:
50 err("No active policy. Policy must be specified in command line.")
52 #sanity checks: make sure this label can be instantiated later on
53 ssidref = label2ssidref(label, policyref)
55 new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label)
56 if not os.path.isfile(configfile):
57 err("Configuration file \'" + configfile + "\' not found.")
58 config_fd = open(configfile, "ra+")
59 for line in config_fd:
60 if not access_control_re.match(line):
61 continue
62 config_fd.close()
63 err("Config file \'" + configfile + "\' is already labeled.")
64 config_fd.write(new_label)
65 config_fd.close()
67 except ACMError:
68 pass
69 except:
70 traceback.print_exc(limit=1)
73 if __name__ == '__main__':
74 main(sys.argv)