ia64/xen-unstable

changeset 11877:05bf8693c735

[TPM] Allow all tests of the xm test suite to be run when ACM
security is turned on in hypervisor. This is done by implicitly
labeling VMs and resources if they have not been labeled through
explicit calls.
To allow the xm tests suite to label resources automatically, run

./configure --enable-full-labeling

once. To turn it off, the '--enable-full-labeling' parameter should be
omitted.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Wed Oct 18 16:08:58 2006 +0100 (2006-10-18)
parents 4ecfbf08b449
children 307e5ed9657e
files tools/xm-test/README tools/xm-test/lib/XmTestLib/XenDomain.py tools/xm-test/lib/XmTestLib/acm.py tools/xm-test/lib/XmTestLib/block_utils.py tools/xm-test/runtest.sh
line diff
     1.1 --- a/tools/xm-test/README	Wed Oct 18 16:07:55 2006 +0100
     1.2 +++ b/tools/xm-test/README	Wed Oct 18 16:08:58 2006 +0100
     1.3 @@ -125,8 +125,8 @@ following command from the xm-test direc
     1.4  
     1.5  Some of these tests will work even without support of ACM by Xen.
     1.6  
     1.7 -Several of these tests require the privilege of being allowed to label
     1.8 -resources and will otherwise be skipped. By default the test suite
     1.9 +The xm test suite has been extended to support labeling of resources
    1.10 +as required by the existing tests. However, by default the test suite
    1.11  is not allowed to automatically label resources since this may affect
    1.12  existing labels. To enable this, the test suite must be configured with
    1.13  the following parameter passed to the configure scripts (in addition to
     2.1 --- a/tools/xm-test/lib/XmTestLib/XenDomain.py	Wed Oct 18 16:07:55 2006 +0100
     2.2 +++ b/tools/xm-test/lib/XmTestLib/XenDomain.py	Wed Oct 18 16:08:58 2006 +0100
     2.3 @@ -29,6 +29,7 @@ from Test import *
     2.4  from config import *
     2.5  from Console import *
     2.6  from XenDevice import *
     2.7 +from acm import *
     2.8  
     2.9  BLOCK_ROOT_DEV = "hda"
    2.10  
    2.11 @@ -103,7 +104,8 @@ class XenConfig:
    2.12          self.defaultOpts["vif"]  = []
    2.13          self.defaultOpts["vtpm"] = []
    2.14          if isACMEnabled():
    2.15 -            self.defaultOpts["access_control"] = []
    2.16 +            #A default so every VM can start with ACM enabled
    2.17 +            self.defaultOpts["access_control"] = ['policy=xm-test,label=red']
    2.18  
    2.19          self.opts = self.defaultOpts
    2.20  
    2.21 @@ -131,6 +133,7 @@ class XenConfig:
    2.22          output = file(filename, "w")
    2.23          output.write(self.toString())
    2.24          output.close()
    2.25 +        ACMPrepareSystem(self.opts)
    2.26  
    2.27      def __str__(self):
    2.28          """When used as a string, we represent ourself by a config
     3.1 --- a/tools/xm-test/lib/XmTestLib/acm.py	Wed Oct 18 16:07:55 2006 +0100
     3.2 +++ b/tools/xm-test/lib/XmTestLib/acm.py	Wed Oct 18 16:08:58 2006 +0100
     3.3 @@ -26,7 +26,7 @@ except:
     3.4      ACM_LABEL_RESOURCES = False
     3.5  
     3.6  labeled_resources = {}
     3.7 -acm_verbose = False
     3.8 +acm_verbose = True
     3.9  
    3.10  def isACMEnabled():
    3.11      return security.on()
    3.12 @@ -43,6 +43,17 @@ def ACMLoadPolicy(policy='xm-test'):
    3.13               "Start the system without any policy.\n%s" %
    3.14               (policy, o))
    3.15  
    3.16 +def ACMPrepareSystem(resources):
    3.17 +    if isACMEnabled():
    3.18 +        ACMLoadPolicy()
    3.19 +        ACMLabelResources(resources)
    3.20 +
    3.21 +def ACMLabelResources(resources):
    3.22 +    for k, v in resources.items():
    3.23 +        if k == "disk":
    3.24 +            for vv in v:
    3.25 +                res = vv.split(',')[0]
    3.26 +                ACMLabelResource(res)
    3.27  
    3.28  # Applications may label resources explicitly by calling this function
    3.29  def ACMLabelResource(resource, label='red'):
     4.1 --- a/tools/xm-test/lib/XmTestLib/block_utils.py	Wed Oct 18 16:07:55 2006 +0100
     4.2 +++ b/tools/xm-test/lib/XmTestLib/block_utils.py	Wed Oct 18 16:08:58 2006 +0100
     4.3 @@ -6,6 +6,7 @@
     4.4  import time
     4.5  
     4.6  from XmTestLib import *
     4.7 +from acm import *
     4.8  
     4.9  import xen.util.blkif
    4.10  
    4.11 @@ -26,6 +27,7 @@ def get_state(domain, devname):
    4.12  
    4.13  
    4.14  def block_attach(domain, phy, virt):
    4.15 +    ACMLabelResource(phy)
    4.16      status, output = traceCommand("xm block-attach %s %s %s w" %
    4.17                                    (domain.getName(), phy, virt))
    4.18      if status != 0:
     5.1 --- a/tools/xm-test/runtest.sh	Wed Oct 18 16:07:55 2006 +0100
     5.2 +++ b/tools/xm-test/runtest.sh	Wed Oct 18 16:08:58 2006 +0100
     5.3 @@ -197,6 +197,8 @@ run=yes
     5.4  unsafe=no
     5.5  GROUPENTERED=default
     5.6  
     5.7 +cp -f tests/security-acm/xm-test-security_policy.xml /etc/xen/acm-security/policies
     5.8 +
     5.9  # Resolve options
    5.10  while [ $# -gt 0 ]
    5.11    do