ia64/xen-unstable

changeset 16547:3221dff4b460

ACM: Recover if XML policy representation is missing.

Recover the system if the XML representation of the currently loaded
policy is missing. Force the installation of the DEFAULT policy.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Dec 06 12:13:12 2007 +0000 (2007-12-06)
parents 3df07c94c9aa
children cd5e1e76d0bc
files tools/python/xen/util/acmpolicy.py tools/python/xen/xend/XendXSPolicyAdmin.py
line diff
     1.1 --- a/tools/python/xen/util/acmpolicy.py	Thu Dec 06 12:12:29 2007 +0000
     1.2 +++ b/tools/python/xen/util/acmpolicy.py	Thu Dec 06 12:13:12 2007 +0000
     1.3 @@ -347,6 +347,33 @@ class ACMPolicy(XSPolicy):
     1.4              rc = self.compile()
     1.5          return rc, errors
     1.6  
     1.7 +    def force_default_policy(klass):
     1.8 +        """
     1.9 +           Force the installation of the DEFAULT policy if for
    1.10 +           example no XML of the current policy is available and
    1.11 +           the update path with comparisons of old and new policy
    1.12 +           cannot be taken.
    1.13 +           This only succeeds if only Domain-0 is running or
    1.14 +           all guest have the same ssidref as Domain-0.
    1.15 +        """
    1.16 +        errors = ""
    1.17 +
    1.18 +        acmpol_new = ACMPolicy(xml = get_DEFAULT_policy())
    1.19 +
    1.20 +        from xen.lowlevel import acm
    1.21 +        dom0_ssidref = acm.getssid(0)
    1.22 +        del_array = ""
    1.23 +        chg_array = struct.pack("ii",
    1.24 +                                dom0_ssidref['ssidref'] & 0xffff,
    1.25 +                                0x1)
    1.26 +
    1.27 +        rc, pol_map, bin_pol = acmpol_new.policy_create_map_and_bin()
    1.28 +        if rc != xsconstants.XSERR_SUCCESS:
    1.29 +            return rc, errors, acmpol_new
    1.30 +        rc, errors = security.hv_chg_policy(bin_pol, del_array, chg_array)
    1.31 +        return rc, errors, acmpol_new
    1.32 +
    1.33 +    force_default_policy = classmethod(force_default_policy)
    1.34  
    1.35      def __do_update_version_check(self, acmpol_new):
    1.36          acmpol_old = self
     2.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py	Thu Dec 06 12:12:29 2007 +0000
     2.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py	Thu Dec 06 12:13:12 2007 +0000
     2.3 @@ -57,6 +57,12 @@ class XSPolicyAdmin:
     2.4          except Exception, e:
     2.5              log.error("Could not find XML representation of policy '%s': "
     2.6                        "%s" % (act_pol_name,e))
     2.7 +            rc, errors, acmpol_def = ACMPolicy.force_default_policy()
     2.8 +            if rc == xsconstants.XSERR_SUCCESS:
     2.9 +                self.xsobjs[ref] = acmpol_def
    2.10 +                self.policies[ref] = (acmpol_def.get_name(),
    2.11 +                                      xsconstants.ACM_POLICY_ID)
    2.12 +                log.info("Switched to DEFAULT policy.")
    2.13  
    2.14          log.debug("XSPolicyAdmin: Known policies: %s" % self.policies)
    2.15