ia64/xen-unstable

changeset 13239:71eadf04a1f9

Don't canonicalise the resource inside res_security_check if security is off.
This had broken use of relative paths to refer to ISOs etc.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author Ewan Mellor <ewan@xensource.com>
date Tue Jan 02 13:35:25 2007 +0000 (2007-01-02)
parents abcd545e7f4c
children 9c028b3cdb55
files tools/python/xen/util/security.py
line diff
     1.1 --- a/tools/python/xen/util/security.py	Tue Jan 02 13:32:35 2007 +0000
     1.2 +++ b/tools/python/xen/util/security.py	Tue Jan 02 13:35:25 2007 +0000
     1.3 @@ -637,11 +637,11 @@ def res_security_check(resource, domain_
     1.4      """
     1.5      rtnval = 1
     1.6  
     1.7 -    #build canonical resource name
     1.8 -    resource = unify_resname(resource)
     1.9 -
    1.10      # if security is on, ask the hypervisor for a decision
    1.11      if on():
    1.12 +        #build canonical resource name
    1.13 +        resource = unify_resname(resource)
    1.14 +
    1.15          (label, ssidref, policy) = get_res_security_details(resource)
    1.16          domac = ['access_control']
    1.17          domac.append(['policy', active_policy])
    1.18 @@ -660,6 +660,8 @@ def res_security_check(resource, domain_
    1.19  
    1.20      # security is off, make sure resource isn't labeled
    1.21      else:
    1.22 +        # Note, we can't canonicalise the resource here, because people using
    1.23 +        # xm without ACM are free to use relative paths.
    1.24          (label, policy) = get_res_label(resource)
    1.25          if policy != 'NULL':
    1.26              raise ACMError("Security is off, but '"+resource+"' is labeled")