ia64/xen-unstable

changeset 15805:8f1c807ace97

[ACM/XEND] Fix case where resource label file does not exist.

Fix the case where the resource label file does not exist but its
contents would be needed for access control evaluations.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author kfraser@localhost.localdomain
date Thu Aug 30 15:39:13 2007 +0100 (2007-08-30)
parents 3805cc382dbe
children 3738840029b4
files tools/python/xen/util/security.py
line diff
     1.1 --- a/tools/python/xen/util/security.py	Thu Aug 30 15:35:10 2007 +0100
     1.2 +++ b/tools/python/xen/util/security.py	Thu Aug 30 15:39:13 2007 +0100
     1.3 @@ -934,7 +934,8 @@ def resources_compatible_with_vmlabel(xs
     1.4              access_control = dictio.dict_read("resources",
     1.5                                                res_label_filename)
     1.6          except:
     1.7 -            return False
     1.8 +            # No labeled resources -> must be compatible
     1.9 +            return True
    1.10          return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel,
    1.11                                                     access_control)
    1.12      finally:
    1.13 @@ -950,6 +951,7 @@ def __resources_compatible_with_vmlabel(
    1.14          given VM label. The access_control parameter provides a
    1.15          dictionary of the resource name to resource label mappings
    1.16          under which the evaluation should be done.
    1.17 +        Call this only for a paused or running domain.
    1.18      """
    1.19      def collect_labels(reslabels, s_label, polname):
    1.20          if len(s_label) != 3 or polname != s_label[1]:
    1.21 @@ -1204,7 +1206,7 @@ def change_acm_policy(bin_pol, del_array
    1.22          access_control = {}
    1.23          try:
    1.24              access_control = dictio.dict_read("resources", res_label_filename)
    1.25 -        finally:
    1.26 +        except:
    1.27              pass
    1.28          for key, labeldata in access_control.items():
    1.29              if len(labeldata) == 2: