ia64/xen-unstable

changeset 16219:a2222599b97b

xend: Reworked initialization of XSPolicy administration class

Rather than picking up the current policy from the managed policies
file the hypervisor is asked for the name of the current policy.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Thu Oct 25 09:23:27 2007 +0100 (2007-10-25)
parents f0c98631b2e5
children c8ef0ae53bba
files tools/python/xen/xend/XendXSPolicyAdmin.py
line diff
     1.1 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py	Thu Oct 25 09:22:28 2007 +0100
     1.2 +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py	Thu Oct 25 09:23:27 2007 +0100
     1.3 @@ -28,7 +28,6 @@ from xen.util.xspolicy import XSPolicy
     1.4  from xen.util.acmpolicy import ACMPolicy
     1.5  from xen.xend.XendError import SecurityError
     1.6  
     1.7 -XS_MANAGED_POLICIES_FILE = "/etc/xen/acm-security/policies/managed_policies"
     1.8  
     1.9  class XSPolicyAdmin:
    1.10      """ The class that handles the managed policies in the system.
    1.11 @@ -45,28 +44,19 @@ class XSPolicyAdmin:
    1.12                                  on the system (currently '1')
    1.13          """
    1.14          self.maxpolicies = maxpolicies
    1.15 -        try:
    1.16 -            self.policies = dictio.dict_read("managed_policies",
    1.17 -                                             XS_MANAGED_POLICIES_FILE)
    1.18 -        except Exception, e:
    1.19 -            self.policies = {}
    1.20 -
    1.21 +        self.policies = {}
    1.22          self.xsobjs = {}
    1.23 -        for ref, data in self.policies.items():
    1.24 -            name = data[0]
    1.25 -            typ = data[1]
    1.26 -            try:
    1.27 -                if typ == xsconstants.ACM_POLICY_ID:
    1.28 -                    try:
    1.29 -                        self.xsobjs[ref] = ACMPolicy(name=name, ref=ref)
    1.30 -                    except Exception, e:
    1.31 -                        del self.policies[ref]
    1.32 -                else:
    1.33 -                    del self.policies[ref]
    1.34 -            except Exception, e:
    1.35 -                log.error("XSPolicyAdmin: Could not find policy '%s': %s" %
    1.36 -                         (name, str(e)))
    1.37 -                del self.policies[ref]
    1.38 +
    1.39 +        act_pol_name = self.get_hv_loaded_policy_name()
    1.40 +
    1.41 +        ref = uuid.createString()
    1.42 +        try:
    1.43 +            self.xsobjs[ref] = ACMPolicy(name=act_pol_name, ref=ref)
    1.44 +            self.policies[ref] = (act_pol_name, xsconstants.ACM_POLICY_ID)
    1.45 +        except Exception, e:
    1.46 +            log.error("Could not find XML representation of policy '%s': "
    1.47 +                      "%s" % (act_pol_name,e))
    1.48 +
    1.49          log.debug("XSPolicyAdmin: Known policies: %s" % self.policies)
    1.50  
    1.51      def isXSEnabled(self):
    1.52 @@ -113,6 +103,7 @@ class XSPolicyAdmin:
    1.53              if rc == 0:
    1.54                  self.rm_bootpolicy()
    1.55                  irc = self.activate_xspolicy(loadedpol, flags)
    1.56 +                # policy is loaded; if setting the boot flag fails it's ok.
    1.57              return (loadedpol, rc, errors)
    1.58  
    1.59          try:
    1.60 @@ -166,9 +157,6 @@ class XSPolicyAdmin:
    1.61                                         xsconstants.ACM_POLICY_ID]) }
    1.62              self.policies.update(new_entry)
    1.63              self.xsobjs[ref]  = acmpol
    1.64 -            dictio.dict_write(self.policies,
    1.65 -                              "managed_policies",
    1.66 -                              XS_MANAGED_POLICIES_FILE)
    1.67          return (acmpol, xsconstants.XSERR_SUCCESS, errors)
    1.68  
    1.69      def make_boot_policy(self, acmpol):
    1.70 @@ -217,9 +205,6 @@ class XSPolicyAdmin:
    1.71              if rc == xsconstants.XSERR_SUCCESS or force:
    1.72                  del self.policies[ref]
    1.73                  del self.xsobjs[ref]
    1.74 -                dictio.dict_write(self.policies,
    1.75 -                                  "managed_policies",
    1.76 -                                  XS_MANAGED_POLICIES_FILE)
    1.77                  rc = xsconstants.XSERR_SUCCESS
    1.78              return rc
    1.79