ia64/xen-unstable

changeset 16221:beb81ee16009

xend, acm: small fixes

Check that the policy is of type ACM and return an error if it is not.
Reworked the way the label of a domain is read.

Signed-off-by; Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Thu Oct 25 09:25:03 2007 +0100 (2007-10-25)
parents c8ef0ae53bba
children ffc17d35d636
files tools/python/xen/util/xsm/acm/acm.py
line diff
     1.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Thu Oct 25 09:24:28 2007 +0100
     1.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Thu Oct 25 09:25:03 2007 +0100
     1.3 @@ -656,6 +656,10 @@ def get_res_security_details(resource):
     1.4          log.info("Resource label for "+resource+" not in file, using DEFAULT.")
     1.5          return default_security_details()
     1.6  
     1.7 +    if policytype != xsconstants.ACM_POLICY_ID:
     1.8 +        raise VmError("Unknown policy type '%s in label for resource '%s'" %
     1.9 +                      (policytype, resource))
    1.10 +
    1.11      # is this resource label for the running policy?
    1.12      if policy == active_policy:
    1.13          ssidref = label2ssidref(label, policy, 'res')
    1.14 @@ -1373,11 +1377,9 @@ def get_security_label(self, xspol=None)
    1.15          from xen.xend.XendXSPolicyAdmin import XSPolicyAdminInstance
    1.16          xspol = XSPolicyAdminInstance().get_loaded_policy()
    1.17  
    1.18 -    if domid == 0:
    1.19 +        label = ""
    1.20          if xspol:
    1.21              label = xspol.policy_get_domain_label_formatted(domid)
    1.22 -        else:
    1.23 -            label = ""
    1.24 -    else:
    1.25 -        label = self.info.get('security_label', '')
    1.26 +        if domid != 0:
    1.27 +            label = self.info.get('security_label', label)
    1.28      return label