ia64/xen-unstable

changeset 16273:ceb195042ca7

acm, xm: Propagate error codes.

Fix propagation of error codes to the shell in some of the security
related xm commands.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Tue Oct 30 09:33:49 2007 +0000 (2007-10-30)
parents dc3fcd5dd4eb
children afd768e9382e
files tools/python/xen/xm/addlabel.py tools/python/xen/xm/rmlabel.py tools/python/xen/xm/setpolicy.py
line diff
     1.1 --- a/tools/python/xen/xm/addlabel.py	Tue Oct 30 09:32:10 2007 +0000
     1.2 +++ b/tools/python/xen/xm/addlabel.py	Tue Oct 30 09:33:49 2007 +0000
     1.3 @@ -117,15 +117,18 @@ def add_resource_label(label, resource, 
     1.4                                                            res_xapi,
     1.5                                                            "")
     1.6              except Exception, e:
     1.7 -                security.err("Could not label this resource: %s" % e)
     1.8 +                raise security.XSMError("Could not label this resource: %s" %
     1.9 +                                        str(e))
    1.10          else:
    1.11 -            security.err("'%s' is already labeled with '%s'" % (resource,old))
    1.12 +            raise security.XSMError("'%s' is already labeled with '%s'" %
    1.13 +                                    (resource,old))
    1.14  
    1.15  def add_domain_label(label, configfile, policyref):
    1.16      # sanity checks: make sure this label can be instantiated later on
    1.17      ssidref = security.label2ssidref(label, policyref, 'dom')
    1.18  
    1.19 -    new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label)
    1.20 +    new_label = "access_control = ['policy=%s,label=%s']\n" % \
    1.21 +                (policyref, label)
    1.22      if not os.path.isfile(configfile):
    1.23          security.err("Configuration file \'" + configfile + "\' not found.")
    1.24      config_fd = open(configfile, "ra+")
    1.25 @@ -150,14 +153,14 @@ def add_domain_label_xapi(label, domainn
    1.26      try:
    1.27          old_lab = server.xenapi.VM.get_security_label(uuid)
    1.28          rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab)
    1.29 -    except:
    1.30 -        rc = -1
    1.31 +    except Exception, e:
    1.32 +        raise security.XSMError("Could not label the domain: %s" % e)
    1.33      if int(rc) < 0:
    1.34          raise OptionError('Could not label domain.')
    1.35      else:
    1.36          ssidref = int(rc)
    1.37          if ssidref != 0:
    1.38 -            print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % \
    1.39 +            print "Set the label of domain '%s' to '%s'. New ssidref = %08x" %\
    1.40                    (domainname,label,ssidref)
    1.41          else:
    1.42              print "Set the label of dormant domain '%s' to '%s'." % \
     2.1 --- a/tools/python/xen/xm/rmlabel.py	Tue Oct 30 09:32:10 2007 +0000
     2.2 +++ b/tools/python/xen/xm/rmlabel.py	Tue Oct 30 09:33:49 2007 +0000
     2.3 @@ -50,9 +50,10 @@ def rm_resource_label(resource):
     2.4                  server.xenapi.XSPolicy.set_resource_label(resource,"",
     2.5                                                            oldlabel)
     2.6              else:
     2.7 -                raise security.ACMError("Resource not labeled")
     2.8 +                raise security.XSMError("Resource not labeled")
     2.9          except Exception, e:
    2.10 -            print "Could not remove label from resource: %s" % e
    2.11 +            raise security.XSMError("Could not remove label "
    2.12 +                                    "from resource: %s" % e)
    2.13          return
    2.14  
    2.15      #build canonical resource name
    2.16 @@ -128,7 +129,7 @@ def rm_domain_label_xapi(domainname):
    2.17          old_lab = server.xenapi.VM.get_security_label(uuid)
    2.18          server.xenapi.VM.set_security_label(uuid, "", old_lab)
    2.19      except Exception, e:
    2.20 -        print('Could not remove label from domain: %s' % e)
    2.21 +        raise security.XSMError('Could not remove label from domain: %s' % e)
    2.22  
    2.23  def rm_vif_label(vmname, idx):
    2.24      if xm_main.serverType != xm_main.SERVER_XEN_API:
    2.25 @@ -142,16 +143,21 @@ def rm_vif_label(vmname, idx):
    2.26          raise OptionError("Bad VIF index.")
    2.27      vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx])
    2.28      if not vif_ref:
    2.29 -        print "A VIF with this UUID does not exist."
    2.30 +        raise security.XSMError("A VIF with this UUID does not exist.")
    2.31      try:
    2.32          old_lab = server.xenapi.VIF.get_security_label(vif_ref)
    2.33 -        rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab)
    2.34 -        if int(rc) != 0:
    2.35 -            print "Could not remove the label from the VIF."
    2.36 +        if old_lab != "":
    2.37 +            rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab)
    2.38 +            if int(rc) != 0:
    2.39 +                raise security.XSMError("Could not remove the label from"
    2.40 +                                        " the VIF.")
    2.41 +            else:
    2.42 +                print "Successfully removed the label from the VIF."
    2.43          else:
    2.44 -            print "Successfully removed the label from the VIF."
    2.45 +            raise security.XSMError("VIF is not labeled.")
    2.46      except Exception, e:
    2.47 -        print "Could not remove the label the VIF: %s" % str(e)
    2.48 +        raise security.XSMError("Could not remove the label from the VIF: %s" %
    2.49 +                                str(e))
    2.50  
    2.51  
    2.52  def main (argv):
     3.1 --- a/tools/python/xen/xm/setpolicy.py	Tue Oct 30 09:32:10 2007 +0000
     3.2 +++ b/tools/python/xen/xm/setpolicy.py	Tue Oct 30 09:33:49 2007 +0000
     3.3 @@ -23,6 +23,7 @@ import base64
     3.4  import struct
     3.5  import sys
     3.6  import string
     3.7 +import xen.util.xsm.xsm as security
     3.8  from xen.util import xsconstants
     3.9  from xen.util.acmpolicy import ACMPolicy
    3.10  from xen.xm.opts import OptionError
    3.11 @@ -100,21 +101,22 @@ def setpolicy(policytype, policy_name, f
    3.12                                                                flags,
    3.13                                                                overwrite)
    3.14          except Exception, e:
    3.15 -            print "An error occurred setting the policy: %s" % str(e)
    3.16 -            return
    3.17 +            raise security.XSMError("An error occurred setting the "
    3.18 +                                    "policy: %s" % str(e))
    3.19          xserr = int(policystate['xserr'])
    3.20          if xserr != 0:
    3.21 -            print "An error occurred trying to set the policy: %s" % \
    3.22 +            txt = "An error occurred trying to set the policy: %s." % \
    3.23                    xsconstants.xserr2string(abs(xserr))
    3.24              errors = policystate['errors']
    3.25              if len(errors) > 0:
    3.26 -                print "Hypervisor reported errors:"
    3.27 +                txt += "Hypervisor reported errors:"
    3.28                  err = base64.b64decode(errors)
    3.29                  i = 0
    3.30                  while i + 7 < len(err):
    3.31                      code, data = struct.unpack("!ii", errors[i:i+8])
    3.32 -                    print "(0x%08x, 0x%08x)" % (code, data)
    3.33 +                    txt += "(0x%08x, 0x%08x)" % (code, data)
    3.34                      i += 8
    3.35 +            raise security.XSMError(txt)
    3.36          else:
    3.37              print "Successfully set the new policy."
    3.38