res_xapi,
"")
except Exception, e:
- security.err("Could not label this resource: %s" % e)
+ raise security.XSMError("Could not label this resource: %s" %
+ str(e))
else:
- security.err("'%s' is already labeled with '%s'" % (resource,old))
+ raise security.XSMError("'%s' is already labeled with '%s'" %
+ (resource,old))
def add_domain_label(label, configfile, policyref):
# sanity checks: make sure this label can be instantiated later on
ssidref = security.label2ssidref(label, policyref, 'dom')
- new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label)
+ new_label = "access_control = ['policy=%s,label=%s']\n" % \
+ (policyref, label)
if not os.path.isfile(configfile):
security.err("Configuration file \'" + configfile + "\' not found.")
config_fd = open(configfile, "ra+")
try:
old_lab = server.xenapi.VM.get_security_label(uuid)
rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab)
- except:
- rc = -1
+ except Exception, e:
+ raise security.XSMError("Could not label the domain: %s" % e)
if int(rc) < 0:
raise OptionError('Could not label domain.')
else:
ssidref = int(rc)
if ssidref != 0:
- print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % \
+ print "Set the label of domain '%s' to '%s'. New ssidref = %08x" %\
(domainname,label,ssidref)
else:
print "Set the label of dormant domain '%s' to '%s'." % \
server.xenapi.XSPolicy.set_resource_label(resource,"",
oldlabel)
else:
- raise security.ACMError("Resource not labeled")
+ raise security.XSMError("Resource not labeled")
except Exception, e:
- print "Could not remove label from resource: %s" % e
+ raise security.XSMError("Could not remove label "
+ "from resource: %s" % e)
return
#build canonical resource name
old_lab = server.xenapi.VM.get_security_label(uuid)
server.xenapi.VM.set_security_label(uuid, "", old_lab)
except Exception, e:
- print('Could not remove label from domain: %s' % e)
+ raise security.XSMError('Could not remove label from domain: %s' % e)
def rm_vif_label(vmname, idx):
if xm_main.serverType != xm_main.SERVER_XEN_API:
raise OptionError("Bad VIF index.")
vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx])
if not vif_ref:
- print "A VIF with this UUID does not exist."
+ raise security.XSMError("A VIF with this UUID does not exist.")
try:
old_lab = server.xenapi.VIF.get_security_label(vif_ref)
- rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab)
- if int(rc) != 0:
- print "Could not remove the label from the VIF."
+ if old_lab != "":
+ rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab)
+ if int(rc) != 0:
+ raise security.XSMError("Could not remove the label from"
+ " the VIF.")
+ else:
+ print "Successfully removed the label from the VIF."
else:
- print "Successfully removed the label from the VIF."
+ raise security.XSMError("VIF is not labeled.")
except Exception, e:
- print "Could not remove the label the VIF: %s" % str(e)
+ raise security.XSMError("Could not remove the label from the VIF: %s" %
+ str(e))
def main (argv):
import struct
import sys
import string
+import xen.util.xsm.xsm as security
from xen.util import xsconstants
from xen.util.acmpolicy import ACMPolicy
from xen.xm.opts import OptionError
flags,
overwrite)
except Exception, e:
- print "An error occurred setting the policy: %s" % str(e)
- return
+ raise security.XSMError("An error occurred setting the "
+ "policy: %s" % str(e))
xserr = int(policystate['xserr'])
if xserr != 0:
- print "An error occurred trying to set the policy: %s" % \
+ txt = "An error occurred trying to set the policy: %s." % \
xsconstants.xserr2string(abs(xserr))
errors = policystate['errors']
if len(errors) > 0:
- print "Hypervisor reported errors:"
+ txt += "Hypervisor reported errors:"
err = base64.b64decode(errors)
i = 0
while i + 7 < len(err):
code, data = struct.unpack("!ii", errors[i:i+8])
- print "(0x%08x, 0x%08x)" % (code, data)
+ txt += "(0x%08x, 0x%08x)" % (code, data)
i += 8
+ raise security.XSMError(txt)
else:
print "Successfully set the new policy."
projects / xen.git / commitdiff