ia64/xen-unstable

changeset 15975:ad339d88639d

[Xend/ACM] Automatic loading of policy after xend has started.

On systems where the grub bootloader is not available or active the
to-be-activated policy is written a simple textfile. Once xend has
started the contents can be read. Using 'xm setpolicy' the policy can
be activated and the Domain-0 label set (using 'xm addlabel').
I fixed some bugs in the grub bootloader handler on the way and
removed some dead functions.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir@xensource.com>
date Mon Sep 24 21:52:10 2007 +0100 (2007-09-24)
parents 66fa2bc70e2a
children 55c45361bbe3
files tools/python/xen/util/bootloader.py tools/python/xen/util/xsm/acm/acm.py
line diff
     1.1 --- a/tools/python/xen/util/bootloader.py	Mon Sep 24 21:41:46 2007 +0100
     1.2 +++ b/tools/python/xen/util/bootloader.py	Mon Sep 24 21:52:10 2007 +0100
     1.3 @@ -21,7 +21,9 @@ import os, stat
     1.4  import tempfile
     1.5  import shutil
     1.6  import threading
     1.7 +
     1.8  from xen.xend.XendLogging import log
     1.9 +from xen.util import mkdir, security
    1.10  
    1.11  __bootloader = None
    1.12  
    1.13 @@ -70,8 +72,9 @@ def set_boot_policy(title_idx, filename)
    1.14  
    1.15  def loads_default_policy(filename):
    1.16      """ Determine whether the given policy is loaded by the default boot title """
    1.17 -    polfile = get_default_policy()
    1.18 -    if polfile != None:
    1.19 +    policy = get_default_policy()
    1.20 +    if policy:
    1.21 +        polfile = policy + ".bin"
    1.22          if     polfile == filename or \
    1.23             "/"+polfile == filename:
    1.24              return True
    1.25 @@ -220,28 +223,6 @@ class Grub(Bootloader):
    1.26          return boot_file
    1.27  
    1.28  
    1.29 -    def __get_titles(self):
    1.30 -        """ Get the names of all boot titles in the grub config file
    1.31 -          @rtype: list
    1.32 -          @return: list of names of available boot titles
    1.33 -        """
    1.34 -        titles = []
    1.35 -        try:
    1.36 -            boot_file = self.__get_bootfile()
    1.37 -        except:
    1.38 -            return []
    1.39 -        try:
    1.40 -            self.__bootfile_lock.acquire()
    1.41 -            grub_fd = open(boot_file)
    1.42 -            for line in grub_fd:
    1.43 -                if self.title_re.match(line):
    1.44 -                    line = line.rstrip().lstrip()
    1.45 -                    titles.append(line.lstrip('title').lstrip())
    1.46 -        finally:
    1.47 -            self.__bootfile_lock.release()
    1.48 -        return titles
    1.49 -
    1.50 -
    1.51      def get_default_title(self):
    1.52          """ Get the index (starting with 0) of the default boot title
    1.53              This number is read from the grub configuration file.
    1.54 @@ -261,8 +242,8 @@ class Grub(Bootloader):
    1.55              for line in grub_fd:
    1.56                  line = line.rstrip()
    1.57                  if def_re.match(line):
    1.58 -                    line = line.rstrip()
    1.59 -                    line = line.lstrip("default=")
    1.60 +                    #remove 'default='
    1.61 +                    line = line.lstrip()[8:]
    1.62                      default = int(line)
    1.63                      break
    1.64          finally:
    1.65 @@ -295,11 +276,13 @@ class Grub(Bootloader):
    1.66                      if self.policy_re.match(line):
    1.67                          start = line.find("module")
    1.68                          pol = line[start+6:]
    1.69 -                        pol = pol.lstrip().rstrip()
    1.70 +                        pol = pol.strip()
    1.71                          if pol[0] == '/':
    1.72                              pol = pol[1:]
    1.73                          if pol[0:5] == "boot/":
    1.74                              pol = pol[5:]
    1.75 +                        if pol.endswith(".bin"):
    1.76 +                            pol = pol[:-4]
    1.77                          policies[idx] = pol
    1.78          finally:
    1.79              self.__bootfile_lock.release()
    1.80 @@ -399,7 +382,7 @@ class Grub(Bootloader):
    1.81                      if self.policy_re.match(line):
    1.82                          start = line.find("module")
    1.83                          pol = line[start+6:len(line)]
    1.84 -                        pol = pol.lstrip().rstrip()
    1.85 +                        pol = pol.strip()
    1.86                          if pol in namelist:
    1.87                              omit_line = True
    1.88                              found = True
    1.89 @@ -499,7 +482,7 @@ class Grub(Bootloader):
    1.90                          within_title = 0
    1.91                      ctr = ctr + 1
    1.92                  if within_title and self.kernel_re.match(line):
    1.93 -                    line = line.rstrip().lstrip()
    1.94 +                    line = line.strip()
    1.95                      items = line.split(" ")
    1.96                      i = 0
    1.97                      while i < len(items):
    1.98 @@ -513,9 +496,123 @@ class Grub(Bootloader):
    1.99              self.__bootfile_lock.release()
   1.100          return None # Not found
   1.101  
   1.102 +class LatePolicyLoader(Bootloader):
   1.103 +    """ A fake bootloader file that holds the policy to load automatically
   1.104 +        once xend has started up and the Domain-0 label to set. """
   1.105 +    def __init__(self):
   1.106 +        self.__bootfile_lock = threading.RLock()
   1.107 +        self.PATH = security.security_dir_prefix
   1.108 +        self.FILENAME = self.PATH + "/xen_boot_policy"
   1.109 +        self.DEFAULT_TITLE = "ANY"
   1.110 +        self.POLICY_ATTR = "POLICY"
   1.111 +        Bootloader.__init__(self)
   1.112 +
   1.113 +    def probe(self):
   1.114 +        _dir=os.path.dirname(self.FILENAME)
   1.115 +        mkdir.parents(_dir, stat.S_IRWXU)
   1.116 +        return True
   1.117 +
   1.118 +    def get_default_title(self):
   1.119 +        return self.DEFAULT_TITLE
   1.120 +
   1.121 +    def get_boot_policies(self):
   1.122 +        policies = {}
   1.123 +        try:
   1.124 +            self.__bootfile_lock.acquire()
   1.125 +
   1.126 +            res = self.__loadcontent()
   1.127 +
   1.128 +            pol = res.get( self.POLICY_ATTR )
   1.129 +            if pol:
   1.130 +                policies.update({ self.DEFAULT_TITLE : pol })
   1.131 +
   1.132 +        finally:
   1.133 +            self.__bootfile_lock.release()
   1.134 +
   1.135 +        return policies
   1.136 +
   1.137 +    def add_boot_policy(self, index, binpolname):
   1.138 +        try:
   1.139 +            self.__bootfile_lock.acquire()
   1.140 +
   1.141 +            res = self.__loadcontent()
   1.142 +            if binpolname.endswith(".bin"):
   1.143 +                binpolname = binpolname[0:-4]
   1.144 +            res[ self.POLICY_ATTR ] = binpolname
   1.145 +            self.__writecontent(res)
   1.146 +        finally:
   1.147 +            self.__bootfile_lock.release()
   1.148 +
   1.149 +        return True
   1.150 +
   1.151 +    def rm_policy_from_boottitle(self, index, unamelist):
   1.152 +        try:
   1.153 +            self.__bootfile_lock.acquire()
   1.154 +
   1.155 +            res = self.__loadcontent()
   1.156 +            if self.POLICY_ATTR in res:
   1.157 +                del(res[self.POLICY_ATTR])
   1.158 +            self.__writecontent(res)
   1.159 +        finally:
   1.160 +            self.__bootfile_lock.release()
   1.161 +
   1.162 +        return True
   1.163 +
   1.164 +    def set_kernel_attval(self, index, att, val):
   1.165 +        try:
   1.166 +            self.__bootfile_lock.acquire()
   1.167 +
   1.168 +            res = self.__loadcontent()
   1.169 +            res[att] = val
   1.170 +            self.__writecontent(res)
   1.171 +        finally:
   1.172 +            self.__bootfile_lock.release()
   1.173 +
   1.174 +        return True
   1.175 +
   1.176 +    def get_kernel_val(self, index, att):
   1.177 +        try:
   1.178 +            self.__bootfile_lock.acquire()
   1.179 +
   1.180 +            res = self.__loadcontent()
   1.181 +            return res.get(att)
   1.182 +        finally:
   1.183 +            self.__bootfile_lock.release()
   1.184 +
   1.185 +    def __loadcontent(self):
   1.186 +        res={}
   1.187 +        try:
   1.188 +            file = open(self.FILENAME)
   1.189 +            for line in file:
   1.190 +                tmp = line.split("=",1)
   1.191 +                if len(tmp) == 2:
   1.192 +                   res[tmp[0]] = tmp[1].strip()
   1.193 +            file.close()
   1.194 +        except:
   1.195 +            pass
   1.196 +
   1.197 +        return res
   1.198 +
   1.199 +    def __writecontent(self, items):
   1.200 +        rc = True
   1.201 +        try:
   1.202 +            file = open(self.FILENAME,"w")
   1.203 +            if file:
   1.204 +                for key, value in items.items():
   1.205 +                    file.write("%s=%s\n" % (str(key),str(value)))
   1.206 +                file.close()
   1.207 +        except:
   1.208 +            rc = False
   1.209 +
   1.210 +        return rc
   1.211 +
   1.212  
   1.213  __bootloader = Bootloader()
   1.214  
   1.215  grub = Grub()
   1.216  if grub.probe() == True:
   1.217      __bootloader = grub
   1.218 +else:
   1.219 +    late = LatePolicyLoader()
   1.220 +    if late.probe() == True:
   1.221 +        __bootloader = late
     2.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Mon Sep 24 21:41:46 2007 +0100
     2.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Mon Sep 24 21:52:10 2007 +0100
     2.3 @@ -33,7 +33,8 @@ from xen.util import dictio, xsconstants
     2.4  from xen.xend.XendConstants import *
     2.5  
     2.6  #global directories and tools for security management
     2.7 -policy_dir_prefix = "/etc/xen/acm-security/policies"
     2.8 +security_dir_prefix = "/etc/xen/acm-security"
     2.9 +policy_dir_prefix = security_dir_prefix + "/policies"
    2.10  res_label_filename = policy_dir_prefix + "/resource_labels"
    2.11  boot_filename = "/boot/grub/menu.lst"
    2.12  altboot_filename = "/boot/grub/grub.conf"