diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2007-12-06 12:13:12 +0000 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2007-12-06 12:13:12 +0000 |
commit | 8fd28ec7bdee9cb07c7af9bede6683e5edf02744 (patch) | |
tree | 4fc08999160ecfb40e5c9c9f66daf3edbeda46b4 | |
parent | a814f6cd0ff828cc100dab2f11e85e4d5baa25c9 (diff) | |
download | xen-8fd28ec7bdee9cb07c7af9bede6683e5edf02744.tar.gz xen-8fd28ec7bdee9cb07c7af9bede6683e5edf02744.tar.bz2 xen-8fd28ec7bdee9cb07c7af9bede6683e5edf02744.zip |
ACM: Recover if XML policy representation is missing.
Recover the system if the XML representation of the currently loaded
policy is missing. Force the installation of the DEFAULT policy.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
-rw-r--r-- | tools/python/xen/util/acmpolicy.py | 27 | ||||
-rw-r--r-- | tools/python/xen/xend/XendXSPolicyAdmin.py | 6 |
2 files changed, 33 insertions, 0 deletions
diff --git a/tools/python/xen/util/acmpolicy.py b/tools/python/xen/util/acmpolicy.py index 7a794d6dd4..a89acb34dd 100644 --- a/tools/python/xen/util/acmpolicy.py +++ b/tools/python/xen/util/acmpolicy.py @@ -347,6 +347,33 @@ class ACMPolicy(XSPolicy): rc = self.compile() return rc, errors + def force_default_policy(klass): + """ + Force the installation of the DEFAULT policy if for + example no XML of the current policy is available and + the update path with comparisons of old and new policy + cannot be taken. + This only succeeds if only Domain-0 is running or + all guest have the same ssidref as Domain-0. + """ + errors = "" + + acmpol_new = ACMPolicy(xml = get_DEFAULT_policy()) + + from xen.lowlevel import acm + dom0_ssidref = acm.getssid(0) + del_array = "" + chg_array = struct.pack("ii", + dom0_ssidref['ssidref'] & 0xffff, + 0x1) + + rc, pol_map, bin_pol = acmpol_new.policy_create_map_and_bin() + if rc != xsconstants.XSERR_SUCCESS: + return rc, errors, acmpol_new + rc, errors = security.hv_chg_policy(bin_pol, del_array, chg_array) + return rc, errors, acmpol_new + + force_default_policy = classmethod(force_default_policy) def __do_update_version_check(self, acmpol_new): acmpol_old = self diff --git a/tools/python/xen/xend/XendXSPolicyAdmin.py b/tools/python/xen/xend/XendXSPolicyAdmin.py index d5fcf398b7..cc861fda80 100644 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py @@ -57,6 +57,12 @@ class XSPolicyAdmin: except Exception, e: log.error("Could not find XML representation of policy '%s': " "%s" % (act_pol_name,e)) + rc, errors, acmpol_def = ACMPolicy.force_default_policy() + if rc == xsconstants.XSERR_SUCCESS: + self.xsobjs[ref] = acmpol_def + self.policies[ref] = (acmpol_def.get_name(), + xsconstants.ACM_POLICY_ID) + log.info("Switched to DEFAULT policy.") log.debug("XSPolicyAdmin: Known policies: %s" % self.policies) |