diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-30 15:39:13 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-08-30 15:39:13 +0100 |
commit | 4a517de8f6e71b6358f3a83b0962e1248d25f44c (patch) | |
tree | be4afae8f1922b33d6a812d20bc2abf621a2d6e6 | |
parent | 6236121d5fa8d836601febaf12bf4b26563ca06f (diff) | |
download | xen-4a517de8f6e71b6358f3a83b0962e1248d25f44c.tar.gz xen-4a517de8f6e71b6358f3a83b0962e1248d25f44c.tar.bz2 xen-4a517de8f6e71b6358f3a83b0962e1248d25f44c.zip |
[ACM/XEND] Fix case where resource label file does not exist.
Fix the case where the resource label file does not exist but its
contents would be needed for access control evaluations.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
-rw-r--r-- | tools/python/xen/util/security.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/tools/python/xen/util/security.py b/tools/python/xen/util/security.py index 1deaf9d914..16cd741470 100644 --- a/tools/python/xen/util/security.py +++ b/tools/python/xen/util/security.py @@ -934,7 +934,8 @@ def resources_compatible_with_vmlabel(xspol, dominfo, vmlabel): access_control = dictio.dict_read("resources", res_label_filename) except: - return False + # No labeled resources -> must be compatible + return True return __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel, access_control) finally: @@ -950,6 +951,7 @@ def __resources_compatible_with_vmlabel(xspol, dominfo, vmlabel, given VM label. The access_control parameter provides a dictionary of the resource name to resource label mappings under which the evaluation should be done. + Call this only for a paused or running domain. """ def collect_labels(reslabels, s_label, polname): if len(s_label) != 3 or polname != s_label[1]: @@ -1204,7 +1206,7 @@ def change_acm_policy(bin_pol, del_array, chg_array, access_control = {} try: access_control = dictio.dict_read("resources", res_label_filename) - finally: + except: pass for key, labeldata in access_control.items(): if len(labeldata) == 2: |