diff options
| author | Keir Fraser <keir@xensource.com> | 2007-10-25 09:23:27 +0100 |
|---|---|---|
| committer | Keir Fraser <keir@xensource.com> | 2007-10-25 09:23:27 +0100 |
| commit | 9c14bd95969367b75971d89537bbf1edfba18475 (patch) | |
| tree | 5a1f8f030aa7f8ec931f542713ee4a8e25f7e60d | |
| parent | 61d0b64c6c2ca2eda3867c2ea32d406418e67dba (diff) | |
| download | xen-9c14bd95969367b75971d89537bbf1edfba18475.tar.gz xen-9c14bd95969367b75971d89537bbf1edfba18475.tar.bz2 xen-9c14bd95969367b75971d89537bbf1edfba18475.zip | |
xend: Reworked initialization of XSPolicy administration class
Rather than picking up the current policy from the managed policies
file the hypervisor is asked for the name of the current policy.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
| -rw-r--r-- | tools/python/xen/xend/XendXSPolicyAdmin.py | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/tools/python/xen/xend/XendXSPolicyAdmin.py b/tools/python/xen/xend/XendXSPolicyAdmin.py index fe0892a71e..2ca9f30096 100644 --- a/tools/python/xen/xend/XendXSPolicyAdmin.py +++ b/tools/python/xen/xend/XendXSPolicyAdmin.py @@ -28,7 +28,6 @@ from xen.util.xspolicy import XSPolicy from xen.util.acmpolicy import ACMPolicy from xen.xend.XendError import SecurityError -XS_MANAGED_POLICIES_FILE = "/etc/xen/acm-security/policies/managed_policies" class XSPolicyAdmin: """ The class that handles the managed policies in the system. @@ -45,28 +44,19 @@ class XSPolicyAdmin: on the system (currently '1') """ self.maxpolicies = maxpolicies + self.policies = {} + self.xsobjs = {} + + act_pol_name = self.get_hv_loaded_policy_name() + + ref = uuid.createString() try: - self.policies = dictio.dict_read("managed_policies", - XS_MANAGED_POLICIES_FILE) + self.xsobjs[ref] = ACMPolicy(name=act_pol_name, ref=ref) + self.policies[ref] = (act_pol_name, xsconstants.ACM_POLICY_ID) except Exception, e: - self.policies = {} + log.error("Could not find XML representation of policy '%s': " + "%s" % (act_pol_name,e)) - self.xsobjs = {} - for ref, data in self.policies.items(): - name = data[0] - typ = data[1] - try: - if typ == xsconstants.ACM_POLICY_ID: - try: - self.xsobjs[ref] = ACMPolicy(name=name, ref=ref) - except Exception, e: - del self.policies[ref] - else: - del self.policies[ref] - except Exception, e: - log.error("XSPolicyAdmin: Could not find policy '%s': %s" % - (name, str(e))) - del self.policies[ref] log.debug("XSPolicyAdmin: Known policies: %s" % self.policies) def isXSEnabled(self): @@ -113,6 +103,7 @@ class XSPolicyAdmin: if rc == 0: self.rm_bootpolicy() irc = self.activate_xspolicy(loadedpol, flags) + # policy is loaded; if setting the boot flag fails it's ok. return (loadedpol, rc, errors) try: @@ -166,9 +157,6 @@ class XSPolicyAdmin: xsconstants.ACM_POLICY_ID]) } self.policies.update(new_entry) self.xsobjs[ref] = acmpol - dictio.dict_write(self.policies, - "managed_policies", - XS_MANAGED_POLICIES_FILE) return (acmpol, xsconstants.XSERR_SUCCESS, errors) def make_boot_policy(self, acmpol): @@ -217,9 +205,6 @@ class XSPolicyAdmin: if rc == xsconstants.XSERR_SUCCESS or force: del self.policies[ref] del self.xsobjs[ref] - dictio.dict_write(self.policies, - "managed_policies", - XS_MANAGED_POLICIES_FILE) rc = xsconstants.XSERR_SUCCESS return rc |