diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/python/xen/xend/XendDomainInfo.py | 14 | ||||
-rw-r--r-- | tools/python/xen/xend/server/DevController.py | 23 | ||||
-rw-r--r-- | tools/python/xen/xend/server/blkif.py | 15 | ||||
-rw-r--r-- | tools/security/policies/default-security_policy.xml | 30 | ||||
-rw-r--r-- | tools/security/policies/default-ul-security_policy.xml | 41 |
5 files changed, 96 insertions, 27 deletions
diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py index 0d3a8ea055..095c665214 100644 --- a/tools/python/xen/xend/XendDomainInfo.py +++ b/tools/python/xen/xend/XendDomainInfo.py @@ -559,18 +559,8 @@ class XendDomainInfo: self.getDeviceController(devclass).waitForDevices() def destroyDevice(self, deviceClass, devid, force = False): - try: - dev = int(devid) - except ValueError: - # devid is not a number but a string containing either device - # name (e.g. xvda) or device_type/device_id (e.g. vbd/51728) - dev = type(devid) is str and devid.split('/')[-1] or None - if dev == None: - log.debug("Could not find the device %s", devid) - return None - - log.debug("dev = %s", dev) - return self.getDeviceController(deviceClass).destroyDevice(dev, force) + log.debug("dev = %s", devid) + return self.getDeviceController(deviceClass).destroyDevice(devid, force) def getDeviceSxprs(self, deviceClass): if self._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED): diff --git a/tools/python/xen/xend/server/DevController.py b/tools/python/xen/xend/server/DevController.py index c43ed2681b..0de81efa3a 100644 --- a/tools/python/xen/xend/server/DevController.py +++ b/tools/python/xen/xend/server/DevController.py @@ -203,27 +203,32 @@ class DevController: The implementation here simply deletes the appropriate paths from the store. This may be overridden by subclasses who need to perform other - tasks on destruction. Further, the implementation here can only - accept integer device IDs, or values that can be converted to - integers. Subclasses may accept other values and convert them to - integers before passing them here. + tasks on destruction. The implementation here accepts integer device + IDs or paths containg integer deviceIDs, e.g. vfb/0. Subclasses may + accept other values and convert them to integers before passing them + here. """ - devid = int(devid) + try: + dev = int(devid) + except ValueError: + # Does devid contain devicetype/deviceid? + # Propogate exception if unable to find an integer devid + dev = int(type(devid) is str and devid.split('/')[-1] or None) # Modify online status /before/ updating state (latter is watched by # drivers, so this ordering avoids a race). - self.writeBackend(devid, 'online', "0") - self.writeBackend(devid, 'state', str(xenbusState['Closing'])) + self.writeBackend(dev, 'online', "0") + self.writeBackend(dev, 'state', str(xenbusState['Closing'])) if force: - frontpath = self.frontendPath(devid) + frontpath = self.frontendPath(dev) backpath = xstransact.Read(frontpath, "backend") if backpath: xstransact.Remove(backpath) xstransact.Remove(frontpath) - self.vm._removeVm("device/%s/%d" % (self.deviceClass, devid)) + self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev)) def configurations(self): return map(self.configuration, self.deviceIDs()) diff --git a/tools/python/xen/xend/server/blkif.py b/tools/python/xen/xend/server/blkif.py index 62512a4cd9..b63e05f2a5 100644 --- a/tools/python/xen/xend/server/blkif.py +++ b/tools/python/xen/xend/server/blkif.py @@ -154,13 +154,16 @@ class BlkifController(DevController): def destroyDevice(self, devid, force): """@see DevController.destroyDevice""" - # If we are given a device name, then look up the device ID from it, - # and destroy that ID instead. If what we are given is an integer, - # then assume it's a device ID and pass it straight through to our - # superclass's method. - + # vbd device IDs can be either string or integer. Further, the + # following string values are possible: + # - devicetype/deviceid (vbd/51728) + # - devicetype/devicename (/dev/xvdb) + # - devicename (xvdb) + # Let our superclass handle integer or devicetype/deviceid forms. + # If we are given a device name form, then look up the device ID + # from it, and destroy that ID instead. try: - DevController.destroyDevice(self, int(devid), force) + DevController.destroyDevice(self, devid, force) except ValueError: devid_end = type(devid) is str and devid.split('/')[-1] or None diff --git a/tools/security/policies/default-security_policy.xml b/tools/security/policies/default-security_policy.xml new file mode 100644 index 0000000000..f52663e708 --- /dev/null +++ b/tools/security/policies/default-security_policy.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" ?> +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd"> + <PolicyHeader> + <PolicyName>DEFAULT</PolicyName> + <Version>1.0</Version> + </PolicyHeader> + <SimpleTypeEnforcement> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + </SimpleTypeEnforcementTypes> + </SimpleTypeEnforcement> + <ChineseWall> + <ChineseWallTypes> + <Type>SystemManagement</Type> + </ChineseWallTypes> + </ChineseWall> + <SecurityLabelTemplate> + <SubjectLabels bootstrap="SystemManagement"> + <VirtualMachineLabel> + <Name>SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type/> + </ChineseWallTypes> + </VirtualMachineLabel> + </SubjectLabels> + </SecurityLabelTemplate> +</SecurityPolicyDefinition> diff --git a/tools/security/policies/default-ul-security_policy.xml b/tools/security/policies/default-ul-security_policy.xml new file mode 100644 index 0000000000..1dad2d19c0 --- /dev/null +++ b/tools/security/policies/default-ul-security_policy.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" ?> +<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd"> + <PolicyHeader> + <PolicyName>DEFAULT-UL</PolicyName> + <Version>1.0</Version> + </PolicyHeader> + <SimpleTypeEnforcement> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + <Type>__UNLABELED__</Type> + </SimpleTypeEnforcementTypes> + </SimpleTypeEnforcement> + <ChineseWall> + <ChineseWallTypes> + <Type>SystemManagement</Type> + </ChineseWallTypes> + </ChineseWall> + <SecurityLabelTemplate> + <SubjectLabels bootstrap="SystemManagement"> + <VirtualMachineLabel> + <Name>SystemManagement</Name> + <SimpleTypeEnforcementTypes> + <Type>SystemManagement</Type> + <Type>__UNLABELED__</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type/> + </ChineseWallTypes> + </VirtualMachineLabel> + <VirtualMachineLabel> + <Name>__UNLABELED__</Name> + <SimpleTypeEnforcementTypes> + <Type>__UNLABELED__</Type> + </SimpleTypeEnforcementTypes> + <ChineseWallTypes> + <Type/> + </ChineseWallTypes> + </VirtualMachineLabel> + </SubjectLabels> + </SecurityLabelTemplate> +</SecurityPolicyDefinition> |