debuggers.hg

changeset 16980:87ab3222640c

acm, xend: Fix resetting policy.

Fix a problem when resetting the policy and the label of Domain-0
needs to be renamed.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author Keir Fraser <keir.fraser@citrix.com>
date Wed Jan 30 14:23:17 2008 +0000 (2008-01-30)
parents 087caea46be7
children 625c923f7b4a
files tools/python/xen/util/acmpolicy.py tools/python/xen/util/xsm/acm/acm.py
line diff
     1.1 --- a/tools/python/xen/util/acmpolicy.py	Wed Jan 30 11:17:14 2008 +0000
     1.2 +++ b/tools/python/xen/util/acmpolicy.py	Wed Jan 30 14:23:17 2008 +0000
     1.3 @@ -337,7 +337,8 @@ class ACMPolicy(XSPolicy):
     1.4              rc, errors = security.change_acm_policy(bin_pol,
     1.5                                          del_array, chg_array,
     1.6                                          vmlabel_map, reslabel_map,
     1.7 -                                        self, acmpol_new)
     1.8 +                                        self, acmpol_new,
     1.9 +                                        acmpol_new.is_default_policy())
    1.10  
    1.11              if rc == 0:
    1.12                  # Replace the old DOM with the new one and save it
     2.1 --- a/tools/python/xen/util/xsm/acm/acm.py	Wed Jan 30 11:17:14 2008 +0000
     2.2 +++ b/tools/python/xen/util/xsm/acm/acm.py	Wed Jan 30 14:23:17 2008 +0000
     2.3 @@ -1342,7 +1342,8 @@ def relabel_domains(relabel_list):
     2.4  
     2.5  
     2.6  def change_acm_policy(bin_pol, del_array, chg_array,
     2.7 -                      vmlabel_map, reslabel_map, cur_acmpol, new_acmpol):
     2.8 +                      vmlabel_map, reslabel_map, cur_acmpol, new_acmpol,
     2.9 +                      is_reset):
    2.10      """
    2.11         Change the ACM policy of the system by relabeling
    2.12         domains and resources first and doing some access checks.
    2.13 @@ -1451,8 +1452,11 @@ def change_acm_policy(bin_pol, del_array
    2.14                  continue
    2.15  
    2.16              new_vmlabel = vmlabel
    2.17 -            if vmlabel_map.has_key(vmlabel):
    2.18 -                # renaming of the label
    2.19 +            if vmlabel_map.has_key(vmlabel) and \
    2.20 +               (not is_reset or name == "Domain-0") :
    2.21 +                # renaming of the label; this is only allowed if it's
    2.22 +                # not a reset of the policy or if it is a reset, then
    2.23 +                # only for Domain-0
    2.24                  new_vmlabel = vmlabel_map[vmlabel]
    2.25                  polname = new_policyname
    2.26              elif new_vmlabel not in polnew_vmlabels and \