* [BUGFIX][ACM] fix return code in acm-related xm scripts
@ 2006-09-08 17:27 Reiner Sailer
2006-09-11 8:20 ` Masaki Kanno
0 siblings, 1 reply; 3+ messages in thread
From: Reiner Sailer @ 2006-09-08 17:27 UTC (permalink / raw)
To: xen-devel; +Cc: Masaki Kanno, sailer
[-- Attachment #1: Type: text/plain, Size: 271 bytes --]
This patch fixes return codes for the acm-related Xen management scripts
(error conditions) and addresses minor issues that 'pycheck' complains
about. It is tested with xm-test and by manually running the xm commands.
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
[-- Attachment #2: xm_retcode.diff --]
[-- Type: text/plain, Size: 11934 bytes --]
---
tools/python/xen/xm/addlabel.py | 6 +----
tools/python/xen/xm/cfgbootpolicy.py | 4 +--
tools/python/xen/xm/create.py | 2 -
tools/python/xen/xm/dry-run.py | 13 +++++++----
tools/python/xen/xm/dumppolicy.py | 8 +++----
tools/python/xen/xm/getlabel.py | 38 ++++++++++++++++-------------------
tools/python/xen/xm/labels.py | 4 ++-
tools/python/xen/xm/loadpolicy.py | 5 ++--
tools/python/xen/xm/makepolicy.py | 3 +-
tools/python/xen/xm/resources.py | 21 +++++++++++--------
tools/python/xen/xm/rmlabel.py | 6 +----
11 files changed, 58 insertions(+), 52 deletions(-)
Index: xen-unstable.hg-shype/tools/python/xen/xm/addlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/addlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/addlabel.py
@@ -20,8 +20,6 @@
"""Labeling a domain configuration file or a resoruce.
"""
import sys, os
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -33,6 +31,7 @@ def usage():
print " resource. It derives the policy from the running hypervisor"
print " if it is not given (optional parameter). If a label already"
print " exists for the given domain or resource, then addlabel fails.\n"
+ security.err("Usage")
def validate_config_file(configfile):
@@ -134,7 +133,6 @@ def main (argv):
for prefix in [".", "/etc/xen"]:
configfile = prefix + "/" + configfile
if os.path.isfile(configfile):
- fd = open(configfile, "rb")
break
if not validate_config_file(configfile):
usage()
@@ -147,7 +145,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/cfgbootpolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/cfgbootpolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/cfgbootpolicy.py
@@ -87,7 +87,6 @@ def insert_policy(boot_file, kernel_vers
within_xen_entry = 0
insert_at_end_of_entry = 0
path_prefix = ''
- done = False
(tmp_fd, tmp_grub) = tempfile.mkstemp()
#follow symlink since menue.lst might be linked to grub.conf
if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
@@ -175,9 +174,10 @@ def main(argv):
print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin")
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
Index: xen-unstable.hg-shype/tools/python/xen/xm/create.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/create.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/create.py
@@ -1155,7 +1155,7 @@ def create_security_check(config):
else:
print "Checking resources: (skipped)"
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
return passed
Index: xen-unstable.hg-shype/tools/python/xen/xm/dry-run.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/dry-run.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/dry-run.py
@@ -18,6 +18,7 @@
"""Tests the security settings for a domain and its resources.
"""
+import sys
from xen.util import security
from xen.xm import create
from xen.xend import sxp
@@ -28,14 +29,14 @@ def usage():
print "to see if the domain created by the configfile can access"
print "the resources. The status of each resource is listed"
print "individually along with the final security decision.\n"
+ security.err("Usage")
def main (argv):
- if len(argv) != 2:
- usage()
- return
-
try:
+ if len(argv) != 2:
+ usage()
+
passed = 0
(opts, config) = create.parseCommandLine(argv)
if create.check_domain_label(config, verbose=1):
@@ -48,8 +49,10 @@ def main (argv):
print "Dry Run: PASSED"
else:
print "Dry Run: FAILED"
+ sys.exit(-1)
+
except security.ACMError:
- pass
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/dumppolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/dumppolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/dumppolicy.py
@@ -18,7 +18,6 @@
"""Display currently enforced policy (low-level hypervisor representation).
"""
import sys
-import traceback
from xen.util.security import ACMError, err, dump_policy
@@ -31,12 +30,13 @@ def usage():
def main(argv):
try:
+ if len(argv) != 1:
+ usage()
+
dump_policy()
except ACMError:
- pass
- except:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/getlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/getlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/getlabel.py
@@ -19,8 +19,6 @@
"""Show the label for a domain or resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -28,6 +26,7 @@ def usage():
print "\nUsage: xm getlabel dom <configfile>"
print " xm getlabel res <resource>\n"
print " This program shows the label for a domain or resource.\n"
+ security.err("Usage")
def get_resource_label(resource):
@@ -38,8 +37,7 @@ def get_resource_label(resource):
try:
access_control = dictio.dict_read("resources", file)
except:
- print "Resource label file not found"
- return
+ security.err("Resource label file not found")
# get the entry and print label
if access_control.has_key(resource):
@@ -63,8 +61,7 @@ def get_domain_label(configfile):
fd = open(file, "rb")
break
if not fd:
- print "Configuration file '"+configfile+"' not found."
- return
+ security.err("Configuration file '"+configfile+"' not found.")
# read in the domain config file, finding the label line
ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
@@ -82,8 +79,7 @@ def get_domain_label(configfile):
# send error message if we didn't find anything
if acline == "":
- print "Label does not exist in domain configuration file."
- return
+ security.err("Label does not exist in domain configuration file.")
# print out the label
(title, data) = acline.split("=", 1)
@@ -94,19 +90,21 @@ def get_domain_label(configfile):
def main (argv):
- if len(argv) != 3:
- usage()
- return
-
- if argv[1].lower() == "dom":
- configfile = argv[2]
- get_domain_label(configfile)
- elif argv[1].lower() == "res":
- resource = argv[2]
- get_resource_label(resource)
- else:
- usage()
+ try:
+ if len(argv) != 3:
+ usage()
+
+ if argv[1].lower() == "dom":
+ configfile = argv[2]
+ get_domain_label(configfile)
+ elif argv[1].lower() == "res":
+ resource = argv[2]
+ get_resource_label(resource)
+ else:
+ usage()
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
Index: xen-unstable.hg-shype/tools/python/xen/xm/labels.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/labels.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/labels.py
@@ -70,10 +70,12 @@ def main(argv):
labels.sort()
for label in labels:
print label
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/loadpolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/loadpolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/loadpolicy.py
@@ -34,11 +34,12 @@ def main(argv):
if len(argv) != 2:
usage()
load_policy(argv[1])
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
-
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/makepolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/makepolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/makepolicy.py
@@ -37,9 +37,10 @@ def main(argv):
make_policy(argv[1])
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
Index: xen-unstable.hg-shype/tools/python/xen/xm/resources.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/resources.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/resources.py
@@ -18,8 +18,7 @@
"""List the resource label information from the global resource label file
"""
-import sys, os
-import string
+import sys
from xen.util import dictio
from xen.util import security
@@ -27,6 +26,7 @@ def usage():
print "\nUsage: xm resource\n"
print " This program lists information for each resource in the"
print " global resource label file\n"
+ security.err("Usage")
def print_resource_data(access_control):
@@ -41,14 +41,19 @@ def print_resource_data(access_control):
def main (argv):
try:
- file = security.res_label_filename
- access_control = dictio.dict_read("resources", file)
- except:
- print "Resource file not found."
- return
+ if len(argv) != 1:
+ usage()
- print_resource_data(access_control)
+ try:
+ file = security.res_label_filename
+ access_control = dictio.dict_read("resources", file)
+ except:
+ security.err("Error reading resource file.")
+ print_resource_data(access_control)
+
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
Index: xen-unstable.hg-shype/tools/python/xen/xm/rmlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/rmlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/rmlabel.py
@@ -19,8 +19,6 @@
"""Remove a label from a domain configuration file or a resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -31,6 +29,7 @@ def usage():
print " for a domain or from the global resource label file for a"
print " resource. If the label does not exist for the given domain or"
print " resource, then rmlabel fails.\n"
+ security.err("Usage")
def rm_resource_label(resource):
@@ -97,7 +96,6 @@ def main (argv):
try:
if len(argv) != 3:
usage()
- return
if argv[1].lower() == "dom":
configfile = argv[2]
@@ -109,7 +107,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUGFIX][ACM] fix return code in acm-related xm scripts
2006-09-08 17:27 [BUGFIX][ACM] fix return code in acm-related xm scripts Reiner Sailer
@ 2006-09-11 8:20 ` Masaki Kanno
2006-09-11 14:58 ` Reiner Sailer
0 siblings, 1 reply; 3+ messages in thread
From: Masaki Kanno @ 2006-09-11 8:20 UTC (permalink / raw)
To: Reiner Sailer, xen-devel
Hi Reiner,
It's very nice of you to make patch.
I have a small comment.
I think that the following correction is necessary.
diff -r 7acaba46e15e tools/python/xen/xm/getlabel.py
--- a/tools/python/xen/xm/getlabel.py Fri Sep 08 15:46:54 2006 -0700
+++ b/tools/python/xen/xm/getlabel.py Mon Sep 11 16:49:42 2006 +0900
@@ -47,7 +45,7 @@ def get_resource_label(resource):
label = access_control[resource][1]
print "policy="+policy+",label="+label
else:
- print "Resource not labeled"
+ security.err("Resource not labeled")
Best regards,
Kan
>This patch fixes return codes for the acm-related Xen management scripts
>(error conditions) and addresses minor issues that 'pycheck' complains
>about. It is tested with xm-test and by manually running the xm commands.
>
>Signed-off by: Reiner Sailer <sailer@us.ibm.com>
>
>
>-------------------------------text/plain-------------------------------
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUGFIX][ACM] fix return code in acm-related xm scripts
2006-09-11 8:20 ` Masaki Kanno
@ 2006-09-11 14:58 ` Reiner Sailer
0 siblings, 0 replies; 3+ messages in thread
From: Reiner Sailer @ 2006-09-11 14:58 UTC (permalink / raw)
To: Masaki Kanno; +Cc: xen-devel
[-- Attachment #1.1: Type: text/plain, Size: 1754 bytes --]
Hi Masaki,
correct.
This return slipped through. I'll add your case to the patch and resubmit
the patch.
Thanks!
Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@us.ibm.com
http://www.research.ibm.com/people/s/sailer/
Masaki Kanno <kanno.masaki@jp.fujitsu.com>
09/11/2006 04:20 AM
To
Reiner Sailer/Watson/IBM@IBMUS, xen-devel@lists.xensource.com
cc
Subject
Re: [Xen-devel] [BUGFIX][ACM] fix return code in acm-related xm scripts
Hi Reiner,
It's very nice of you to make patch.
I have a small comment.
I think that the following correction is necessary.
diff -r 7acaba46e15e tools/python/xen/xm/getlabel.py
--- a/tools/python/xen/xm/getlabel.py Fri Sep 08 15:46:54 2006
-0700
+++ b/tools/python/xen/xm/getlabel.py Mon Sep 11 16:49:42 2006
+0900
@@ -47,7 +45,7 @@ def get_resource_label(resource):
label = access_control[resource][1]
print "policy="+policy+",label="+label
else:
- print "Resource not labeled"
+ security.err("Resource not labeled")
Best regards,
Kan
>This patch fixes return codes for the acm-related Xen management scripts
>(error conditions) and addresses minor issues that 'pycheck' complains
>about. It is tested with xm-test and by manually running the xm commands.
>
>Signed-off by: Reiner Sailer <sailer@us.ibm.com>
>
>
>-------------------------------text/plain-------------------------------
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel
[-- Attachment #1.2: Type: text/html, Size: 3041 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-09-11 14:58 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-09-08 17:27 [BUGFIX][ACM] fix return code in acm-related xm scripts Reiner Sailer
2006-09-11 8:20 ` Masaki Kanno
2006-09-11 14:58 ` Reiner Sailer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.