def add_domain_label(label, configfile, policyref):
    # sanity checks: make sure this label can be instantiated later on
    ssidref = security.label2ssidref(label, policyref, 'dom')

    new_label = "access_control = ['policy=%s,label=%s']\n" % \
                (policyref, label)
    if not os.path.isfile(configfile):
        security.err("Configuration file \'" + configfile + "\' not found.")
    config_fd = open(configfile, "ra+")
    for line in config_fd:
        if not security.access_control_re.match(line):
            continue
        config_fd.close()
        security.err("Config file \'" + configfile + "\' is already labeled.")
    config_fd.write(new_label)
    config_fd.close()
def add_domain_label(label, configfile, policyref):
    # sanity checks: make sure this label can be instantiated later on
    ssidref = security.label2ssidref(label, policyref, 'dom')

    new_label = "access_control = ['policy=%s,label=%s']\n" % \
                (policyref, label)
    if not os.path.isfile(configfile):
        security.err("Configuration file \'" + configfile + "\' not found.")
    config_fd = open(configfile, "ra+")
    for line in config_fd:
        if not security.access_control_re.match(line):
            continue
        config_fd.close()
        security.err("Config file \'" + configfile + "\' is already labeled.")
    config_fd.write(new_label)
    config_fd.close()
def add_resource_label(label, resource, policyref, policy_type):
    """Adds a resource label to the global resource label file.
    """

    if xm_main.serverType != xm_main.SERVER_XEN_API:
        old = server.xend.security.get_resource_label(resource)
        if len(old) == 0:
            try:
                rc = server.xend.security.set_resource_label(
                    resource, policy_type, policyref, label)
            except Exception, e:
                raise
            if rc != xsconstants.XSERR_SUCCESS:
                security.err("An error occurred labeling the resource: %s" % \
                             xsconstants.xserr2string(-rc))
        else:
            old = security.format_resource_label(old)
            security.err("'%s' is already labeled with '%s'." % \
                         (resource,old))
def add_resource_label(label, resource, policyref, policy_type):
    """Adds a resource label to the global resource label file.
    """

    if xm_main.serverType != xm_main.SERVER_XEN_API:
        old = server.xend.security.get_resource_label(resource)
        if len(old) == 0:
            try:
                rc = server.xend.security.set_resource_label(resource,
                                                             policy_type,
                                                             policyref,
                                                             label)
            except Exception, e:
                raise
            if rc != xsconstants.XSERR_SUCCESS:
                security.err("An error occurred labeling the resource: %s" % \
                             xsconstants.xserr2string(-rc))
        else:
            old = security.format_resource_label(old)
            security.err("'%s' is already labeled with '%s'." % \
                         (resource,old))
def labels_xapi(policy, ptype):
    policystate = server.xenapi.XSPolicy.get_xspolicy()
    if int(policystate['type']) == xsconstants.XS_POLICY_ACM:
        acmpol = ACMPolicy(xml=policystate['repr'])
        if policy and policy != acmpol.get_name():
            print "Warning: '%s' is not the currently loaded policy." % policy
            return labels(policy, ptype)
        names1 = []
        names2 = []
        if not ptype or ptype == 'dom' or ptype == 'any':
            names1 = acmpol.policy_get_virtualmachinelabel_names()
        if ptype == 'res' or ptype == 'any':
            names2 = acmpol.policy_get_resourcelabel_names()
        names = list(set(names1).union(names2))
        names.sort()
        for n in names:
            print n
    elif int(policystate['type']) == 0:
        err("No policy installed on the system.")
    else:
        err("Unsupported type of policy installed on the system.")
Example #6
0
def labels_xapi(policy, ptype):
    policystate = server.xenapi.XSPolicy.get_xspolicy()
    if int(policystate['type']) == xsconstants.XS_POLICY_ACM:
        acmpol = ACMPolicy(xml=policystate['repr'])
        if policy and policy != acmpol.get_name():
            print "Warning: '%s' is not the currently loaded policy." % policy
            return labels(policy, ptype)
        names1 = []
        names2 = []
        if not ptype or ptype == 'dom' or ptype == 'any':
            names1 = acmpol.policy_get_virtualmachinelabel_names()
        if ptype == 'res' or ptype == 'any':
            names2 = acmpol.policy_get_resourcelabel_names()
        names = list(set(names1).union(names2))
        names.sort()
        for n in names:
            print n
    elif int(policystate['type']) == 0:
        err("No policy installed on the system.")
    else:
        err("Unsupported type of policy installed on the system.")
Example #7
0
def main(argv):
    if len(argv) != 1:
        raise OptionError("No arguments expected.")

    if xm_main.serverType == xm_main.SERVER_XEN_API:
        try:
            bin_pol = server.xenapi.ACMPolicy.get_enforced_binary()
            if bin_pol:
                dom0_ssid = server.xenapi.ACMPolicy.get_VM_ssidref(DOM0_UUID)
                bin = base64.b64decode(bin_pol)
                try:
                    fd, filename = tempfile.mkstemp(suffix=".bin")
                    os.write(fd, bin)
                    os.close(fd)
                    dump_policy_file(filename, dom0_ssid)
                finally:
                    os.unlink(filename)
            else:
                err("No policy is installed.")
        except Exception, e:
            err("An error occurred getting the running policy: %s" % str(e))
def main(argv):
    if len(argv) != 1:
        raise OptionError("No arguments expected.")

    if xm_main.serverType == xm_main.SERVER_XEN_API:
        try:
            bin_pol = server.xenapi.ACMPolicy.get_enforced_binary()
            if bin_pol:
                dom0_ssid = server.xenapi.ACMPolicy.get_VM_ssidref(DOM0_UUID)
                bin = base64.b64decode(bin_pol)
                try:
                    fd, filename = tempfile.mkstemp(suffix=".bin")
                    os.write(fd, bin)
                    os.close(fd)
                    dump_policy_file(filename, dom0_ssid)
                finally:
                    os.unlink(filename)
            else:
                err("No policy is installed.")
        except Exception, e:
            err("An error occurred getting the running policy: %s" % str(e))