def add_domain_label(label, configfile, policyref):
# sanity checks: make sure this label can be instantiated later on
ssidref = security.label2ssidref(label, policyref, 'dom')
new_label = "access_control = ['policy=%s,label=%s']\n" % \
(policyref, label)
if not os.path.isfile(configfile):
security.err("Configuration file \'" + configfile + "\' not found.")
config_fd = open(configfile, "ra+")
for line in config_fd:
if not security.access_control_re.match(line):
continue
config_fd.close()
security.err("Config file \'" + configfile + "\' is already labeled.")
config_fd.write(new_label)
config_fd.close()
def add_domain_label(label, configfile, policyref):
# sanity checks: make sure this label can be instantiated later on
ssidref = security.label2ssidref(label, policyref, 'dom')
new_label = "access_control = ['policy=%s,label=%s']\n" % \
(policyref, label)
if not os.path.isfile(configfile):
security.err("Configuration file \'" + configfile + "\' not found.")
config_fd = open(configfile, "ra+")
for line in config_fd:
if not security.access_control_re.match(line):
continue
config_fd.close()
security.err("Config file \'" + configfile + "\' is already labeled.")
config_fd.write(new_label)
config_fd.close()
def add_resource_label(label, resource, policyref, policy_type):
"""Adds a resource label to the global resource label file.
"""
if xm_main.serverType != xm_main.SERVER_XEN_API:
old = server.xend.security.get_resource_label(resource)
if len(old) == 0:
try:
rc = server.xend.security.set_resource_label(
resource, policy_type, policyref, label)
except Exception, e:
raise
if rc != xsconstants.XSERR_SUCCESS:
security.err("An error occurred labeling the resource: %s" % \
xsconstants.xserr2string(-rc))
else:
old = security.format_resource_label(old)
security.err("'%s' is already labeled with '%s'." % \
(resource,old))
def add_resource_label(label, resource, policyref, policy_type):
"""Adds a resource label to the global resource label file.
"""
if xm_main.serverType != xm_main.SERVER_XEN_API:
old = server.xend.security.get_resource_label(resource)
if len(old) == 0:
try:
rc = server.xend.security.set_resource_label(resource,
policy_type,
policyref,
label)
except Exception, e:
raise
if rc != xsconstants.XSERR_SUCCESS:
security.err("An error occurred labeling the resource: %s" % \
xsconstants.xserr2string(-rc))
else:
old = security.format_resource_label(old)
security.err("'%s' is already labeled with '%s'." % \
(resource,old))
def labels_xapi(policy, ptype):
policystate = server.xenapi.XSPolicy.get_xspolicy()
if int(policystate['type']) == xsconstants.XS_POLICY_ACM:
acmpol = ACMPolicy(xml=policystate['repr'])
if policy and policy != acmpol.get_name():
print "Warning: '%s' is not the currently loaded policy." % policy
return labels(policy, ptype)
names1 = []
names2 = []
if not ptype or ptype == 'dom' or ptype == 'any':
names1 = acmpol.policy_get_virtualmachinelabel_names()
if ptype == 'res' or ptype == 'any':
names2 = acmpol.policy_get_resourcelabel_names()
names = list(set(names1).union(names2))
names.sort()
for n in names:
print n
elif int(policystate['type']) == 0:
err("No policy installed on the system.")
else:
err("Unsupported type of policy installed on the system.")
def labels_xapi(policy, ptype):
policystate = server.xenapi.XSPolicy.get_xspolicy()
if int(policystate['type']) == xsconstants.XS_POLICY_ACM:
acmpol = ACMPolicy(xml=policystate['repr'])
if policy and policy != acmpol.get_name():
print "Warning: '%s' is not the currently loaded policy." % policy
return labels(policy, ptype)
names1 = []
names2 = []
if not ptype or ptype == 'dom' or ptype == 'any':
names1 = acmpol.policy_get_virtualmachinelabel_names()
if ptype == 'res' or ptype == 'any':
names2 = acmpol.policy_get_resourcelabel_names()
names = list(set(names1).union(names2))
names.sort()
for n in names:
print n
elif int(policystate['type']) == 0:
err("No policy installed on the system.")
else:
err("Unsupported type of policy installed on the system.")
def main(argv):
if len(argv) != 1:
raise OptionError("No arguments expected.")
if xm_main.serverType == xm_main.SERVER_XEN_API:
try:
bin_pol = server.xenapi.ACMPolicy.get_enforced_binary()
if bin_pol:
dom0_ssid = server.xenapi.ACMPolicy.get_VM_ssidref(DOM0_UUID)
bin = base64.b64decode(bin_pol)
try:
fd, filename = tempfile.mkstemp(suffix=".bin")
os.write(fd, bin)
os.close(fd)
dump_policy_file(filename, dom0_ssid)
finally:
os.unlink(filename)
else:
err("No policy is installed.")
except Exception, e:
err("An error occurred getting the running policy: %s" % str(e))
def main(argv):
if len(argv) != 1:
raise OptionError("No arguments expected.")
if xm_main.serverType == xm_main.SERVER_XEN_API:
try:
bin_pol = server.xenapi.ACMPolicy.get_enforced_binary()
if bin_pol:
dom0_ssid = server.xenapi.ACMPolicy.get_VM_ssidref(DOM0_UUID)
bin = base64.b64decode(bin_pol)
try:
fd, filename = tempfile.mkstemp(suffix=".bin")
os.write(fd, bin)
os.close(fd)
dump_policy_file(filename, dom0_ssid)
finally:
os.unlink(filename)
else:
err("No policy is installed.")
except Exception, e:
err("An error occurred getting the running policy: %s" % str(e))