Python res_security_check_xapi 예제들

예제 #1

파일: blkif.py 프로젝트: amodj/Utopia

 def do_access_control(self, config, uname):
     (label, ssidref, policy) = \
                          security.get_res_security_details(uname)
     domain_label = self.vm.get_security_label()
     if domain_label:
         rc = security.res_security_check_xapi(label, ssidref, policy,
                                               domain_label)
         if rc == 0:
             raise VmError("VM's access to block device '%s' denied" %
                           uname)
     else:
         from xen.util.acmpolicy import ACM_LABEL_UNLABELED
         if label != ACM_LABEL_UNLABELED:
             raise VmError("VM must have a security label to access "
                           "block device '%s'" % uname)

예제 #2

 def do_access_control(self, config, uname):
     (label, ssidref, policy) = \
                          security.get_res_security_details(uname)
     domain_label = self.vm.get_security_label()
     if domain_label:
         rc = security.res_security_check_xapi(label, ssidref, policy,
                                               domain_label)
         if rc == 0:
             raise VmError("VM's access to block device '%s' denied" %
                           uname)
     else:
         from xen.util.acmpolicy import ACM_LABEL_UNLABELED
         if label != ACM_LABEL_UNLABELED:
             raise VmError("VM must have a security label to access "
                           "block device '%s'" % uname)

예제 #3

파일: netif.py 프로젝트: mikesun/xen-cow-checkpointing

 def do_access_control(self, config):
     """ do access control checking. Throws a VMError if access is denied """
     domain_label = self.vm.get_security_label()
     stes = XSPolicyAdminInstance().get_stes_of_vmlabel(domain_label)
     res_label = config.get('security_label')
     if len(stes) > 1 or res_label:
         if not res_label:
             raise VmError("'VIF' must be labeled")
         (label, ssidref, policy) = \
                           security.security_label_to_details(res_label)
         if domain_label:
             rc = security.res_security_check_xapi(label, ssidref, policy,
                                                   domain_label)
             if rc == 0:
                 raise VmError("VM's access to network device denied. "
                               "Check labeling")
         else:
             raise VmError("VM must have a security label to access "
                           "network device")

예제 #4

파일: netif.py 프로젝트: lostzoumo/xen-4.2.2

 def do_access_control(self, config):
     """ do access control checking. Throws a VMError if access is denied """
     domain_label = self.vm.get_security_label()
     stes = XSPolicyAdminInstance().get_stes_of_vmlabel(domain_label)
     res_label = config.get('security_label')
     if len(stes) > 1 or res_label:
         if not res_label:
             raise VmError("'VIF' must be labeled")
         (label, ssidref, policy) = \
                           security.security_label_to_details(res_label)
         if domain_label:
             rc = security.res_security_check_xapi(label, ssidref,
                                                   policy,
                                                   domain_label)
             if rc == 0:
                 raise VmError("VM's access to network device denied. "
                               "Check labeling")
         else:
             raise VmError("VM must have a security label to access "
                           "network device")