From: Reiner Sailer <sailer@us.ibm.com>
To: xen-devel@lists.xensource.com
Cc: Masaki Kanno <kanno.masaki@jp.fujitsu.com>, sailer@us.ibm.com
Subject: [BUGFIX][ACM] fix return code in acm-related xm scripts
Date: Fri, 08 Sep 2006 13:27:46 -0400 [thread overview]
Message-ID: <4501A812.80600@us.ibm.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 271 bytes --]
This patch fixes return codes for the acm-related Xen management scripts
(error conditions) and addresses minor issues that 'pycheck' complains
about. It is tested with xm-test and by manually running the xm commands.
Signed-off by: Reiner Sailer <sailer@us.ibm.com>
[-- Attachment #2: xm_retcode.diff --]
[-- Type: text/plain, Size: 11934 bytes --]
---
tools/python/xen/xm/addlabel.py | 6 +----
tools/python/xen/xm/cfgbootpolicy.py | 4 +--
tools/python/xen/xm/create.py | 2 -
tools/python/xen/xm/dry-run.py | 13 +++++++----
tools/python/xen/xm/dumppolicy.py | 8 +++----
tools/python/xen/xm/getlabel.py | 38 ++++++++++++++++-------------------
tools/python/xen/xm/labels.py | 4 ++-
tools/python/xen/xm/loadpolicy.py | 5 ++--
tools/python/xen/xm/makepolicy.py | 3 +-
tools/python/xen/xm/resources.py | 21 +++++++++++--------
tools/python/xen/xm/rmlabel.py | 6 +----
11 files changed, 58 insertions(+), 52 deletions(-)
Index: xen-unstable.hg-shype/tools/python/xen/xm/addlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/addlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/addlabel.py
@@ -20,8 +20,6 @@
"""Labeling a domain configuration file or a resoruce.
"""
import sys, os
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -33,6 +31,7 @@ def usage():
print " resource. It derives the policy from the running hypervisor"
print " if it is not given (optional parameter). If a label already"
print " exists for the given domain or resource, then addlabel fails.\n"
+ security.err("Usage")
def validate_config_file(configfile):
@@ -134,7 +133,6 @@ def main (argv):
for prefix in [".", "/etc/xen"]:
configfile = prefix + "/" + configfile
if os.path.isfile(configfile):
- fd = open(configfile, "rb")
break
if not validate_config_file(configfile):
usage()
@@ -147,7 +145,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/cfgbootpolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/cfgbootpolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/cfgbootpolicy.py
@@ -87,7 +87,6 @@ def insert_policy(boot_file, kernel_vers
within_xen_entry = 0
insert_at_end_of_entry = 0
path_prefix = ''
- done = False
(tmp_fd, tmp_grub) = tempfile.mkstemp()
#follow symlink since menue.lst might be linked to grub.conf
if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
@@ -175,9 +174,10 @@ def main(argv):
print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin")
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
Index: xen-unstable.hg-shype/tools/python/xen/xm/create.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/create.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/create.py
@@ -1155,7 +1155,7 @@ def create_security_check(config):
else:
print "Checking resources: (skipped)"
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
return passed
Index: xen-unstable.hg-shype/tools/python/xen/xm/dry-run.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/dry-run.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/dry-run.py
@@ -18,6 +18,7 @@
"""Tests the security settings for a domain and its resources.
"""
+import sys
from xen.util import security
from xen.xm import create
from xen.xend import sxp
@@ -28,14 +29,14 @@ def usage():
print "to see if the domain created by the configfile can access"
print "the resources. The status of each resource is listed"
print "individually along with the final security decision.\n"
+ security.err("Usage")
def main (argv):
- if len(argv) != 2:
- usage()
- return
-
try:
+ if len(argv) != 2:
+ usage()
+
passed = 0
(opts, config) = create.parseCommandLine(argv)
if create.check_domain_label(config, verbose=1):
@@ -48,8 +49,10 @@ def main (argv):
print "Dry Run: PASSED"
else:
print "Dry Run: FAILED"
+ sys.exit(-1)
+
except security.ACMError:
- pass
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/dumppolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/dumppolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/dumppolicy.py
@@ -18,7 +18,6 @@
"""Display currently enforced policy (low-level hypervisor representation).
"""
import sys
-import traceback
from xen.util.security import ACMError, err, dump_policy
@@ -31,12 +30,13 @@ def usage():
def main(argv):
try:
+ if len(argv) != 1:
+ usage()
+
dump_policy()
except ACMError:
- pass
- except:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/getlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/getlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/getlabel.py
@@ -19,8 +19,6 @@
"""Show the label for a domain or resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -28,6 +26,7 @@ def usage():
print "\nUsage: xm getlabel dom <configfile>"
print " xm getlabel res <resource>\n"
print " This program shows the label for a domain or resource.\n"
+ security.err("Usage")
def get_resource_label(resource):
@@ -38,8 +37,7 @@ def get_resource_label(resource):
try:
access_control = dictio.dict_read("resources", file)
except:
- print "Resource label file not found"
- return
+ security.err("Resource label file not found")
# get the entry and print label
if access_control.has_key(resource):
@@ -63,8 +61,7 @@ def get_domain_label(configfile):
fd = open(file, "rb")
break
if not fd:
- print "Configuration file '"+configfile+"' not found."
- return
+ security.err("Configuration file '"+configfile+"' not found.")
# read in the domain config file, finding the label line
ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
@@ -82,8 +79,7 @@ def get_domain_label(configfile):
# send error message if we didn't find anything
if acline == "":
- print "Label does not exist in domain configuration file."
- return
+ security.err("Label does not exist in domain configuration file.")
# print out the label
(title, data) = acline.split("=", 1)
@@ -94,19 +90,21 @@ def get_domain_label(configfile):
def main (argv):
- if len(argv) != 3:
- usage()
- return
-
- if argv[1].lower() == "dom":
- configfile = argv[2]
- get_domain_label(configfile)
- elif argv[1].lower() == "res":
- resource = argv[2]
- get_resource_label(resource)
- else:
- usage()
+ try:
+ if len(argv) != 3:
+ usage()
+
+ if argv[1].lower() == "dom":
+ configfile = argv[2]
+ get_domain_label(configfile)
+ elif argv[1].lower() == "res":
+ resource = argv[2]
+ get_resource_label(resource)
+ else:
+ usage()
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
Index: xen-unstable.hg-shype/tools/python/xen/xm/labels.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/labels.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/labels.py
@@ -70,10 +70,12 @@ def main(argv):
labels.sort()
for label in labels:
print label
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/loadpolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/loadpolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/loadpolicy.py
@@ -34,11 +34,12 @@ def main(argv):
if len(argv) != 2:
usage()
load_policy(argv[1])
+
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
-
+ sys.exit(-1)
if __name__ == '__main__':
Index: xen-unstable.hg-shype/tools/python/xen/xm/makepolicy.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/makepolicy.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/makepolicy.py
@@ -37,9 +37,10 @@ def main(argv):
make_policy(argv[1])
except ACMError:
- pass
+ sys.exit(-1)
except:
traceback.print_exc(limit=1)
+ sys.exit(-1)
Index: xen-unstable.hg-shype/tools/python/xen/xm/resources.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/resources.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/resources.py
@@ -18,8 +18,7 @@
"""List the resource label information from the global resource label file
"""
-import sys, os
-import string
+import sys
from xen.util import dictio
from xen.util import security
@@ -27,6 +26,7 @@ def usage():
print "\nUsage: xm resource\n"
print " This program lists information for each resource in the"
print " global resource label file\n"
+ security.err("Usage")
def print_resource_data(access_control):
@@ -41,14 +41,19 @@ def print_resource_data(access_control):
def main (argv):
try:
- file = security.res_label_filename
- access_control = dictio.dict_read("resources", file)
- except:
- print "Resource file not found."
- return
+ if len(argv) != 1:
+ usage()
- print_resource_data(access_control)
+ try:
+ file = security.res_label_filename
+ access_control = dictio.dict_read("resources", file)
+ except:
+ security.err("Error reading resource file.")
+ print_resource_data(access_control)
+
+ except security.ACMError:
+ sys.exit(-1)
if __name__ == '__main__':
main(sys.argv)
Index: xen-unstable.hg-shype/tools/python/xen/xm/rmlabel.py
===================================================================
--- xen-unstable.hg-shype.orig/tools/python/xen/xm/rmlabel.py
+++ xen-unstable.hg-shype/tools/python/xen/xm/rmlabel.py
@@ -19,8 +19,6 @@
"""Remove a label from a domain configuration file or a resoruce.
"""
import sys, os, re
-import string
-import traceback
from xen.util import dictio
from xen.util import security
@@ -31,6 +29,7 @@ def usage():
print " for a domain or from the global resource label file for a"
print " resource. If the label does not exist for the given domain or"
print " resource, then rmlabel fails.\n"
+ security.err("Usage")
def rm_resource_label(resource):
@@ -97,7 +96,6 @@ def main (argv):
try:
if len(argv) != 3:
usage()
- return
if argv[1].lower() == "dom":
configfile = argv[2]
@@ -109,7 +107,7 @@ def main (argv):
usage()
except security.ACMError:
- traceback.print_exc(limit=1)
+ sys.exit(-1)
if __name__ == '__main__':
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2006-09-08 17:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-08 17:27 Reiner Sailer [this message]
2006-09-11 8:20 ` [BUGFIX][ACM] fix return code in acm-related xm scripts Masaki Kanno
2006-09-11 14:58 ` Reiner Sailer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4501A812.80600@us.ibm.com \
--to=sailer@us.ibm.com \
--cc=kanno.masaki@jp.fujitsu.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.