All of lore.kernel.org
 help / color / mirror / Atom feed
* [Patch] tools/python/xen Flask MLS security label handling
@ 2009-08-25 18:01 Machon Gregory
  0 siblings, 0 replies; only message in thread
From: Machon Gregory @ 2009-08-25 18:01 UTC (permalink / raw)
  To: xen-devel; +Cc: gscoker

[-- Attachment #1: Type: text/plain, Size: 619 bytes --]

Changed the way security labels are handled to allow domains to be
labeled with Flask MLS security labels.  Changed the error message
generated when an invalid context is submitted to be more useful.

Signed-off-by: Machon B. Gregory <mbgrego@tycho.ncsc.mil>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>

---

tools/python/xen/util/xsm/flask/flask.py |    2 +-
tools/python/xen/xend/XendConfig.py      |    5 -----
tools/python/xen/xm/create.py            |   16 +++++-----------
3 files changed, 6 insertions(+), 17 deletions(-)

-- 
Machon Gregory
National Information Assurance Research Lab (NIARL)



[-- Attachment #2: xen-mls-label-handling.diff --]
[-- Type: text/plain, Size: 2067 bytes --]

diff -r c5125c0ea051 tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py
+++ b/tools/python/xen/util/xsm/flask/flask.py
@@ -25,7 +25,7 @@
     try:
         return flask.flask_context_to_sid(label)
     except:
-        return ""
+       raise XSMError('Invalid context %s' % label)
 
 def parse_security_label(security_label):
     return security_label
diff -r c5125c0ea051 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py
+++ b/tools/python/xen/xend/XendConfig.py
@@ -799,11 +799,6 @@
                 if not sxp.child_value(sxp_cfg, 'security_label'):
                     del cfg['security']
 
-            sec_lab = cfg['security_label'].split(":")
-            if len(sec_lab) != 3:
-                raise XendConfigError("Badly formatted security label: %s"
-                                      % cfg['security_label'])
-
         old_state = sxp.child_value(sxp_cfg, 'state')
         if old_state:
             for i in range(len(CONFIG_OLD_DOM_STATES)):
diff -r c5125c0ea051 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -1163,17 +1163,11 @@
     num = len(vals.access_control)
     if num == 1:
         access_control = (vals.access_control)[0]
-        d = {}
-        a = access_control.split(',')
-        if len(a) > 2:
-            err('Too many elements in access_control specifier: ' + access_control)
-        for b in a:
-            (k, v) = b.strip().split('=', 1)
-            k = k.strip()
-            v = v.strip()
-            if k not in ['policy','label']:
-                err('Invalid access_control specifier: ' + access_control)
-            d[k] = v
+        acc_re = 'policy=(?P<policy>.*),label=(?P<label>.*)'
+        acc_match = re.match(acc_re,access_control)
+        if acc_match == None:
+            err('Invalid access_control specifier: ' + access_control)
+        d = acc_match.groupdict();
         access_controls.append(d)
         vals.access_control = access_controls
     elif num > 1:

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2009-08-25 18:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-25 18:01 [Patch] tools/python/xen Flask MLS security label handling Machon Gregory

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.