# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Node ID f3be4922cc8b25f8aa5efde8ce40f2545bbe80e7
# Parent cc6f0a3596fc691986d4eed8e6ec0ea8ee7b9780
Import the Xend portion of xen-unstable changeset
11839:328606e0705f0341bebda14cdd17962e463868e8.
Use the name of the title of the system to boot into (instead of the
kernel version) to determine where to make the entry into the grub
configuration file.
Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
tools/python/xen/util/security.py | 1
tools/python/xen/xm/cfgbootpolicy.py | 134 ++++++++++++++++++-----------------
2 files changed, 71 insertions(+), 64 deletions(-)
diff -r cc6f0a3596fc -r f3be4922cc8b tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Sat Oct 28 17:58:00 2006 +0100
+++ b/tools/python/xen/util/security.py Fri Oct 20 09:32:16 2006 +0100
@@ -31,6 +31,7 @@ policy_dir_prefix = "/etc/xen/acm-securi
policy_dir_prefix = "/etc/xen/acm-security/policies"
res_label_filename = policy_dir_prefix + "/resource_labels"
boot_filename = "/boot/grub/menu.lst"
+altboot_filename = "/boot/grub/grub.conf"
xensec_xml2bin = "/usr/sbin/xensec_xml2bin"
xensec_tool = "/usr/sbin/xensec_tool"
diff -r cc6f0a3596fc -r f3be4922cc8b tools/python/xen/xm/cfgbootpolicy.py
--- a/tools/python/xen/xm/cfgbootpolicy.py Sat Oct 28 17:58:00 2006 +0100
+++ b/tools/python/xen/xm/cfgbootpolicy.py Fri Oct 20 09:32:16 2006 +0100
@@ -14,6 +14,7 @@
#============================================================================
# Copyright (C) 2006 International Business Machines Corp.
# Author: Reiner Sailer <sailer@xxxxxxxxxx>
+# Contributions: Stefan Berger <stefanb@xxxxxxxxxx>
#============================================================================
"""Configuring a security policy into the boot configuration
"""
@@ -24,67 +25,60 @@ import os, stat
import os, stat
import shutil
import string
-from xen.util.security import ACMError, err
-from xen.util.security import policy_dir_prefix, boot_filename, xen_title_re
-from xen.util.security import any_title_re, xen_kernel_re, kernel_ver_re,
any_module_re
+import re
+from xen.util.security import err
+from xen.util.security import policy_dir_prefix, xen_title_re
+from xen.util.security import boot_filename, altboot_filename
+from xen.util.security import any_title_re, xen_kernel_re, any_module_re
from xen.util.security import empty_line_re, binary_name_re, policy_name_re
from xen.xm.opts import OptionError
def help():
return """
- Adds a 'module' line to the Xen grub.conf entry
- so that xen boots into a specific access control
- policy. If kernelversion is not given, then this
- script tries to determine it by looking for a grub
- entry with a line kernel xen.* If there are multiple
- Xen entries, then it must be called with an explicit
- version (it will fail otherwise).\n"""
+ Adds a 'module' line to the Xen grub configuration file entry
+ so that Xen boots with a specific access control policy. If
+ kernelversion is not given, then this script tries to determine
+ it by looking for a title starting with \"XEN\". If there are
+ multiple entries matching, then it must be called with the unique
+ beginning of the title's name.\n"""
-def determine_kernelversion(user_specified):
- within_xen_title = 0
- within_xen_entry = 0
- version_list = []
- guess_version = None
+def strip_title(line):
+ """
+ strips whitespace left and right and cuts 'title'
+ """
+ s_title = string.strip(line)
+ pos = string.index(s_title, "title")
+ if pos >= 0:
+ return s_title[pos+6:]
+ else:
+ return s_title
- grub_fd = open(boot_filename)
- for line in grub_fd:
- if xen_title_re.match(line):
- within_xen_title = 1
- elif within_xen_title and xen_kernel_re.match(line):
- within_xen_entry = 1
- elif within_xen_title and within_xen_entry and
kernel_ver_re.match(line):
- for i in line.split():
- if (i.find("vmlinuz-") >= 0):
- # skip start until "vmlinuz-"
- guess_version = i[i.find("vmlinuz-") + len("vmlinuz-"):]
- if user_specified:
- if (guess_version == user_specified):
- version_list.append(guess_version)
- else:
- version_list.append(guess_version)
- elif len(line.split()) > 0:
- if line.split()[0] == "title":
- within_xen_title = 0
- within_xen_entry = 0
- if len(version_list) > 1:
- err("Cannot decide between entries for kernels %s" % version_list)
- elif len(version_list) == 0:
- err("Cannot find a boot entry candidate (please create a Xen boot
entry first).")
- else:
- return version_list[0]
-
-
-def insert_policy(boot_file, kernel_version, policy_name):
+def insert_policy(boot_file, alt_boot_file, user_title, policy_name):
"""
inserts policy binary file as last line of the grub entry
matching the kernel_version version
"""
+ if user_title:
+ #replace "(" by "\(" and ")" by "\)" for matching
+ user_title = string.replace(user_title, "(", "\(")
+ user_title = string.replace(user_title, ")", "\)")
+ user_title_re = re.compile("\s*title\s+.*%s" \
+ % user_title, re.IGNORECASE)
+ else:
+ user_title_re = xen_title_re
+
within_xen_title = 0
within_xen_entry = 0
insert_at_end_of_entry = 0
path_prefix = ''
+ this_title = ''
+ extended_titles = []
(tmp_fd, tmp_grub) = tempfile.mkstemp()
+ #First check whether menu.lst exists
+ if not os.path.isfile(boot_file):
+ #take alternate boot file (grub.conf) instead
+ boot_file = alt_boot_file
#follow symlink since menue.lst might be linked to grub.conf
if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
new_name = os.readlink(boot_file)
@@ -95,30 +89,33 @@ def insert_policy(boot_file, kernel_vers
path[len(path)-1] = new_name
boot_file = '/'.join(path)
if not os.path.exists(boot_file):
- err("Boot file \'" + boot_file + "\' not found.")
+ err("Boot file \'%s\' not found." % boot_file)
grub_fd = open(boot_file)
for line in grub_fd:
- if xen_title_re.match(line):
+ if user_title_re.match(line):
+ this_title = strip_title(line)
within_xen_title = 1
elif within_xen_title and xen_kernel_re.match(line):
- within_xen_entry = 1
- elif within_xen_title and within_xen_entry and
kernel_ver_re.match(line):
- for i in line.split():
- if (i.find("vmlinuz-") >= 0):
- if kernel_version == i[i.find("vmlinuz-") +
len("vmlinuz-"):]:
- insert_at_end_of_entry = 1
- path_prefix = i[0:i.find("vmlinuz-")]
+ insert_at_end_of_entry = 1
+ #use prefix from xen.gz path for policy
+ path_prefix = line.split()[1]
+ idx = path_prefix.rfind('/')
+ if idx >= 0:
+ path_prefix = path_prefix[0:idx+1]
+ else:
+ path_prefix = ''
elif any_module_re.match(line) and insert_at_end_of_entry:
if binary_name_re.match(line):
#delete existing policy module line
line=''
elif any_title_re.match(line):
within_xen_title = 0
- within_xen_entry = 0
- if (empty_line_re.match(line) or any_title_re.match(line)) and
insert_at_end_of_entry:
+ if (empty_line_re.match(line) or any_title_re.match(line)) and \
+ insert_at_end_of_entry:
#newline or new title: we insert the policy module line here
os.write(tmp_fd, "\tmodule " + path_prefix + policy_name +
".bin\n")
+ extended_titles.append(this_title)
insert_at_end_of_entry = 0
#write the line that was read (except potential existing policy entry)
os.write(tmp_fd, line)
@@ -126,27 +123,36 @@ def insert_policy(boot_file, kernel_vers
if insert_at_end_of_entry:
#last entry, no empty line at end of file
os.write(tmp_fd, "\tmodule " + path_prefix + policy_name + ".bin\n")
+ extended_titles.append(this_title)
- #temp file might be destroyed when closing it, first copy ...
+ #if more than one entry was changed, abort
+ if len(extended_titles) > 1:
+ err("Following boot entries matched: %s. \nPlease specify "
+ "unique part of the boot title." % extended_titles)
+ if len(extended_titles) == 0:
+ err("Boot entry not found. Please specify unique part "
+ "of the boot title.")
+
+ #temp file might be destroyed when closing it, first copy it
shutil.move(boot_file, boot_file+"_save")
shutil.copyfile(tmp_grub, boot_file)
os.close(tmp_fd)
- #temp file did not disappear on my system ...
+ #sometimes the temp file does not disappear
try:
os.remove(tmp_grub)
except:
pass
-
+ return extended_titles[0]
def main(argv):
user_kver = None
- policy = None
+ user_title = None
if len(argv) == 2:
policy = argv[1]
elif len(argv) == 3:
policy = argv[1]
- user_kver = argv[2]
+ user_title = argv[2]
else:
raise OptionError('Invalid number of arguments')
@@ -167,9 +173,10 @@ def main(argv):
dst_binary_policy_file = "/boot/" + policy + ".bin"
shutil.copyfile(src_binary_policy_file, dst_binary_policy_file)
- kernel_version = determine_kernelversion(user_kver)
- insert_policy(boot_filename, kernel_version, policy)
- print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin")
+ entryname = insert_policy(boot_filename, altboot_filename,
+ user_title, policy)
+ print "Boot entry '%s' extended and \'%s\' copied to /boot" \
+ % (entryname, policy + ".bin")
if __name__ == '__main__':
try:
@@ -177,4 +184,3 @@ if __name__ == '__main__':
except Exception, e:
sys.stderr.write('Error: ' + str(e) + '\n')
sys.exit(-1)
-
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|