WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] Import the Xend portion of xen-unstable c

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] Import the Xend portion of xen-unstable changeset
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Nov 2006 22:09:53 +0000
Delivery-date: Thu, 02 Nov 2006 21:30:45 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Ewan Mellor <ewan@xxxxxxxxxxxxx>
# Node ID f3be4922cc8b25f8aa5efde8ce40f2545bbe80e7
# Parent  cc6f0a3596fc691986d4eed8e6ec0ea8ee7b9780
Import the Xend portion of xen-unstable changeset
11839:328606e0705f0341bebda14cdd17962e463868e8.

Use the name of the title of the system to boot into (instead of the
kernel version) to determine where to make the entry into the grub
configuration file.

Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/python/xen/util/security.py    |    1 
 tools/python/xen/xm/cfgbootpolicy.py |  134 ++++++++++++++++++-----------------
 2 files changed, 71 insertions(+), 64 deletions(-)

diff -r cc6f0a3596fc -r f3be4922cc8b tools/python/xen/util/security.py
--- a/tools/python/xen/util/security.py Sat Oct 28 17:58:00 2006 +0100
+++ b/tools/python/xen/util/security.py Fri Oct 20 09:32:16 2006 +0100
@@ -31,6 +31,7 @@ policy_dir_prefix = "/etc/xen/acm-securi
 policy_dir_prefix = "/etc/xen/acm-security/policies"
 res_label_filename = policy_dir_prefix + "/resource_labels"
 boot_filename = "/boot/grub/menu.lst"
+altboot_filename = "/boot/grub/grub.conf"
 xensec_xml2bin = "/usr/sbin/xensec_xml2bin"
 xensec_tool = "/usr/sbin/xensec_tool"
 
diff -r cc6f0a3596fc -r f3be4922cc8b tools/python/xen/xm/cfgbootpolicy.py
--- a/tools/python/xen/xm/cfgbootpolicy.py      Sat Oct 28 17:58:00 2006 +0100
+++ b/tools/python/xen/xm/cfgbootpolicy.py      Fri Oct 20 09:32:16 2006 +0100
@@ -14,6 +14,7 @@
 #============================================================================
 # Copyright (C) 2006 International Business Machines Corp.
 # Author: Reiner Sailer <sailer@xxxxxxxxxx>
+# Contributions: Stefan Berger <stefanb@xxxxxxxxxx>
 #============================================================================
 """Configuring a security policy into the boot configuration
 """
@@ -24,67 +25,60 @@ import os, stat
 import os, stat
 import shutil
 import string
-from xen.util.security import ACMError, err
-from xen.util.security import policy_dir_prefix, boot_filename, xen_title_re
-from xen.util.security import any_title_re, xen_kernel_re, kernel_ver_re, 
any_module_re
+import re
+from xen.util.security import err
+from xen.util.security import policy_dir_prefix, xen_title_re
+from xen.util.security import boot_filename, altboot_filename
+from xen.util.security import any_title_re, xen_kernel_re, any_module_re
 from xen.util.security import empty_line_re, binary_name_re, policy_name_re
 from xen.xm.opts import OptionError
 
 def help():
     return """
-    Adds a 'module' line to the Xen grub.conf entry
-    so that xen boots into a specific access control
-    policy. If kernelversion is not given, then this
-    script tries to determine it by looking for a grub
-    entry with a line kernel xen.* If there are multiple
-    Xen entries, then it must be called with an explicit
-    version (it will fail otherwise).\n"""
+    Adds a 'module' line to the Xen grub configuration file entry
+    so that Xen boots with a specific access control policy. If
+    kernelversion is not given, then this script tries to determine
+    it by looking for a title starting with \"XEN\". If there are
+    multiple entries matching, then it must be called with the unique
+    beginning of the title's name.\n"""
 
-def determine_kernelversion(user_specified):
-    within_xen_title = 0
-    within_xen_entry = 0
-    version_list = []
-    guess_version = None
+def strip_title(line):
+    """
+    strips whitespace left and right and cuts 'title'
+    """
+    s_title = string.strip(line)
+    pos = string.index(s_title, "title")
+    if pos >= 0:
+        return s_title[pos+6:]
+    else:
+        return s_title
 
-    grub_fd = open(boot_filename)
-    for line in grub_fd:
-        if xen_title_re.match(line):
-            within_xen_title = 1
-        elif within_xen_title and xen_kernel_re.match(line):
-            within_xen_entry = 1
-        elif within_xen_title and within_xen_entry and 
kernel_ver_re.match(line):
-            for i in line.split():
-                if (i.find("vmlinuz-") >= 0):
-                    # skip start until "vmlinuz-"
-                    guess_version = i[i.find("vmlinuz-") + len("vmlinuz-"):]
-                    if user_specified:
-                        if (guess_version == user_specified):
-                            version_list.append(guess_version)
-                    else:
-                        version_list.append(guess_version)
-        elif len(line.split()) > 0:
-            if line.split()[0] == "title":
-                within_xen_title = 0
-                within_xen_entry = 0
-    if len(version_list) > 1:
-        err("Cannot decide between entries for kernels %s" % version_list)
-    elif len(version_list) == 0:
-        err("Cannot find a boot entry candidate (please create a Xen boot 
entry first).")
-    else:
-        return version_list[0]
 
-
-
-def insert_policy(boot_file, kernel_version, policy_name):
+def insert_policy(boot_file, alt_boot_file, user_title, policy_name):
     """
     inserts policy binary file as last line of the grub entry
     matching the kernel_version version
     """
+    if user_title:
+        #replace "(" by "\(" and ")" by "\)" for matching
+        user_title = string.replace(user_title, "(", "\(")
+        user_title = string.replace(user_title, ")", "\)")
+        user_title_re = re.compile("\s*title\s+.*%s" \
+                                   % user_title, re.IGNORECASE)
+    else:
+        user_title_re = xen_title_re
+
     within_xen_title = 0
     within_xen_entry = 0
     insert_at_end_of_entry = 0
     path_prefix = ''
+    this_title = ''
+    extended_titles = []
     (tmp_fd, tmp_grub) = tempfile.mkstemp()
+    #First check whether menu.lst exists
+    if not os.path.isfile(boot_file):
+        #take alternate boot file (grub.conf) instead
+        boot_file = alt_boot_file
     #follow symlink since menue.lst might be linked to grub.conf
     if stat.S_ISLNK(os.lstat(boot_file)[stat.ST_MODE]):
         new_name = os.readlink(boot_file)
@@ -95,30 +89,33 @@ def insert_policy(boot_file, kernel_vers
             path[len(path)-1] = new_name
             boot_file = '/'.join(path)
         if not os.path.exists(boot_file):
-            err("Boot file \'" + boot_file + "\' not found.")
+            err("Boot file \'%s\' not found." % boot_file)
     grub_fd = open(boot_file)
     for line in grub_fd:
-        if xen_title_re.match(line):
+        if user_title_re.match(line):
+            this_title = strip_title(line)
             within_xen_title = 1
         elif within_xen_title and xen_kernel_re.match(line):
-            within_xen_entry = 1
-        elif within_xen_title and within_xen_entry and 
kernel_ver_re.match(line):
-            for i in line.split():
-                if (i.find("vmlinuz-") >= 0):
-                    if  kernel_version == i[i.find("vmlinuz-") + 
len("vmlinuz-"):]:
-                        insert_at_end_of_entry = 1
-                        path_prefix = i[0:i.find("vmlinuz-")]
+            insert_at_end_of_entry = 1
+            #use prefix from xen.gz path for policy
+            path_prefix = line.split()[1]
+            idx = path_prefix.rfind('/')
+            if idx >= 0:
+                path_prefix = path_prefix[0:idx+1]
+            else:
+                path_prefix = ''
         elif any_module_re.match(line) and insert_at_end_of_entry:
             if binary_name_re.match(line):
                 #delete existing policy module line
                 line=''
         elif any_title_re.match(line):
             within_xen_title = 0
-            within_xen_entry = 0
 
-        if (empty_line_re.match(line) or any_title_re.match(line)) and 
insert_at_end_of_entry:
+        if (empty_line_re.match(line) or any_title_re.match(line)) and \
+            insert_at_end_of_entry:
             #newline or new title: we insert the policy module line here
             os.write(tmp_fd, "\tmodule " + path_prefix + policy_name + 
".bin\n")
+            extended_titles.append(this_title)
             insert_at_end_of_entry = 0
         #write the line that was read (except potential existing policy entry)
         os.write(tmp_fd, line)
@@ -126,27 +123,36 @@ def insert_policy(boot_file, kernel_vers
     if insert_at_end_of_entry:
         #last entry, no empty line at end of file
         os.write(tmp_fd, "\tmodule " + path_prefix + policy_name + ".bin\n")
+        extended_titles.append(this_title)
 
-    #temp file might be destroyed when closing it, first copy ...
+    #if more than one entry was changed, abort
+    if len(extended_titles) > 1:
+        err("Following boot entries matched: %s. \nPlease specify "
+            "unique part of the boot title." % extended_titles)
+    if len(extended_titles) == 0:
+        err("Boot entry not found. Please specify unique part "
+            "of the boot title.")
+
+    #temp file might be destroyed when closing it, first copy it
     shutil.move(boot_file, boot_file+"_save")
     shutil.copyfile(tmp_grub, boot_file)
     os.close(tmp_fd)
-    #temp file did not disappear on my system ...
+    #sometimes the temp file does not disappear
     try:
         os.remove(tmp_grub)
     except:
         pass
-
+    return extended_titles[0]
 
 
 def main(argv):
     user_kver = None
-    policy = None
+    user_title = None
     if len(argv) == 2:
         policy = argv[1]
     elif len(argv) == 3:
         policy = argv[1]
-        user_kver = argv[2]
+        user_title = argv[2]
     else:
         raise OptionError('Invalid number of arguments')
     
@@ -167,9 +173,10 @@ def main(argv):
     dst_binary_policy_file = "/boot/" + policy + ".bin"
     shutil.copyfile(src_binary_policy_file, dst_binary_policy_file)
     
-    kernel_version = determine_kernelversion(user_kver)
-    insert_policy(boot_filename, kernel_version, policy)
-    print "Boot entry created and \'%s\' copied to /boot" % (policy + ".bin")
+    entryname = insert_policy(boot_filename, altboot_filename,
+                              user_title, policy)
+    print "Boot entry '%s' extended and \'%s\' copied to /boot" \
+          % (entryname, policy + ".bin")
 
 if __name__ == '__main__':
     try:
@@ -177,4 +184,3 @@ if __name__ == '__main__':
     except Exception, e:
         sys.stderr.write('Error: ' + str(e) + '\n')    
         sys.exit(-1)
-        

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] Import the Xend portion of xen-unstable changeset, Xen patchbot-unstable <=