--- xen-unstable.hg/tools/python/xen/util/security.py | 17 ++++++++++------- xen-unstable.hg/tools/python/xen/xm/labels.py | 6 ++++-- 2 files changed, 14 insertions(+), 9 deletions(-) Index: root/xen-unstable.hg/tools/python/xen/util/security.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/util/security.py +++ root/xen-unstable.hg/tools/python/xen/util/xsm/acm/acm.py @@ -109,10 +109,12 @@ def refresh_security_policy(): """ global active_policy - try: - active_policy = acm.policy() - except: - active_policy = "INACTIVE" + active_policy = 'INACCESSIBLE' + if os.access("/proc/xen/privcmd", os.R_OK|os.W_OK): + try: + active_policy = acm.policy() + except: + active_policy = "INACTIVE" # now set active_policy refresh_security_policy() @@ -295,7 +297,7 @@ def label2ssidref(labelname, policyname, maps current policy to default directory to find mapping file """ - if policyname in ['NULL', 'INACTIVE', 'DEFAULT']: + if policyname in ['NULL', 'INACTIVE', 'DEFAULT', 'INACCESSIBLE' ]: err("Cannot translate labels for \'" + policyname + "\' policy.") allowed_types = ['ANY'] @@ -557,7 +559,7 @@ def load_policy(policy_name): def dump_policy(): - if active_policy in ['NULL', 'INACTIVE']: + if active_policy in ['NULL', 'INACTIVE', 'INACCESSIBLE' ]: err("\'" + active_policy + "\' policy. Nothing to dump.") (ret, output) = commands.getstatusoutput(xensec_tool + " getpolicy") @@ -580,7 +582,8 @@ def dump_policy_file(filename, ssidref=N def list_labels(policy_name, condition): - if (not policy_name) and (active_policy) in ["NULL", "INACTIVE", "DEFAULT"]: + if (not policy_name) and active_policy in \ + [ 'NULL', 'INACTIVE', 'DEFAULT', 'INACCESSIBLE' ]: err("Current policy \'" + active_policy + "\' has no labels defined.\n") (primary, secondary, f, pol_exists) = getmapfile(policy_name) Index: root/xen-unstable.hg/tools/python/xen/xm/labels.py =================================================================== --- root.orig/xen-unstable.hg/tools/python/xen/xm/labels.py +++ root/xen-unstable.hg/tools/python/xen/xm/labels.py @@ -62,6 +62,8 @@ def labels(policy, ptype): policy = active_policy if active_policy in ['NULL', 'INACTIVE', 'DEFAULT']: raise OptionError('No policy active, you must specify a ') + if active_policy in ['INACCESSIBLE']: + raise OptionError('Cannot access the policy. Try as root.') if not ptype or ptype == 'dom': condition = vm_label_re @@ -104,9 +106,9 @@ def labels_xapi(policy, ptype): for n in names: print n elif int(policystate['type']) == 0: - print "No policy installed on the system." + err("No policy installed on the system.") else: - print "Unsupported type of policy installed on the system." + err("Unsupported type of policy installed on the system.") if __name__ == '__main__': main(sys.argv)