# HG changeset patch
# User kfraser@localhost.localdomain
# Date 1186391554 -3600
# Node ID f8d5c509f156cbe3a6a1683f21a75e560e7ba369
# Parent 92e43b36d211606435587420d08b6b949911ce18
Fix/cleanup destroyDevice code path in xend.
When calling destroyDevice code path (e.g. xm block-detach dom devid),
allow specifying an integer device id or a device name such as xvdN or
/dev/xvdN. Allowing the /dev/xvdN form is useful when detaching
devices from dom0. Bootloaders may do this to unmount a disk
previously mounted in dom0.
Move examination of device ID format into the DevController,
permitting device controllers to determine a valid device ID instead
of higher level code.
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
---
tools/python/xen/xend/XendDomainInfo.py | 14 -----
tools/python/xen/xend/server/DevController.py | 27 ++++++-----
tools/python/xen/xend/server/blkif.py | 15 +++---
tools/security/policies/default-security_policy.xml | 30 ++++++++++++
tools/security/policies/default-ul-security_policy.xml | 41 +++++++++++++++++
5 files changed, 98 insertions(+), 29 deletions(-)
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/XendDomainInfo.py Mon Aug 06 10:12:34 2007 +0100
@@ -559,18 +559,8 @@ class XendDomainInfo:
self.getDeviceController(devclass).waitForDevices()
def destroyDevice(self, deviceClass, devid, force = False):
- try:
- dev = int(devid)
- except ValueError:
- # devid is not a number but a string containing either device
- # name (e.g. xvda) or device_type/device_id (e.g. vbd/51728)
- dev = type(devid) is str and devid.split('/')[-1] or None
- if dev == None:
- log.debug("Could not find the device %s", devid)
- return None
-
- log.debug("dev = %s", dev)
- return self.getDeviceController(deviceClass).destroyDevice(dev, force)
+ log.debug("dev = %s", devid)
+ return self.getDeviceController(deviceClass).destroyDevice(devid, force)
def getDeviceSxprs(self, deviceClass):
if self._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED):
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/server/DevController.py
--- a/tools/python/xen/xend/server/DevController.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/server/DevController.py Mon Aug 06 10:12:34 2007 +0100
@@ -203,27 +203,32 @@ class DevController:
The implementation here simply deletes the appropriate paths from the
store. This may be overridden by subclasses who need to perform other
- tasks on destruction. Further, the implementation here can only
- accept integer device IDs, or values that can be converted to
- integers. Subclasses may accept other values and convert them to
- integers before passing them here.
- """
-
- devid = int(devid)
+ tasks on destruction. The implementation here accepts integer device
+ IDs or paths containg integer deviceIDs, e.g. vfb/0. Subclasses may
+ accept other values and convert them to integers before passing them
+ here.
+ """
+
+ try:
+ dev = int(devid)
+ except ValueError:
+ # Does devid contain devicetype/deviceid?
+ # Propogate exception if unable to find an integer devid
+ dev = int(type(devid) is str and devid.split('/')[-1] or None)
# Modify online status /before/ updating state (latter is watched by
# drivers, so this ordering avoids a race).
- self.writeBackend(devid, 'online', "0")
- self.writeBackend(devid, 'state', str(xenbusState['Closing']))
+ self.writeBackend(dev, 'online', "0")
+ self.writeBackend(dev, 'state', str(xenbusState['Closing']))
if force:
- frontpath = self.frontendPath(devid)
+ frontpath = self.frontendPath(dev)
backpath = xstransact.Read(frontpath, "backend")
if backpath:
xstransact.Remove(backpath)
xstransact.Remove(frontpath)
- self.vm._removeVm("device/%s/%d" % (self.deviceClass, devid))
+ self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev))
def configurations(self):
return map(self.configuration, self.deviceIDs())
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/server/blkif.py
--- a/tools/python/xen/xend/server/blkif.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/server/blkif.py Mon Aug 06 10:12:34 2007 +0100
@@ -154,13 +154,16 @@ class BlkifController(DevController):
def destroyDevice(self, devid, force):
"""@see DevController.destroyDevice"""
- # If we are given a device name, then look up the device ID from it,
- # and destroy that ID instead. If what we are given is an integer,
- # then assume it's a device ID and pass it straight through to our
- # superclass's method.
-
+ # vbd device IDs can be either string or integer. Further, the
+ # following string values are possible:
+ # - devicetype/deviceid (vbd/51728)
+ # - devicetype/devicename (/dev/xvdb)
+ # - devicename (xvdb)
+ # Let our superclass handle integer or devicetype/deviceid forms.
+ # If we are given a device name form, then look up the device ID
+ # from it, and destroy that ID instead.
try:
- DevController.destroyDevice(self, int(devid), force)
+ DevController.destroyDevice(self, devid, force)
except ValueError:
devid_end = type(devid) is str and devid.split('/')[-1] or None
diff -r 92e43b36d211 -r f8d5c509f156 tools/security/policies/default-security_policy.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/security/policies/default-security_policy.xml Mon Aug 06 10:12:34 2007 +0100
@@ -0,0 +1,30 @@
+<?xml version="1.0" ?>
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd">
+ <PolicyHeader>
+ <PolicyName>DEFAULT</PolicyName>
+ <Version>1.0</Version>
+ </PolicyHeader>
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+ <ChineseWall>
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ </ChineseWallTypes>
+ </ChineseWall>
+ <SecurityLabelTemplate>
+ <SubjectLabels bootstrap="SystemManagement">
+ <VirtualMachineLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+ </SecurityLabelTemplate>
+</SecurityPolicyDefinition>
diff -r 92e43b36d211 -r f8d5c509f156 tools/security/policies/default-ul-security_policy.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/security/policies/default-ul-security_policy.xml Mon Aug 06 10:12:34 2007 +0100
@@ -0,0 +1,41 @@
+<?xml version="1.0" ?>
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd">
+ <PolicyHeader>
+ <PolicyName>DEFAULT-UL</PolicyName>
+ <Version>1.0</Version>
+ </PolicyHeader>
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+ <ChineseWall>
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ </ChineseWallTypes>
+ </ChineseWall>
+ <SecurityLabelTemplate>
+ <SubjectLabels bootstrap="SystemManagement">
+ <VirtualMachineLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ <VirtualMachineLabel>
+ <Name>__UNLABELED__</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+ </SecurityLabelTemplate>
+</SecurityPolicyDefinition>
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog
# User kfraser@localhost.localdomain
# Date 1186391554 -3600
# Node ID f8d5c509f156cbe3a6a1683f21a75e560e7ba369
# Parent 92e43b36d211606435587420d08b6b949911ce18
Fix/cleanup destroyDevice code path in xend.
When calling destroyDevice code path (e.g. xm block-detach dom devid),
allow specifying an integer device id or a device name such as xvdN or
/dev/xvdN. Allowing the /dev/xvdN form is useful when detaching
devices from dom0. Bootloaders may do this to unmount a disk
previously mounted in dom0.
Move examination of device ID format into the DevController,
permitting device controllers to determine a valid device ID instead
of higher level code.
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
---
tools/python/xen/xend/XendDomainInfo.py | 14 -----
tools/python/xen/xend/server/DevController.py | 27 ++++++-----
tools/python/xen/xend/server/blkif.py | 15 +++---
tools/security/policies/default-security_policy.xml | 30 ++++++++++++
tools/security/policies/default-ul-security_policy.xml | 41 +++++++++++++++++
5 files changed, 98 insertions(+), 29 deletions(-)
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/XendDomainInfo.py Mon Aug 06 10:12:34 2007 +0100
@@ -559,18 +559,8 @@ class XendDomainInfo:
self.getDeviceController(devclass).waitForDevices()
def destroyDevice(self, deviceClass, devid, force = False):
- try:
- dev = int(devid)
- except ValueError:
- # devid is not a number but a string containing either device
- # name (e.g. xvda) or device_type/device_id (e.g. vbd/51728)
- dev = type(devid) is str and devid.split('/')[-1] or None
- if dev == None:
- log.debug("Could not find the device %s", devid)
- return None
-
- log.debug("dev = %s", dev)
- return self.getDeviceController(deviceClass).destroyDevice(dev, force)
+ log.debug("dev = %s", devid)
+ return self.getDeviceController(deviceClass).destroyDevice(devid, force)
def getDeviceSxprs(self, deviceClass):
if self._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED):
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/server/DevController.py
--- a/tools/python/xen/xend/server/DevController.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/server/DevController.py Mon Aug 06 10:12:34 2007 +0100
@@ -203,27 +203,32 @@ class DevController:
The implementation here simply deletes the appropriate paths from the
store. This may be overridden by subclasses who need to perform other
- tasks on destruction. Further, the implementation here can only
- accept integer device IDs, or values that can be converted to
- integers. Subclasses may accept other values and convert them to
- integers before passing them here.
- """
-
- devid = int(devid)
+ tasks on destruction. The implementation here accepts integer device
+ IDs or paths containg integer deviceIDs, e.g. vfb/0. Subclasses may
+ accept other values and convert them to integers before passing them
+ here.
+ """
+
+ try:
+ dev = int(devid)
+ except ValueError:
+ # Does devid contain devicetype/deviceid?
+ # Propogate exception if unable to find an integer devid
+ dev = int(type(devid) is str and devid.split('/')[-1] or None)
# Modify online status /before/ updating state (latter is watched by
# drivers, so this ordering avoids a race).
- self.writeBackend(devid, 'online', "0")
- self.writeBackend(devid, 'state', str(xenbusState['Closing']))
+ self.writeBackend(dev, 'online', "0")
+ self.writeBackend(dev, 'state', str(xenbusState['Closing']))
if force:
- frontpath = self.frontendPath(devid)
+ frontpath = self.frontendPath(dev)
backpath = xstransact.Read(frontpath, "backend")
if backpath:
xstransact.Remove(backpath)
xstransact.Remove(frontpath)
- self.vm._removeVm("device/%s/%d" % (self.deviceClass, devid))
+ self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev))
def configurations(self):
return map(self.configuration, self.deviceIDs())
diff -r 92e43b36d211 -r f8d5c509f156 tools/python/xen/xend/server/blkif.py
--- a/tools/python/xen/xend/server/blkif.py Mon Aug 06 10:11:25 2007 +0100
+++ b/tools/python/xen/xend/server/blkif.py Mon Aug 06 10:12:34 2007 +0100
@@ -154,13 +154,16 @@ class BlkifController(DevController):
def destroyDevice(self, devid, force):
"""@see DevController.destroyDevice"""
- # If we are given a device name, then look up the device ID from it,
- # and destroy that ID instead. If what we are given is an integer,
- # then assume it's a device ID and pass it straight through to our
- # superclass's method.
-
+ # vbd device IDs can be either string or integer. Further, the
+ # following string values are possible:
+ # - devicetype/deviceid (vbd/51728)
+ # - devicetype/devicename (/dev/xvdb)
+ # - devicename (xvdb)
+ # Let our superclass handle integer or devicetype/deviceid forms.
+ # If we are given a device name form, then look up the device ID
+ # from it, and destroy that ID instead.
try:
- DevController.destroyDevice(self, int(devid), force)
+ DevController.destroyDevice(self, devid, force)
except ValueError:
devid_end = type(devid) is str and devid.split('/')[-1] or None
diff -r 92e43b36d211 -r f8d5c509f156 tools/security/policies/default-security_policy.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/security/policies/default-security_policy.xml Mon Aug 06 10:12:34 2007 +0100
@@ -0,0 +1,30 @@
+<?xml version="1.0" ?>
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd">
+ <PolicyHeader>
+ <PolicyName>DEFAULT</PolicyName>
+ <Version>1.0</Version>
+ </PolicyHeader>
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+ <ChineseWall>
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ </ChineseWallTypes>
+ </ChineseWall>
+ <SecurityLabelTemplate>
+ <SubjectLabels bootstrap="SystemManagement">
+ <VirtualMachineLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+ </SecurityLabelTemplate>
+</SecurityPolicyDefinition>
diff -r 92e43b36d211 -r f8d5c509f156 tools/security/policies/default-ul-security_policy.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/security/policies/default-ul-security_policy.xml Mon Aug 06 10:12:34 2007 +0100
@@ -0,0 +1,41 @@
+<?xml version="1.0" ?>
+<SecurityPolicyDefinition xmlns="http://www.ibm.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com ../../security_policy.xsd">
+ <PolicyHeader>
+ <PolicyName>DEFAULT-UL</PolicyName>
+ <Version>1.0</Version>
+ </PolicyHeader>
+ <SimpleTypeEnforcement>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ </SimpleTypeEnforcement>
+ <ChineseWall>
+ <ChineseWallTypes>
+ <Type>SystemManagement</Type>
+ </ChineseWallTypes>
+ </ChineseWall>
+ <SecurityLabelTemplate>
+ <SubjectLabels bootstrap="SystemManagement">
+ <VirtualMachineLabel>
+ <Name>SystemManagement</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>SystemManagement</Type>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ <VirtualMachineLabel>
+ <Name>__UNLABELED__</Name>
+ <SimpleTypeEnforcementTypes>
+ <Type>__UNLABELED__</Type>
+ </SimpleTypeEnforcementTypes>
+ <ChineseWallTypes>
+ <Type/>
+ </ChineseWallTypes>
+ </VirtualMachineLabel>
+ </SubjectLabels>
+ </SecurityLabelTemplate>
+</SecurityPolicyDefinition>
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog