From: Keir Fraser Date: Wed, 30 Jan 2008 14:23:17 +0000 (+0000) Subject: acm, xend: Fix resetting policy. X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14347 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=17cbb242dc718b0a4b4a2394d10855cf1ea78737;p=xen.git acm, xend: Fix resetting policy. Fix a problem when resetting the policy and the label of Domain-0 needs to be renamed. Signed-off-by: Stefan Berger --- diff --git a/tools/python/xen/util/acmpolicy.py b/tools/python/xen/util/acmpolicy.py index 48e044d318..ef31734ad3 100644 --- a/tools/python/xen/util/acmpolicy.py +++ b/tools/python/xen/util/acmpolicy.py @@ -337,7 +337,8 @@ class ACMPolicy(XSPolicy): rc, errors = security.change_acm_policy(bin_pol, del_array, chg_array, vmlabel_map, reslabel_map, - self, acmpol_new) + self, acmpol_new, + acmpol_new.is_default_policy()) if rc == 0: # Replace the old DOM with the new one and save it diff --git a/tools/python/xen/util/xsm/acm/acm.py b/tools/python/xen/util/xsm/acm/acm.py index 8bb0928c6e..98b6ec1312 100644 --- a/tools/python/xen/util/xsm/acm/acm.py +++ b/tools/python/xen/util/xsm/acm/acm.py @@ -1342,7 +1342,8 @@ def relabel_domains(relabel_list): def change_acm_policy(bin_pol, del_array, chg_array, - vmlabel_map, reslabel_map, cur_acmpol, new_acmpol): + vmlabel_map, reslabel_map, cur_acmpol, new_acmpol, + is_reset): """ Change the ACM policy of the system by relabeling domains and resources first and doing some access checks. @@ -1451,8 +1452,11 @@ def change_acm_policy(bin_pol, del_array, chg_array, continue new_vmlabel = vmlabel - if vmlabel_map.has_key(vmlabel): - # renaming of the label + if vmlabel_map.has_key(vmlabel) and \ + (not is_reset or name == "Domain-0") : + # renaming of the label; this is only allowed if it's + # not a reset of the policy or if it is a reset, then + # only for Domain-0 new_vmlabel = vmlabel_map[vmlabel] polname = new_policyname elif new_vmlabel not in polnew_vmlabels and \