config_fd.close()
-def main (argv):
- try:
- policyref = None
- if len(argv) not in (4, 5):
- raise OptionError('Needs either 2 or 3 arguments')
-
- label = argv[1]
-
- if len(argv) == 5:
- policyref = argv[4]
- elif security.on():
- policyref = security.active_policy
- else:
- security.err("No active policy. Policy must be specified in command line.")
-
- if argv[2].lower() == "dom":
- configfile = argv[3]
- if configfile[0] != '/':
- for prefix in [".", "/etc/xen"]:
- configfile = prefix + "/" + configfile
- if os.path.isfile(configfile):
- break
- if not validate_config_file(configfile):
- raise OptionError('Invalid config file')
- else:
- add_domain_label(label, configfile, policyref)
- elif argv[2].lower() == "res":
- resource = argv[3]
- add_resource_label(label, resource, policyref)
+def main(argv):
+ policyref = None
+ if len(argv) not in (4, 5):
+ raise OptionError('Needs either 2 or 3 arguments')
+
+ label = argv[1]
+
+ if len(argv) == 5:
+ policyref = argv[4]
+ elif security.on():
+ policyref = security.active_policy
+ else:
+ raise OptionError("No active policy. Must specify policy on the "
+ "command line.")
+
+ if argv[2].lower() == "dom":
+ configfile = argv[3]
+ if configfile[0] != '/':
+ for prefix in [".", "/etc/xen"]:
+ configfile = prefix + "/" + configfile
+ if os.path.isfile(configfile):
+ break
+ if not validate_config_file(configfile):
+ raise OptionError('Invalid config file')
else:
- raise OptionError('Need to specify either "dom" or "res" as object to add label to.')
+ add_domain_label(label, configfile, policyref)
+ elif argv[2].lower() == "res":
+ resource = argv[3]
+ add_resource_label(label, resource, policyref)
+ else:
+ raise OptionError('Need to specify either "dom" or "res" as '
+ 'object to add label to.')
- except security.ACMError:
- sys.exit(-1)
-
if __name__ == '__main__':
- main(sys.argv)
+ try:
+ main(sys.argv)
+ except Exception, e:
+ sys.stderr.write('Error: %s\n' % str(e))
+ sys.exit(-1)
individually along with the final security decision."""
def main (argv):
- try:
- if len(argv) != 2:
- raise OptionError('Invalid number of arguments')
-
- passed = 0
- (opts, config) = create.parseCommandLine(argv)
- if create.check_domain_label(config, verbose=1):
- if create.config_security_check(config, verbose=1):
- passed = 1
- else:
- print "Checking resources: (skipped)"
-
- if passed:
- print "Dry Run: PASSED"
- else:
- print "Dry Run: FAILED"
- sys.exit(-1)
-
- except security.ACMError:
+ if len(argv) != 2:
+ raise OptionError('Invalid number of arguments')
+
+ passed = 0
+ (opts, config) = create.parseCommandLine(argv)
+ if create.check_domain_label(config, verbose=1):
+ if create.config_security_check(config, verbose=1):
+ passed = 1
+ else:
+ print "Checking resources: (skipped)"
+
+ if passed:
+ print "Dry Run: PASSED"
+ else:
+ print "Dry Run: FAILED"
sys.exit(-1)
-
if __name__ == '__main__':
- main(sys.argv)
+ try:
+ main(sys.argv)
+ except Exception, e:
+ sys.stderr.write('Error: %s\n' % str(e))
+ sys.exit(-1)
"""
import sys
from xen.util.security import ACMError, err, dump_policy
-
+from xen.xm.opts import OptionError
def help():
return """
(low-level)."""
def main(argv):
- try:
- if len(argv) != 1:
- usage()
-
- dump_policy()
- except ACMError:
- sys.exit(-1)
+ if len(argv) != 1:
+ raise OptionError("No arguments expected.")
+ dump_policy()
if __name__ == '__main__':
- main(sys.argv)
+ try:
+ main(sys.argv)
+ except Exception, e:
+ sys.stderr.write('Error: %s\n' % str(e))
+ sys.exit(-1)
try:
access_control = dictio.dict_read("resources", file)
except:
- security.err("Resource file not found, cannot remove label!")
+ raise security.ACMError("Resource file not found, cannot remove label!")
# remove the entry and update file
if access_control.has_key(resource):
del access_control[resource]
dictio.dict_write(access_control, "resources", file)
else:
- security.err("Resource not labeled.")
+ raise security.ACMError("Resource not labeled")
def rm_domain_label(configfile):
fd = open(file, "rb")
break
if not fd:
- security.err("Configuration file '"+configfile+"' not found.")
-
+ raise OptionError("Configuration file '%s' not found." % configfile)
+
# read in the domain config file, removing label
ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
ac_exit_re = re.compile(".*'\].*")
# send error message if we didn't find anything to remove
if not removed:
- security.err("Domain not labeled.")
+ raise security.ACMError('Domain not labeled')
# write the data back out to the file
fd = open(file, "wb")
if argv[1].lower() not in ('dom', 'res'):
raise OptionError('Unrecognised type argument: %s' % argv[1])
- try:
- if argv[1].lower() == "dom":
- configfile = argv[2]
- rm_domain_label(configfile)
- elif argv[1].lower() == "res":
- resource = argv[2]
- rm_resource_label(resource)
- except security.ACMError:
- sys.exit(-1)
+ if argv[1].lower() == "dom":
+ configfile = argv[2]
+ rm_domain_label(configfile)
+ elif argv[1].lower() == "res":
+ resource = argv[2]
+ rm_resource_label(resource)
if __name__ == '__main__':
- main(sys.argv)
+ try:
+ main(sys.argv)
+ except Exception, e:
+ sys.stderr.write('Error: %s\n' % str(e))
+ sys.exit(-1)
projects / xen.git / commitdiff