From 54aa7f4832111b7520eb55eddf5ab6de3cea8b81 Mon Sep 17 00:00:00 2001
From: Ewan Mellor <ewan@xensource.com>
Date: Mon, 23 Oct 2006 12:23:57 +0100
Subject: [PATCH] Import the xen-unstable changeset
 11863:7633398447846679342b197a79bc375b996d9026, with conflict resolution by
 Ewan Mellor.

[XM] Allow empty resource strings (e.g., when creating an empty CDROM
device). Also clean up error/acces-denied path.
Signed-off-by: Keir Fraser <keir@xensource.com>
---
 tools/python/xen/util/security.py | 9 ++++++++-
 tools/python/xen/xm/create.py     | 4 +++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/tools/python/xen/util/security.py b/tools/python/xen/util/security.py
index e617ddf894..91c0badd74 100644
--- a/tools/python/xen/util/security.py
+++ b/tools/python/xen/util/security.py
@@ -601,8 +601,15 @@ def unify_resname(resource):
     """Makes all resource locations absolute. In case of physical
     resources, '/dev/' is added to local file names"""
 
+    if not resource:
+        return resource
+
     # sanity check on resource name
-    (type, resfile) = resource.split(":")
+    try:
+        (type, resfile) = resource.split(":")
+    except:
+        err("Resource spec '%s' contains no ':' delimiter" % resource)
+
     if type == "phy":
         if not resfile.startswith("/"):
             resfile = "/dev/" + resfile
diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
index bfe967b504..67bc9f3602 100644
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -1161,6 +1161,8 @@ def config_security_check(config, verbose):
         except security.ACMError:
             print "   %s: DENIED" % (resource)
             (res_label, res_policy) = security.get_res_label(resource)
+            if not res_label:
+                res_label = ""
             print "   --> res: %s (%s)" % (str(res_label),
                                            str(res_policy))
             print "   --> dom: %s (%s)" % (str(domain_label),
@@ -1202,7 +1204,7 @@ def main(argv):
         PrettyPrint.prettyprint(config)
     else:
         if not create_security_check(config):
-            raise OptionError('Security Configuration prevents domain from starting')
+            raise security.ACMError('Security Configuration prevents domain from starting')
         else:
             dom = make_domain(opts, config)
             if opts.vals.console_autoconnect:
-- 
2.30.2