From e080ffba8d9368b57e4b9a882f7c9729efe9f9db Mon Sep 17 00:00:00 2001 From: "kfraser@localhost.localdomain" Date: Mon, 6 Aug 2007 10:12:34 +0100 Subject: [PATCH] Fix/cleanup destroyDevice code path in xend. When calling destroyDevice code path (e.g. xm block-detach dom devid), allow specifying an integer device id or a device name such as xvdN or /dev/xvdN. Allowing the /dev/xvdN form is useful when detaching devices from dom0. Bootloaders may do this to unmount a disk previously mounted in dom0. Move examination of device ID format into the DevController, permitting device controllers to determine a valid device ID instead of higher level code. Signed-off-by: Jim Fehlig --- tools/python/xen/xend/XendDomainInfo.py | 14 +------ tools/python/xen/xend/server/DevController.py | 23 +++++++---- tools/python/xen/xend/server/blkif.py | 15 ++++--- .../policies/default-security_policy.xml | 30 ++++++++++++++ .../policies/default-ul-security_policy.xml | 41 +++++++++++++++++++ 5 files changed, 96 insertions(+), 27 deletions(-) create mode 100644 tools/security/policies/default-security_policy.xml create mode 100644 tools/security/policies/default-ul-security_policy.xml diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py index 0d3a8ea055..095c665214 100644 --- a/tools/python/xen/xend/XendDomainInfo.py +++ b/tools/python/xen/xend/XendDomainInfo.py @@ -559,18 +559,8 @@ class XendDomainInfo: self.getDeviceController(devclass).waitForDevices() def destroyDevice(self, deviceClass, devid, force = False): - try: - dev = int(devid) - except ValueError: - # devid is not a number but a string containing either device - # name (e.g. xvda) or device_type/device_id (e.g. vbd/51728) - dev = type(devid) is str and devid.split('/')[-1] or None - if dev == None: - log.debug("Could not find the device %s", devid) - return None - - log.debug("dev = %s", dev) - return self.getDeviceController(deviceClass).destroyDevice(dev, force) + log.debug("dev = %s", devid) + return self.getDeviceController(deviceClass).destroyDevice(devid, force) def getDeviceSxprs(self, deviceClass): if self._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED): diff --git a/tools/python/xen/xend/server/DevController.py b/tools/python/xen/xend/server/DevController.py index c43ed2681b..0de81efa3a 100644 --- a/tools/python/xen/xend/server/DevController.py +++ b/tools/python/xen/xend/server/DevController.py @@ -203,27 +203,32 @@ class DevController: The implementation here simply deletes the appropriate paths from the store. This may be overridden by subclasses who need to perform other - tasks on destruction. Further, the implementation here can only - accept integer device IDs, or values that can be converted to - integers. Subclasses may accept other values and convert them to - integers before passing them here. + tasks on destruction. The implementation here accepts integer device + IDs or paths containg integer deviceIDs, e.g. vfb/0. Subclasses may + accept other values and convert them to integers before passing them + here. """ - devid = int(devid) + try: + dev = int(devid) + except ValueError: + # Does devid contain devicetype/deviceid? + # Propogate exception if unable to find an integer devid + dev = int(type(devid) is str and devid.split('/')[-1] or None) # Modify online status /before/ updating state (latter is watched by # drivers, so this ordering avoids a race). - self.writeBackend(devid, 'online', "0") - self.writeBackend(devid, 'state', str(xenbusState['Closing'])) + self.writeBackend(dev, 'online', "0") + self.writeBackend(dev, 'state', str(xenbusState['Closing'])) if force: - frontpath = self.frontendPath(devid) + frontpath = self.frontendPath(dev) backpath = xstransact.Read(frontpath, "backend") if backpath: xstransact.Remove(backpath) xstransact.Remove(frontpath) - self.vm._removeVm("device/%s/%d" % (self.deviceClass, devid)) + self.vm._removeVm("device/%s/%d" % (self.deviceClass, dev)) def configurations(self): return map(self.configuration, self.deviceIDs()) diff --git a/tools/python/xen/xend/server/blkif.py b/tools/python/xen/xend/server/blkif.py index 62512a4cd9..b63e05f2a5 100644 --- a/tools/python/xen/xend/server/blkif.py +++ b/tools/python/xen/xend/server/blkif.py @@ -154,13 +154,16 @@ class BlkifController(DevController): def destroyDevice(self, devid, force): """@see DevController.destroyDevice""" - # If we are given a device name, then look up the device ID from it, - # and destroy that ID instead. If what we are given is an integer, - # then assume it's a device ID and pass it straight through to our - # superclass's method. - + # vbd device IDs can be either string or integer. Further, the + # following string values are possible: + # - devicetype/deviceid (vbd/51728) + # - devicetype/devicename (/dev/xvdb) + # - devicename (xvdb) + # Let our superclass handle integer or devicetype/deviceid forms. + # If we are given a device name form, then look up the device ID + # from it, and destroy that ID instead. try: - DevController.destroyDevice(self, int(devid), force) + DevController.destroyDevice(self, devid, force) except ValueError: devid_end = type(devid) is str and devid.split('/')[-1] or None diff --git a/tools/security/policies/default-security_policy.xml b/tools/security/policies/default-security_policy.xml new file mode 100644 index 0000000000..f52663e708 --- /dev/null +++ b/tools/security/policies/default-security_policy.xml @@ -0,0 +1,30 @@ + + + + DEFAULT + 1.0 + + + + SystemManagement + + + + + SystemManagement + + + + + + SystemManagement + + SystemManagement + + + + + + + + diff --git a/tools/security/policies/default-ul-security_policy.xml b/tools/security/policies/default-ul-security_policy.xml new file mode 100644 index 0000000000..1dad2d19c0 --- /dev/null +++ b/tools/security/policies/default-ul-security_policy.xml @@ -0,0 +1,41 @@ + + + + DEFAULT-UL + 1.0 + + + + SystemManagement + __UNLABELED__ + + + + + SystemManagement + + + + + + SystemManagement + + SystemManagement + __UNLABELED__ + + + + + + + __UNLABELED__ + + __UNLABELED__ + + + + + + + + -- 2.30.2