xend, acm: Trigger a script when a resource's label changes

This patch triggers a script when a resource's label changes. The xend
config file should provide a variable 'resource-label-change-script'
that can then be launched.

Signed-off-by; Stefan Berger <stefanb@us.ibm.com>

diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp
index adbb9e6b6985b3b0336a16a78dde36ce9607272a..9dfd97471fb2685c65d1b1b209ac363f2f69be9a 100644 (file)
--- a/tools/examples/xend-config.sxp
+++ b/tools/examples/xend-config.sxp
@@ -196,4 +196,5 @@
 # when not specififed in VM's configuration
 #(keymap 'en-us')
 
-
+# Script to run when the label of a resource has changed.
+#(resource-label-change-script '')

diff --git a/tools/python/xen/util/xsm/acm/acm.py b/tools/python/xen/util/xsm/acm/acm.py
index 5d17191293cdc6bb93222457124966d7d0eb8133..62a1cd8d73d19fab889f98c8940b716a6484f5a8 100644 (file)
--- a/tools/python/xen/util/xsm/acm/acm.py
+++ b/tools/python/xen/util/xsm/acm/acm.py
@@ -27,6 +27,7 @@ import stat
 from xen.lowlevel import acm
 from xen.xend import sxp
 from xen.xend import XendConstants
+from xen.xend import XendOptions
 from xen.xend.XendLogging import log
 from xen.xend.XendError import VmError
 from xen.util import dictio, xsconstants
@@ -1081,9 +1082,14 @@ def set_resource_label(resource, policytype, policyref, reslabel, \
         if reslabel != "":
             new_entry = { resource : tuple([policytype, policyref, reslabel])}
             access_control.update(new_entry)
+            command = "add"
+            reslbl = ":".join([policytype, policyref, reslabel])
         else:
             if access_control.has_key(resource):
                 del access_control[resource]
+            command = "remove"
+            reslbl = ""
+        run_resource_label_change_script(resource, reslbl, command)
         dictio.dict_write(access_control, "resources", res_label_filename)
     finally:
         resfile_unlock()
@@ -1273,6 +1279,7 @@ def change_acm_policy(bin_pol, del_array, chg_array,
                 label = reslabel_map[label]
             elif label not in polnew_reslabels:
                 policytype = xsconstants.INVALID_POLICY_PREFIX + policytype
+                run_resource_label_change_script(key, "", "remove")
             # Update entry
             access_control[key] = \
                    tuple([ policytype, new_policyname, label ])
@@ -1383,3 +1390,18 @@ def get_security_label(self, xspol=None):
     if domid != 0:
         label = self.info.get('security_label', label)
     return label
+
+def run_resource_label_change_script(resource, label, command):
+    script = XendOptions.instance().get_resource_label_change_script()
+    if script:
+        parms = {
+            'resource' : resource,
+            'label'    : label,
+            'command'  : command,
+        }
+        log.info("Running resource label change script %s: %s" %
+                 (script, parms))
+        parms.update(os.environ)
+        os.spawnve(os.P_NOWAIT, script[0], script, parms)
+    else:
+        log.info("No script given for relabeling of resources.")

diff --git a/tools/python/xen/xend/XendOptions.py b/tools/python/xen/xend/XendOptions.py
index 0ac9ca62efe92ee42509838afa55b342b2456fbe..1c1177c9457da89be29d8676086238f1879934a8 100644 (file)
--- a/tools/python/xen/xend/XendOptions.py
+++ b/tools/python/xen/xend/XendOptions.py
@@ -278,6 +278,16 @@ class XendOptions:
     def get_keymap(self):
         return self.get_config_value('keymap', None)
 
+    def get_resource_label_change_script(self):
+        s = self.get_config_value('resource-label-change-script')
+        if s:
+            result = s.split(" ")
+            result[0] = os.path.join(osdep.scripts_dir, result[0])
+            return result
+        else:
+            return None
+
+
 class XendOptionsFile(XendOptions):
 
     """Default path to the config file."""