From: Keir Fraser Date: Tue, 30 Oct 2007 09:33:49 +0000 (+0000) Subject: acm, xm: Propagate error codes. X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14828^2~11 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cb9e907b6f5a64151dda8c38b60ea764a8d38daf;p=xen.git acm, xm: Propagate error codes. Fix propagation of error codes to the shell in some of the security related xm commands. Signed-off-by: Stefan Berger --- diff --git a/tools/python/xen/xm/addlabel.py b/tools/python/xen/xm/addlabel.py index 9af4f06754..0ba3b925ff 100644 --- a/tools/python/xen/xm/addlabel.py +++ b/tools/python/xen/xm/addlabel.py @@ -117,15 +117,18 @@ def add_resource_label(label, resource, policyref, policy_type): res_xapi, "") except Exception, e: - security.err("Could not label this resource: %s" % e) + raise security.XSMError("Could not label this resource: %s" % + str(e)) else: - security.err("'%s' is already labeled with '%s'" % (resource,old)) + raise security.XSMError("'%s' is already labeled with '%s'" % + (resource,old)) def add_domain_label(label, configfile, policyref): # sanity checks: make sure this label can be instantiated later on ssidref = security.label2ssidref(label, policyref, 'dom') - new_label = "access_control = ['policy=%s,label=%s']\n" % (policyref, label) + new_label = "access_control = ['policy=%s,label=%s']\n" % \ + (policyref, label) if not os.path.isfile(configfile): security.err("Configuration file \'" + configfile + "\' not found.") config_fd = open(configfile, "ra+") @@ -150,14 +153,14 @@ def add_domain_label_xapi(label, domainname, policyref, policy_type): try: old_lab = server.xenapi.VM.get_security_label(uuid) rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab) - except: - rc = -1 + except Exception, e: + raise security.XSMError("Could not label the domain: %s" % e) if int(rc) < 0: raise OptionError('Could not label domain.') else: ssidref = int(rc) if ssidref != 0: - print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % \ + print "Set the label of domain '%s' to '%s'. New ssidref = %08x" %\ (domainname,label,ssidref) else: print "Set the label of dormant domain '%s' to '%s'." % \ diff --git a/tools/python/xen/xm/rmlabel.py b/tools/python/xen/xm/rmlabel.py index c407a16076..a31086e3c0 100644 --- a/tools/python/xen/xm/rmlabel.py +++ b/tools/python/xen/xm/rmlabel.py @@ -50,9 +50,10 @@ def rm_resource_label(resource): server.xenapi.XSPolicy.set_resource_label(resource,"", oldlabel) else: - raise security.ACMError("Resource not labeled") + raise security.XSMError("Resource not labeled") except Exception, e: - print "Could not remove label from resource: %s" % e + raise security.XSMError("Could not remove label " + "from resource: %s" % e) return #build canonical resource name @@ -128,7 +129,7 @@ def rm_domain_label_xapi(domainname): old_lab = server.xenapi.VM.get_security_label(uuid) server.xenapi.VM.set_security_label(uuid, "", old_lab) except Exception, e: - print('Could not remove label from domain: %s' % e) + raise security.XSMError('Could not remove label from domain: %s' % e) def rm_vif_label(vmname, idx): if xm_main.serverType != xm_main.SERVER_XEN_API: @@ -142,16 +143,21 @@ def rm_vif_label(vmname, idx): raise OptionError("Bad VIF index.") vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx]) if not vif_ref: - print "A VIF with this UUID does not exist." + raise security.XSMError("A VIF with this UUID does not exist.") try: old_lab = server.xenapi.VIF.get_security_label(vif_ref) - rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab) - if int(rc) != 0: - print "Could not remove the label from the VIF." + if old_lab != "": + rc = server.xenapi.VIF.set_security_label(vif_ref, "", old_lab) + if int(rc) != 0: + raise security.XSMError("Could not remove the label from" + " the VIF.") + else: + print "Successfully removed the label from the VIF." else: - print "Successfully removed the label from the VIF." + raise security.XSMError("VIF is not labeled.") except Exception, e: - print "Could not remove the label the VIF: %s" % str(e) + raise security.XSMError("Could not remove the label from the VIF: %s" % + str(e)) def main (argv): diff --git a/tools/python/xen/xm/setpolicy.py b/tools/python/xen/xm/setpolicy.py index 6aa6996616..1901a65ca1 100644 --- a/tools/python/xen/xm/setpolicy.py +++ b/tools/python/xen/xm/setpolicy.py @@ -23,6 +23,7 @@ import base64 import struct import sys import string +import xen.util.xsm.xsm as security from xen.util import xsconstants from xen.util.acmpolicy import ACMPolicy from xen.xm.opts import OptionError @@ -100,21 +101,22 @@ def setpolicy(policytype, policy_name, flags, overwrite, is_update=False): flags, overwrite) except Exception, e: - print "An error occurred setting the policy: %s" % str(e) - return + raise security.XSMError("An error occurred setting the " + "policy: %s" % str(e)) xserr = int(policystate['xserr']) if xserr != 0: - print "An error occurred trying to set the policy: %s" % \ + txt = "An error occurred trying to set the policy: %s." % \ xsconstants.xserr2string(abs(xserr)) errors = policystate['errors'] if len(errors) > 0: - print "Hypervisor reported errors:" + txt += "Hypervisor reported errors:" err = base64.b64decode(errors) i = 0 while i + 7 < len(err): code, data = struct.unpack("!ii", errors[i:i+8]) - print "(0x%08x, 0x%08x)" % (code, data) + txt += "(0x%08x, 0x%08x)" % (code, data) i += 8 + raise security.XSMError(txt) else: print "Successfully set the new policy."