1
#============================================================================
2
# This library is free software; you can redistribute it and/or
3
# modify it under the terms of version 2.1 of the GNU Lesser General Public
4
# License as published by the Free Software Foundation.
6
# This library is distributed in the hope that it will be useful,
7
# but WITHOUT ANY WARRANTY; without even the implied warranty of
8
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
9
# Lesser General Public License for more details.
11
# You should have received a copy of the GNU Lesser General Public
12
# License along with this library; if not, write to the Free Software
13
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
14
#============================================================================
15
# Copyright (C) 2006 International Business Machines Corp.
16
# Author: Bryan D. Payne <bdpayne@us.ibm.com>
17
#============================================================================
19
"""Show the label for a domain or resoruce.
22
import xen.util.xsm.xsm as security
23
from xen.util import xsconstants, auxbin
24
from xen.xm.opts import OptionError
25
from xen.xm import main as xm_main
26
from xen.xm.main import server
30
Usage: xm getlabel dom <configfile>
31
xm getlabel mgt <domain name>
32
xm getlabel res <resource>
33
xm getlabel vif-<idx> <vmname>
35
This program shows the label for a domain from its configuration
36
file, the label of a Xend-managed domain, that of a resources or
37
the label of a virtual network interface of a managed domain
38
(requires xm to be used in Xen-API mode).
41
def get_resource_label(resource):
42
"""Gets the resource label
44
if xm_main.serverType == xm_main.SERVER_XEN_API:
45
reslabel = server.xenapi.XSPolicy.get_resource_label(resource)
47
raise security.XSMError("Resource not labeled")
50
reslabel = server.xend.security.get_resource_label(resource)
51
if len(reslabel) == 0:
52
raise security.XSMError("Resource not labeled")
53
print ":".join(reslabel)
56
def get_domain_label(configfile):
57
# open the domain config file
59
if configfile[0] == '/':
60
fd = open(configfile, "rb")
62
for prefix in [".", auxbin.xen_configdir() ]:
63
abs_file = prefix + "/" + configfile
64
if os.path.isfile(abs_file):
65
fd = open(abs_file, "rb")
68
raise OptionError("Configuration file '%s' not found." % configfile)
70
# read in the domain config file, finding the label line
71
ac_entry_re = re.compile("^access_control\s*=.*", re.IGNORECASE)
72
ac_exit_re = re.compile(".*'\].*")
75
for line in fd.readlines():
76
if ac_entry_re.match(line):
79
acline = acline + line
80
if record and ac_exit_re.match(line):
84
# send error message if we didn't find anything
86
raise security.XSMError("Domain not labeled")
89
(title, data) = acline.split("=", 1)
91
data = data.lstrip("[\'")
92
data = data.rstrip("\']")
93
print "policytype=%s," % xsconstants.ACM_POLICY_ID + data
95
def get_vif_label(vmname, idx):
96
if xm_main.serverType != xm_main.SERVER_XEN_API:
97
raise OptionError('xm needs to be configure to use the xen-api.')
98
vm_refs = server.xenapi.VM.get_by_name_label(vmname)
100
raise OptionError('A VM with the name %s does not exist.' %
102
vif_refs = server.xenapi.VM.get_VIFs(vm_refs[0])
103
if len(vif_refs) <= idx:
104
raise OptionError("Bad VIF index.")
105
vif_ref = server.xenapi.VIF.get_by_uuid(vif_refs[idx])
107
print "No VIF with this UUID."
108
sec_lab = server.xenapi.VIF.get_security_label(vif_ref)
111
def get_domain_label_xapi(domain):
112
if xm_main.serverType != xm_main.SERVER_XEN_API:
113
sec_lab = server.xend.security.get_domain_label(domain)
114
if len(sec_lab) > 0 and sec_lab[0] == '\'':
115
sec_lab = sec_lab[1:]
117
uuids = server.xenapi.VM.get_by_name_label(domain)
119
raise OptionError('A VM with that name does not exist.')
121
raise OptionError('There are multiple domains with the same name.')
123
sec_lab = server.xenapi.VM.get_security_label(uuid)
128
raise OptionError('Requires 2 arguments')
130
if argv[1].lower() == "dom":
132
get_domain_label(configfile)
133
elif argv[1].lower() == "mgt":
135
get_domain_label_xapi(domainname)
136
elif argv[1].lower() == "res":
138
get_resource_label(resource)
139
elif argv[1].lower().startswith("vif-"):
141
idx = int(argv[1][4:])
145
raise OptionError("Bad VIF device index.")
147
get_vif_label(vmname, idx)
149
raise OptionError('First subcommand argument must be "dom"'
152
if __name__ == '__main__':
156
sys.stderr.write('Error: %s\n' % str(e))