[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [XSM] Setting of ACM Policy
Stefan, >>From: Stefan Berger <stefanb@xxxxxxxxxx> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >> >>> Unforunately the setting is re-written by "DEFAULT policy" when xend >>> is started. >>> Can't we fix the policy at the boot time? >> >>I am not sure what you mean by 'fix the policy at the boot time?'. When I set up a policy at GRUB menu, the policy becomes immutably till shutdown. I don't want the policy to be changed by any commands. However "xend" and "xm" command change the policy easily on the current implementation. Should I use the Mandatory Access Control of SE-Linux on Dom0 to keep the policy? >>You seem to be using an older version of Xen. Is there any possibility to >>move to 3.3.0? When I tried xsm, Xen3.2.1 was the latest stable version. I will move to 3.3.0. ----- suzaki >>> >> >>> >>Cheers, >>> >>Dilshan >>> >> >>> >>> ------ >>> >>> suzaki >>> >>> >>> >>> >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> >>> >>> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >>> >>> >> >>> >>> >>Hi Suzaki, >>> >>> >> >>> >>> >>It looks like a faulty build. (I could be wrong) >>> >>> >>If you've set ACM_SECURITY ?= y in Config.mk when you >>> building xen, you >>> >>> >>must get ACM as the supported security subsystem when you run >>'xm >>> >>> >>getpolicy'. >>> >>> >> >>> >>> >>If you just run 'xm setpolicy', you should get error but it >>> also tells >>> >>> >>you the supported policy type >>> >>> >>(...The only policytype that is currently supported is 'ACM'...) >>> >>> >> >>> >>> >>You can use xensec_ezpolicy to create a policy in xml >>> format. Then 'xm >>> >>> >>setpolicy...' to covert xml to binary format and to activate >>> the policy. >>> >>> >> >>> >>> >>But if the XSM is not build properly, none of the above will >>work. >>> >>> >> >>> >>> >>Hope this helps. >>> >>> >> >>> >>> >>Cheers, >>> >>> >>Dilshan >>> >>> >> >>> >>> >>Kuniyasu Suzaki wrote: >>> >>> >>> Hello, >>> >>> >>> >>> >>> >>> Please tell me how to setup ACM of XSM. >>> >>> >>> I could build a XSM but it doesn't work well. >>> >>> >>> # xm getpolicy >>> >>> >>> Supported security subsystems: None >>> >>> >>> >>> >>> >>> I guess it is caused by the lack of a policy file. >>> >>> >>> I referred the following manual and tried to create poly file. >> >>> >>> >>> >>http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf >>> >>> >>> >>> >>> >>> The manual tells that the following command create a policy >>file >>> >>> >>> "mytest.bin". >>> >>> >>> # xm setpolicy ACM mytest >>> >>> >>> >>> >>> >>> However the command doesn't work well. Please tell me >>> create a policy file. >>> >>> >>> I tried on Xen 3.2.1. Is the step obsolete? >>> >>> >>> >>> >>> >>> ------ >>> >>> >>> suzaki >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> >>> Xen-devel mailing list >>> >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>> >>> http://lists.xensource.com/xen-devel >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> Xen-devel mailing list >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>> http://lists.xensource.com/xen-devel >>> >>> >>> >> >>> >>_______________________________________________ >>> >>Xen-devel mailing list >>> >>Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>http://lists.xensource.com/xen-devel >>> >> >>> >>> _______________________________________________ >>> Xen-devel mailing list >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |