[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [XSM] Setting of ACM Policy
Hi Kuniyasu, What is your default boot entry in grub menu?XSM seems to set the policy ref (e.g. ssidref=0x00010001:ACM:mytest:SystemManagement) and the 'module /<policy_name>.bin' in default entry. But I recommend Stefan's advice and try to move to 3.3.0.I am also having some local time issues when I tried to create HVM guests and it seems to be known bug, which has been fixed in 3.3.0. I am planning to build 3.3.0 soon. Regards, Dilshan Please CC to me if you're replying since I am only getting the digest Date: Tue, 02 Sep 2008 18:03:32 +0900 (JST) From: Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx> Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy To: xen-devel@xxxxxxxxxxxxxxxxxxx Message-ID: <20080902.180332.193697797.k.suzaki@xxxxxxxxxx> Content-Type: Text/Plain; charset=us-ascii Stefan, >>From: Stefan Berger <stefanb@xxxxxxxxxx> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >> >>> Unforunately the setting is re-written by "DEFAULT policy" when xend >>> is started. >>> Can't we fix the policy at the boot time? >> >>I am not sure what you mean by 'fix the policy at the boot time?'. When I set up a policy at GRUB menu, the policy becomes immutably till shutdown. I don't want the policy to be changed by any commands.However "xend" and "xm" command change the policy easily on the current implementation. Should I use the Mandatory Access Control of SE-Linux on Dom0 to keep the policy?>>You seem to be using an older version of Xen. Is there any possibility to >>move to 3.3.0?When I tried xsm, Xen3.2.1 was the latest stable version. I will move to 3.3.0.----- suzaki >>> >> >>> >>Cheers, >>> >>Dilshan >>> >> >>> >>> ------ >>> >>> suzaki >>> >>> >>> >>> >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> >>> >>> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >>> >>> >> >>> >>> >>Hi Suzaki, >>> >>> >> >>> >>> >>It looks like a faulty build. (I could be wrong)>>> >>> >>If you've set ACM_SECURITY ?= y in Config.mk when you >>> building xen, you >>> >>> >>must get ACM as the supported security subsystem when you run >>'xm >>> >>> >>getpolicy'.>>> >>> >>>>> >>> >>If you just run 'xm setpolicy', you should get error but it >>> also tells >>> >>> >>you the supported policy type>>> >>> >>(...The only policytype that is currently supported is 'ACM'...) >>> >>> >>>>> >>> >>You can use xensec_ezpolicy to create a policy in xml >>> format. Then 'xm >>> >>> >>setpolicy...' to covert xml to binary format and to activate>>> the policy. >>> >>> >>>>> >>> >>But if the XSM is not build properly, none of the above will >>work.>>> >>> >> >>> >>> >>Hope this helps. >>> >>> >> >>> >>> >>Cheers, >>> >>> >>Dilshan >>> >>> >> >>> >>> >>Kuniyasu Suzaki wrote: >>> >>> >>> Hello, >>> >>> >>> >>> >>> >>> Please tell me how to setup ACM of XSM. >>> >>> >>> I could build a XSM but it doesn't work well. >>> >>> >>> # xm getpolicy >>> >>> >>> Supported security subsystems: None >>> >>> >>> >>> >>> >>> I guess it is caused by the lack of a policy file.>>> >>> >>> I referred the following manual and tried to create poly file. >> >>> >>> >>> >>http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf>>> >>> >>>>>> >>> >>> The manual tells that the following command create a policy >>file>>> >>> >>> "mytest.bin". >>> >>> >>> # xm setpolicy ACM mytest >>> >>> >>>>>> >>> >>> However the command doesn't work well. Please tell me >>> create a policy file. >>> >>> >>> I tried on Xen 3.2.1. Is the step obsolete?>>> >>> >>> >>> >>> >>> ------ >>> >>> >>> suzaki >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> >>> Xen-devel mailing list >>> >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>> >>> http://lists.xensource.com/xen-devel>>> >>> >>> >>> >>>>>> >>> _______________________________________________ >>> >>> Xen-devel mailing list >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>> http://lists.xensource.com/xen-devel>>> >>> >>> >>>>> >>_______________________________________________ >>> >>Xen-devel mailing list >>> >>Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>http://lists.xensource.com/xen-devel >>> >>>>> >>> _______________________________________________>>> Xen-devel mailing list >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-devel ------------------------------ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel End of Xen-devel Digest, Vol 43, Issue 10 ***************************************** _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |