[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Tue, 7 Oct 2008 16:11:42 -0400
Cc: Keir Fraser <keir.fraser@xxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 07 Oct 2008 13:12:41 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008 03:57:54 PM: > Subject
> > Re: [PATCH] [Flask] Fix to default policy to get simple VM running
> > > Would you send me your config file for this guest?

Here it is:

kernel = "/boot/vmlinuz-2.6.18.8-xen"
ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
memory = 256
name = "UserDomain0"
root = "/dev/ram0 xencons=tty ro"
vif = ['backend=0']
access_control = ['policy=,label=system_u:object_r:domU_t']

Stefan

> > On 10/7/08 3:33 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:
> > "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008 > 03:28:05 PM: > > > > I've been looking into this issue as a result of your earlier post and I > > have only been able to reproduce your error when manipulating the memory > > reservations for a domU. The sample flask policy is a basic policy that > > only supports pv guests, so its not surprising that you've uncovered a > > limitation of this policy. Nonetheless, your patch should go in. > > > > It's a little unclear how many guests you are running or what resources are > > committed against the domUs. How many domUs are you trying to supporting? > > Do you only get the error with more than a few domUs? > > Just starting a single domU required me to add this rule. 2 more > rules are needed to start a domU with networking enabled - see 2nd patch. > > Stefan > > > > > On 10/7/08 3:03 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote: > > > > > This fix gets to the default Flask/XSM policy gets a simple guest VM > > > (Ramdisk only, no VIF) running. > > > > > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> > > > > > > > -- > > George S. Coker, II <gscoker@xxxxxxxxxxxxxx> > > > >
> > -- > George S. Coker, II <gscoker@xxxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running
  - From: Stefan Berger
- [Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running
  - From: George S. Coker, II

Prev by Date: [Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running
Next by Date: Re: [Xen-devel] Mapping hvm guest pages in Dom0
Previous by thread: [Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running
Next by thread: [Xen-devel] [PATCH] [Flask] Add 2 permissions to the default flask policy to get a VIF-enabled guest to work
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.