|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] stubdom migration failure on merlot* XSM related (Was: [adhoc test] 65682: tolerable FAIL])
On Mon, Dec 14, 2015 at 10:14 AM, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote: > On Fri, 2015-12-11 at 15:16 +0000, Ian Campbell wrote: >> >> I have a new flight going on (65755) with flask=permissive instead of >> flask=enforcing (assuming I didn't botch the osstest modifications to >> support that setting via a runvar). > > I did botch the mods, but luckily permissive is the default, so I got what > I wanted ;-) > >> If that test passes, prints the AVC message but not the missing IRQ message >> then I think that would be our smoking gun. > > http://logs.test-lab.xenproject.org/osstest/logs/65758/ > > From serial-merlot1.log: > > Dec 11 18:01:57.001037 (XEN) Flask: 64 avtab hash slots, 236 rules. > Dec 11 18:01:57.009023 (XEN) Flask: 64 avtab hash slots, 236 rules. > Dec 11 18:01:57.017004 (XEN) Flask: 3 users, 3 roles, 36 types, 2 bools > Dec 11 18:01:57.017038 (XEN) Flask: 12 classes, 236 rules > Dec 11 18:01:57.025015 (XEN) Flask: Starting in permissive mode. > [...] > Dec 11 18:06:01.229194 (XEN) avc: denied { pcilevel } for domid=2 target=1 > scontext=system_u:system_r:dm_dom_t tcontext=system_u:system_r:domU_t_target > tclass=hvm > > http://logs.test-lab.xenproject.org/osstest/logs/65758/test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm/merlot1---var-log-xen-qemu-dm-debianhvm.guest.osstest--incoming.log.10 So wait -- does flask not report denials when in enforcing mode? I can see the point of not letting a rogue / misconfigured guest DoS your logs, but it seems like some sort of rate-limiting would be a better solution than just not printing anything. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |