WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Loading ACM policy in XSM

I believe that your 'managed_policies' file is missing or empty.  Please
look at /etc/xen/acm-security/policies/managed_policies.  If this is a
new installation, I do not believe that ACM will create the
'managed_policies' file.

George

On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
> Hi,Stefan
> Thank you for the help.
> 
> I was not describing an ssidref=... in grub.conf.
> I show grub.conf and dmesg when I execute "xm chgpolicy 
> example.client_v1" command and reboot.
> 
> ----------------------------grub.conf--------------------------------------
> # grub.conf generated by anaconda
> #
> # Note that you do not have to rerun grub after making changes to this file
> # NOTICE:  You have a /boot partition.  This means that
> #          all kernel and initrd paths are relative to /boot/, eg.
> #          root (hd0,0)
> #          kernel /vmlinuz-version ro root=/dev/sda3
> #          initrd /initrd-version.img
> #boot=/dev/sda
> default=0
> timeout=5
> splashimage=(hd0,0)/grub/splash.xpm.gz
> hiddenmenu
> title xen-unstable0827
>      root (hd0,0)
>      kernel /xen.gz dom0_mem=1024M
>      module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
>      module /initrd-2.6.18-xen.img
>      module /example.client_v1.bin
> 
> 
> -----------------------------dmesg----------------------------------------
>   __  __            _____  ___                     _        _     _
>   \ \/ /___ _ __   |___ / / _ \    _   _ _ __  ___| |_ __ _| |__ | | ___
>    \  // _ \ '_ \    |_ \| | | |__| | | | '_ \/ __| __/ _` | '_ \| |/ _ \
>    /  \  __/ | | |  ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | |  __/
>   /_/\_\___|_| |_| |____(_)___/    \__,_|_| |_|___/\__\__,_|_.__/|_|\___|
> 
>   http://www.cl.cam.ac.uk/netos/xen
>   University of Cambridge Computer Laboratory
> 
>   Xen version 3.0-unstable (root@xxxxxxxxxxxxxxxxxxxx) (gcc version 
> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
>   Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
> 
> (XEN) Command line: /xen.gz dom0_mem=1024M
> (XEN) Video information:
> (XEN)  VGA is text mode 80x25, font 8x16
> (XEN)  VBE/DDC methods: V2; EDID transfer time: 2 seconds
> (XEN) Disc information:
> (XEN)  Found 1 MBR signatures
> (XEN)  Found 1 EDD information structures
> (XEN) Xen-e820 RAM map:
> (XEN)  0000000000000000 - 000000000009f000 (usable)
> (XEN)  000000000009f000 - 00000000000a0000 (reserved)
> (XEN)  00000000000d6000 - 00000000000d8000 (reserved)
> (XEN)  00000000000e0000 - 0000000000100000 (reserved)
> (XEN)  0000000000100000 - 000000007fff0000 (usable)
> (XEN)  000000007fff0000 - 000000007ffff000 (ACPI data)
> (XEN)  000000007ffff000 - 0000000080000000 (ACPI NVS)
> (XEN)  00000000fec00000 - 00000000fec10000 (reserved)
> (XEN)  00000000fee00000 - 00000000fee01000 (reserved)
> (XEN)  00000000fff80000 - 0000000100000000 (reserved)
> (XEN) System RAM: 2047MB (2096700kB)
> (XEN) Xen heap: 9MB (10168kB)
> (XEN) Domain heap initialised: DMA width 32 bits
> (XEN) PAE enabled, limit: 16 GB
> (XEN) Processor #0 15:2 APIC version 20
> (XEN) Processor #1 15:2 APIC version 20
> (XEN) Processor #6 15:2 APIC version 20
> (XEN) Processor #7 15:2 APIC version 20
> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
> (XEN) Enabling APIC mode:  Flat.  Using 4 I/O APICs
> (XEN) Using scheduler: SMP Credit Scheduler (credit)
> (XEN) Detected 3189.437 MHz processor.
> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> (XEN) Booting processor 1/1 eip 90000
> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> (XEN) Booting processor 2/6 eip 90000
> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> (XEN) Booting processor 3/7 eip 90000
> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> (XEN) Total of 4 processors activated.
> (XEN) ENABLING IO-APIC IRQs
> (XEN)  -> Using new ACK method
> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
> (XEN) Platform timer overflows in 234 jiffies.
> (XEN) Platform timer is 3.579MHz ACPI PM Timer
> (XEN) Brought up 4 CPUs
> (XEN) Policy len  0x168, start at 3ffff000 - module 2.
> (XEN) acm_set_policy_reference: Activating policy example.client_v1
> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot 
> policy.
> (XEN) *** LOADING DOMAIN 0 ***
> (XEN)  Xen  kernel: 32-bit, PAE, lsb
> (XEN)  Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
> (XEN) PHYSICAL MEMORY ARRANGEMENT:
> (XEN)  Dom0 alloc.:   000000003e000000->000000003f000000 (258048 pages 
> to be allocated)
> (XEN) VIRTUAL MEMORY ARRANGEMENT:
> (XEN)  Loaded kernel: c0100000->c044fb7c
> (XEN)  Init. ramdisk: c0450000->c0bba600
> (XEN)  Phys-Mach map: c0bbb000->c0cbb000
> (XEN)  Start info:    c0cbb000->c0cbb46c
> (XEN)  Page tables:   c0cbc000->c0cc9000
> (XEN)  Boot stack:    c0cc9000->c0cca000
> (XEN)  TOTAL:         c0000000->c1000000
> (XEN)  ENTRY ADDRESS: c0100000
> (XEN) Dom0 has maximum 4 VCPUs
> (XEN) Initrd len 0x76a600, start at 0xc0450000
> (XEN) Scrubbing Free RAM: .........done.
> (XEN) Xen trace buffers: disabled
> (XEN) Std. Loglevel: Errors and warnings
> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
> (XEN) Xen is relinquishing VGA console.
> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch 
> input to Xen).
> (XEN) Freed 88kB init memory.
> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
> -------------------------------------------------------------------------
> Is it good in this ?
> 
> Syunsuke HAYASHI
>  >
>  > xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 08/27/2007 04:00:14 AM:
>  >
>  >  > Hi,
>  >  > I have a problem about ACM module(hg.15730)
>  >  > I want to label Domain-0.
>  >  > I read xen user's manual v3.0 and "man xm" information.
>  >  > ACM document mentions how to label Domain-0.
>  >  > But I couldn't add the label when I tried the following steps.
>  >  >
>  >  >    (test1)
>  >  >    #xm makepolicy example.client_v1
>  >  >    #xm cfgbootpolicy example.client_v1
>  >  >    #reboot
>  >  >
>  >  >    (test2)
>  >  >    #xm setpolicy ACM example.client_v1
>  >  >    #xm activatepolicy --boot
>  >  >
>  >  >    (result)
>  >  >    [root@bx607 ~]# xm list --label
>  >  >    Name     ID  Mem    VCPUs    State   Time(s) Label
>  >  >    Domain-0  0  1024     4     r-----    105.1 unlabeled
>  >  >
>  >  > So,I tried to use "xm addlabel" command.
>  >  >
>  >  >    #xm makepolicy example.client_v1
>  >  >    #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1
>  >  >
>  >  > But I couldn't again.
>  >  >
>  >  > Is there any good idea ?
>  >
>  > Is there an ssidref=... in the 'kernel' line in the grub title you 
> are booting? Can you send this line and remove the ssidref=... and try 
> again?
>  > Otherwise if this is not the case, can you send the content of 'xm 
> dmesg'?
>  >
>  >    Stefan
>  >  >
>  >  > Thanks,
>  >  >
>  >  > Syunsuke HAYASHI
>  >  >
>  >  >
>  >  >
>  >  >
>  >  > _______________________________________________
>  >  > Xen-devel mailing list
>  >  > Xen-devel@xxxxxxxxxxxxxxxxxxx
>  >  > http://lists.xensource.com/xen-devel
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>