WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Loading ACM policy in XSM

from [Syunsuke HAYASHI] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] Loading ACM policy in XSM
From: Syunsuke HAYASHI <syunsuke@xxxxxxxxxxxxxx>
Date: Thu, 30 Aug 2007 14:16:32 +0900
Delivery-date: Wed, 29 Aug 2007 22:17:47 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1188395455.3872.55.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OFF536A0E5.4DA57773-ON85257345.005EC4F0-85257345.005EFC34@xxxxxxxxxx> <46D4F586.1090007@xxxxxxxxxxxxxx> <1188395455.3872.55.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.5 (Windows/20070716) 
Hi, George.

I checked it as George said.
"Managed-policy" file is put on/etc/xen/acm-security/policies/example/ .

It shows following steps.

--1--
#pwd
/etc/xen/acm-security/policies/example
#ls
client_v1-security_policy.xml  client_v1.bin  client_v1.map
test-security_policy.xml

--2--
#xm makepolicy example.client_v1 <---- looks good
#xm cfgbootpolicy example.client_v1 <---- looks good
Boot entry 'xen-unstable0827' extended and 'example.client_v1.bin'
copied to /boot

--3--
#cat /etc/grub.conf
title xen-unstable0827
        root (hd0,0)
        kernel /xen.gz dom0_mem=1024M
        module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
        module /initrd-2.6.18-xen.img
        module /example.client_v1.bin
#cd /boot
#ls
System.map-2.6.18-xen         initrd-2.6.18-xen.img
vmlinuz-2.6.21-1.3194.fc7
System.map-2.6.21-1.3194.fc7  initrd-2.6.18-xenU.img
xen-3.0-unstable.gz
client_v1.bin                 initrd-2.6.21-1.3194.fc7.img  xen-3.0.gz
config-2.6.18-xen             lost+found                    xen-3.gz
config-2.6.21-1.3194.fc7      vmlinux-syms-2.6.18-xen
xen-syms-3.0-unstable
example.test.bin              vmlinuz-2.6-xen               xen.gz
grub                          vmlinuz-2.6.18-xen
example.client_v1.bin

--4--
#xm list --label  <-- I think the failure.
Name       ID   Mem  VCPUs   State   Time(s)  Label
Domain-0    0  1024   4     r-----     98.4  unlabeled

Is there any good idea ?

Thanks,

Syunsuke HAYASHI

> I believe that your 'managed_policies' file is missing or empty.  Please
> look at /etc/xen/acm-security/policies/managed_policies.  If this is a
> new installation, I do not believe that ACM will create the
> 'managed_policies' file.
> 
> George
> 
> On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
>> Hi,Stefan
>> Thank you for the help.
>>
>> I was not describing an ssidref=... in grub.conf.
>> I show grub.conf and dmesg when I execute "xm chgpolicy 
>> example.client_v1" command and reboot.
>>
>> ----------------------------grub.conf--------------------------------------
>> # grub.conf generated by anaconda
>> #
>> # Note that you do not have to rerun grub after making changes to this file
>> # NOTICE:  You have a /boot partition.  This means that
>> #          all kernel and initrd paths are relative to /boot/, eg.
>> #          root (hd0,0)
>> #          kernel /vmlinuz-version ro root=/dev/sda3
>> #          initrd /initrd-version.img
>> #boot=/dev/sda
>> default=0
>> timeout=5
>> splashimage=(hd0,0)/grub/splash.xpm.gz
>> hiddenmenu
>> title xen-unstable0827
>>      root (hd0,0)
>>      kernel /xen.gz dom0_mem=1024M
>>      module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
>>      module /initrd-2.6.18-xen.img
>>      module /example.client_v1.bin
>>
>>
>> -----------------------------dmesg----------------------------------------
>>   __  __            _____  ___                     _        _     _
>>   \ \/ /___ _ __   |___ / / _ \    _   _ _ __  ___| |_ __ _| |__ | | ___
>>    \  // _ \ '_ \    |_ \| | | |__| | | | '_ \/ __| __/ _` | '_ \| |/ _ \
>>    /  \  __/ | | |  ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | |  __/
>>   /_/\_\___|_| |_| |____(_)___/    \__,_|_| |_|___/\__\__,_|_.__/|_|\___|
>>
>>   http://www.cl.cam.ac.uk/netos/xen
>>   University of Cambridge Computer Laboratory
>>
>>   Xen version 3.0-unstable (root@xxxxxxxxxxxxxxxxxxxx) (gcc version 
>> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
>>   Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
>>
>> (XEN) Command line: /xen.gz dom0_mem=1024M
>> (XEN) Video information:
>> (XEN)  VGA is text mode 80x25, font 8x16
>> (XEN)  VBE/DDC methods: V2; EDID transfer time: 2 seconds
>> (XEN) Disc information:
>> (XEN)  Found 1 MBR signatures
>> (XEN)  Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN)  0000000000000000 - 000000000009f000 (usable)
>> (XEN)  000000000009f000 - 00000000000a0000 (reserved)
>> (XEN)  00000000000d6000 - 00000000000d8000 (reserved)
>> (XEN)  00000000000e0000 - 0000000000100000 (reserved)
>> (XEN)  0000000000100000 - 000000007fff0000 (usable)
>> (XEN)  000000007fff0000 - 000000007ffff000 (ACPI data)
>> (XEN)  000000007ffff000 - 0000000080000000 (ACPI NVS)
>> (XEN)  00000000fec00000 - 00000000fec10000 (reserved)
>> (XEN)  00000000fee00000 - 00000000fee01000 (reserved)
>> (XEN)  00000000fff80000 - 0000000100000000 (reserved)
>> (XEN) System RAM: 2047MB (2096700kB)
>> (XEN) Xen heap: 9MB (10168kB)
>> (XEN) Domain heap initialised: DMA width 32 bits
>> (XEN) PAE enabled, limit: 16 GB
>> (XEN) Processor #0 15:2 APIC version 20
>> (XEN) Processor #1 15:2 APIC version 20
>> (XEN) Processor #6 15:2 APIC version 20
>> (XEN) Processor #7 15:2 APIC version 20
>> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
>> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
>> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
>> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
>> (XEN) Enabling APIC mode:  Flat.  Using 4 I/O APICs
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Detected 3189.437 MHz processor.
>> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 1/1 eip 90000
>> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 2/6 eip 90000
>> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 3/7 eip 90000
>> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Total of 4 processors activated.
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN)  -> Using new ACK method
>> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
>> (XEN) Platform timer overflows in 234 jiffies.
>> (XEN) Platform timer is 3.579MHz ACPI PM Timer
>> (XEN) Brought up 4 CPUs
>> (XEN) Policy len  0x168, start at 3ffff000 - module 2.
>> (XEN) acm_set_policy_reference: Activating policy example.client_v1
>> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot 
>> policy.
>> (XEN) *** LOADING DOMAIN 0 ***
>> (XEN)  Xen  kernel: 32-bit, PAE, lsb
>> (XEN)  Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN)  Dom0 alloc.:   000000003e000000->000000003f000000 (258048 pages 
>> to be allocated)
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN)  Loaded kernel: c0100000->c044fb7c
>> (XEN)  Init. ramdisk: c0450000->c0bba600
>> (XEN)  Phys-Mach map: c0bbb000->c0cbb000
>> (XEN)  Start info:    c0cbb000->c0cbb46c
>> (XEN)  Page tables:   c0cbc000->c0cc9000
>> (XEN)  Boot stack:    c0cc9000->c0cca000
>> (XEN)  TOTAL:         c0000000->c1000000
>> (XEN)  ENTRY ADDRESS: c0100000
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initrd len 0x76a600, start at 0xc0450000
>> (XEN) Scrubbing Free RAM: .........done.
>> (XEN) Xen trace buffers: disabled
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch 
>> input to Xen).
>> (XEN) Freed 88kB init memory.
>> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
>> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
>> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
>> -------------------------------------------------------------------------
>> Is it good in this ?
>>
>> Syunsuke HAYASHI
>>  >
>>  > xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 08/27/2007 04:00:14 AM:
>>  >
>>  >  > Hi,
>>  >  > I have a problem about ACM module(hg.15730)
>>  >  > I want to label Domain-0.
>>  >  > I read xen user's manual v3.0 and "man xm" information.
>>  >  > ACM document mentions how to label Domain-0.
>>  >  > But I couldn't add the label when I tried the following steps.
>>  >  >
>>  >  >    (test1)
>>  >  >    #xm makepolicy example.client_v1
>>  >  >    #xm cfgbootpolicy example.client_v1
>>  >  >    #reboot
>>  >  >
>>  >  >    (test2)
>>  >  >    #xm setpolicy ACM example.client_v1
>>  >  >    #xm activatepolicy --boot
>>  >  >
>>  >  >    (result)
>>  >  >    [root@bx607 ~]# xm list --label
>>  >  >    Name     ID  Mem    VCPUs    State   Time(s) Label
>>  >  >    Domain-0  0  1024     4     r-----    105.1 unlabeled
>>  >  >
>>  >  > So,I tried to use "xm addlabel" command.
>>  >  >
>>  >  >    #xm makepolicy example.client_v1
>>  >  >    #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1
>>  >  >
>>  >  > But I couldn't again.
>>  >  >
>>  >  > Is there any good idea ?
>>  >
>>  > Is there an ssidref=... in the 'kernel' line in the grub title you 
>> are booting? Can you send this line and remove the ssidref=... and try 
>> again?
>>  > Otherwise if this is not the case, can you send the content of 'xm 
>> dmesg'?
>>  >
>>  >    Stefan
>>  >  >
>>  >  > Thanks,
>>  >  >
>>  >  > Syunsuke HAYASHI
>>  >  >
>>  >  >
>>  >  >
>>  >  >
>>  >  > _______________________________________________
>>  >  > Xen-devel mailing list
>>  >  > Xen-devel@xxxxxxxxxxxxxxxxxxx
>>  >  > http://lists.xensource.com/xen-devel
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
> 
> 


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Re: [Xen-devel] Loading ACM policy in XSM, Syunsuke HAYASHI
Next by Date:  RE: [Xen-devel] [PATCH] 1/2: cpufreq/PowerNow! in Xen: Time and platform changes, Tian, Kevin
Previous by Thread:  Re: [Xen-devel] Loading ACM policy in XSM, George S. Coker, II
Next by Thread:  [Xen-devel] [PATCH][QEMU] Allow more IDE power management, Ben Guthro
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy