WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [XSM] Setting of ACM Policy

from [Dilshan Jayarathna] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
Date: Wed, 27 Aug 2008 09:32:08 +1000
Delivery-date: Tue, 26 Aug 2008 16:33:34 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20080826.174604.226774505.k.suzaki@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20080822.002323.189707358.k.suzaki@xxxxxxxxxx> <48ADFE0E.6010000@xxxxxxxxx> <20080826.174604.226774505.k.suzaki@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.16 (Windows/20080708) 
Suzaki,

Kuniyasu Suzaki wrote:

# xm setpolicy ACM DEFAULT-UL
Successfully set the new policy.
Supported security subsystems   : ACM

Policy name           : DEFAULT-UL
Policy type           : ACM
Version of XML policy : 1.0
Policy configuration  : loaded, activated for boot

# xm list --label
Name                                        ID   Mem VCPUs      State   Time(s) 
Label
Domain-0                                     0  1887     2     r-----    226.7 
ACM:DEFAULT-UL:SystemManagement
# xm resetpolicy
Successfully reset the system's policy.
=============================================================

By the way I cannot make the "DEFAULT-UL.bin" file.
Can't I set the .bin file at GRUB Menu?


It look like you already have DEFAULT-UL.bin file. Check /boot.
You can manually set it in grub.conf as below:
module /DEFAULT-UL.bin

Cheers,
Dilshan


------
suzaki

 >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>
 >>Hi Suzaki,
 >>
 >>It looks like a faulty build. (I could be wrong)
>>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you >>must get ACM as the supported security subsystem when you run 'xm >>getpolicy'. 
 >>
>>If you just run 'xm setpolicy', you should get error but it also tells >>you the supported policy type 
 >>(...The only policytype that is currently supported is 'ACM'...)
 >>
>>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm >>setpolicy...' to covert xml to binary format and to activate the policy. 
 >>
 >>But if the XSM is not build properly, none of the above will work.
 >>
 >>Hope this helps.
 >>
 >>Cheers,
 >>Dilshan
 >>
 >>Kuniyasu Suzaki wrote:
 >>> Hello,
 >>>
 >>> Please tell me how to setup ACM of XSM.
 >>> I could build a XSM but it doesn't work well.
 >>>   # xm getpolicy
 >>>   Supported security subsystems: None
 >>>
 >>> I guess it is caused by the lack of a policy file.
>>> I referred the following manual and tried to create poly file. >>> http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf 
 >>>
 >>> The manual tells that the following command create a policy file
 >>> "mytest.bin".
 >>>   # xm setpolicy ACM mytest
 >>>
>>> However the command doesn't work well. Please tell me create a policy file. >>> I tried on Xen 3.2.1. Is the step obsolete? 
 >>>
 >>> ------
 >>> suzaki
 >>>
 >>> _______________________________________________
 >>> Xen-devel mailing list
 >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>> http://lists.xensource.com/xen-devel
>>> 
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] xen/Makefile: use CC --version instead of -v, Robert Buchholz
Next by Date:  Re: [Xen-devel] PV Grub Questions, Samuel Thibault
Previous by Thread:  Re: [Xen-devel] [XSM] Setting of ACM Policy, Kuniyasu Suzaki
Next by Thread:  Re: [Xen-devel] [XSM] Setting of ACM Policy, Kuniyasu Suzaki
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy