WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM r

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Tue, 7 Oct 2008 16:11:42 -0400
Cc: Keir Fraser <keir.fraser@xxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 07 Oct 2008 13:12:41 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C5113782.2160A%gscoker@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <OF1A1448FB.E29A9F83-ON852574DB.006B3F3D-852574DB.006B7421@xxxxxxxxxx> <C5113782.2160A%gscoker@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008 03:57:54 PM:


> Subject

>
> Re: [PATCH] [Flask] Fix to default policy to get simple VM running

>
>
> Would you send me your config file for this guest?


Here it is:

kernel = "/boot/vmlinuz-2.6.18.8-xen"
ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
memory = 256
name = "UserDomain0"
root = "/dev/ram0 xencons=tty ro"
vif = ['backend=0']
access_control = ['policy=,label=system_u:object_r:domU_t']

    Stefan



>
> On 10/7/08 3:33 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:

>
> "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008
> 03:28:05 PM:
> >
> > I've been looking into this issue as a result of your earlier post and I
> > have only been able to reproduce your error when manipulating the memory
> > reservations for a domU.  The sample flask policy is a basic policy that
> > only supports pv guests, so its not surprising that you've uncovered a
> > limitation of this policy.  Nonetheless, your patch should go in.
> >
> > It's a little unclear how many guests you are running or what resources are
> > committed against the domUs.  How many domUs are you trying to supporting?
> > Do you only get the error with more than a few domUs?
>
> Just starting a single domU required me to add this rule. 2 more
> rules are needed to start a domU with networking enabled - see 2nd patch.
>
>   Stefan
>
> >
> > On 10/7/08 3:03 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:
> >
> > > This fix gets to the default Flask/XSM policy gets a simple guest VM
> > > (Ramdisk only, no VIF) running.
> > >
> > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
> > >
> >
> > --
> > George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
> >
> >

>
> --
> George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel