[Xen-devel] question about xm getpolicy with ACM/XSM enabled

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] question about xm getpolicy with ACM/XSM enabled
From:	Yanjun Wu <yanjun.wu@xxxxxxxxx>
Date:	Wed, 6 May 2009 17:01:34 +0800
Delivery-date:	Wed, 06 May 2009 02:02:02 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=aUXvUANGpNdbGi8sYRP+q/bPkw9olvKnd6x4xsFvs2w=; b=hwmkQgZ2hL9ZM55hdYPP8LBSpjIpEGCMRnv31GkBH40p7enQfusdDD9kpC1B600Ehw aIbhyE0ojQ66c9a8IBXPd3dgnvLrqILWzSNg/KDNOjqEQzfwmWOghJm19i3VJ6axy9WA 4v6zOxSROY8tpLm+ivYKk40TRH65VuP4zrBEE=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=FB84zSdSK2Y0Q2Hu6wSfGPW/t35jAecIoBb/SgwcH4dhwpwWwR6x6CtDbqlQIplkbI 427cXubqFD/ENEkBojNVH3K/Qggtc4CG5C+siD9egPQlq3EKZ4qr2gJ7SKQxUFulJx+l AXYs/jA68ew8DOKdHSzFnRhkrXRC+tR+4W+NY=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

I use xen-3.3.1 and 2.6.18 dom0, and enabled XSM/ACM by changing Config.mk as
XSM_ENABLE ?= y
FLASK_ENABLE ?= n
ACM_SECURITY ?= y

After "make dist clean", "make dist" and "make install", the system
boots with new xen-3.3.1.gz successfully.
I can see the following messages in "xm dmesg":
(XEN) XSM Framework v1.0.0 initialized
(XEN) ACM-XSM:  Initializing.
(XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE
ENFORCEMENT).

And if I use "xensec_tool getpolicy", it outputs as follows:
<snip>
Policy dump:
============
POLICY REFERENCE = DEFAULT.
PolicyVer = 0.
XML Vers. = 0.0
Magic     = 1debc.
Len       = 9c.
Primary   = CHINESE WALL (c=1, off=4c).
Secondary = SIMPLE TYPE ENFORCEMENT (c=2, off=7c).


Chinese Wall policy:
====================
Policy version= 0.
Max Types     = 1.
Max Ssidrefs  = 2.
Max ConfSets  = 1.
Ssidrefs Off  = 24.
Conflicts Off = 28.
Runing T. Off = 2a.
C. Agg. Off   = 2c.

SSID To CHWALL-Type matrix:

   ssidref 0:  00
   ssidref 1:  00  <-- Domain-0

Confict Sets:

   c-set 0:    00

Running
Types:         00

Conflict
Aggregate Set: 00


Simple Type Enforcement policy:
===============================
Policy version= 0.
Max Types     = 2.
Max Ssidrefs  = 2.
Ssidrefs Off  = 14.

SSID To STE-Type matrix:

   ssidref 0: 00 01
   ssidref 1: 01 01  <-- Domain-0

</snip>

The question is, when I try "xm getpolicy", it always says:
Supported security subsystems   : None
No policy is installed.

and other commands like "xm setpolicy ACM example.test" cannot work as well.

any hint?  Thanks.

-- 
Yanjun Wu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] question about xm getpolicy with ACM/XSM enabled