Hi, George.
I checked it as George said.
"Managed-policy" file is put on/etc/xen/acm-security/policies/example/ .
It shows following steps.
--1--
#pwd
/etc/xen/acm-security/policies/example
#ls
client_v1-security_policy.xml client_v1.bin client_v1.map
test-security_policy.xml
--2--
#xm makepolicy example.client_v1 <---- looks good
#xm cfgbootpolicy example.client_v1 <---- looks good
Boot entry 'xen-unstable0827' extended and 'example.client_v1.bin'
copied to /boot
--3--
#cat /etc/grub.conf
title xen-unstable0827
root (hd0,0)
kernel /xen.gz dom0_mem=1024M
module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
module /initrd-2.6.18-xen.img
module /example.client_v1.bin
#cd /boot
#ls
System.map-2.6.18-xen initrd-2.6.18-xen.img
vmlinuz-2.6.21-1.3194.fc7
System.map-2.6.21-1.3194.fc7 initrd-2.6.18-xenU.img
xen-3.0-unstable.gz
client_v1.bin initrd-2.6.21-1.3194.fc7.img xen-3.0.gz
config-2.6.18-xen lost+found xen-3.gz
config-2.6.21-1.3194.fc7 vmlinux-syms-2.6.18-xen
xen-syms-3.0-unstable
example.test.bin vmlinuz-2.6-xen xen.gz
grub vmlinuz-2.6.18-xen
example.client_v1.bin
--4--
#xm list --label <-- I think the failure.
Name ID Mem VCPUs State Time(s) Label
Domain-0 0 1024 4 r----- 98.4 unlabeled
Is there any good idea ?
Thanks,
Syunsuke HAYASHI
> I believe that your 'managed_policies' file is missing or empty. Please
> look at /etc/xen/acm-security/policies/managed_policies. If this is a
> new installation, I do not believe that ACM will create the
> 'managed_policies' file.
>
> George
>
> On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
>> Hi,Stefan
>> Thank you for the help.
>>
>> I was not describing an ssidref=... in grub.conf.
>> I show grub.conf and dmesg when I execute "xm chgpolicy
>> example.client_v1" command and reboot.
>>
>> ----------------------------grub.conf--------------------------------------
>> # grub.conf generated by anaconda
>> #
>> # Note that you do not have to rerun grub after making changes to this file
>> # NOTICE: You have a /boot partition. This means that
>> # all kernel and initrd paths are relative to /boot/, eg.
>> # root (hd0,0)
>> # kernel /vmlinuz-version ro root=/dev/sda3
>> # initrd /initrd-version.img
>> #boot=/dev/sda
>> default=0
>> timeout=5
>> splashimage=(hd0,0)/grub/splash.xpm.gz
>> hiddenmenu
>> title xen-unstable0827
>> root (hd0,0)
>> kernel /xen.gz dom0_mem=1024M
>> module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
>> module /initrd-2.6.18-xen.img
>> module /example.client_v1.bin
>>
>>
>> -----------------------------dmesg----------------------------------------
>> __ __ _____ ___ _ _ _
>> \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | | ___
>> \ // _ \ '_ \ |_ \| | | |__| | | | '_ \/ __| __/ _` | '_ \| |/ _ \
>> / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | | __/
>> /_/\_\___|_| |_| |____(_)___/ \__,_|_| |_|___/\__\__,_|_.__/|_|\___|
>>
>> http://www.cl.cam.ac.uk/netos/xen
>> University of Cambridge Computer Laboratory
>>
>> Xen version 3.0-unstable (root@xxxxxxxxxxxxxxxxxxxx) (gcc version
>> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
>> Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
>>
>> (XEN) Command line: /xen.gz dom0_mem=1024M
>> (XEN) Video information:
>> (XEN) VGA is text mode 80x25, font 8x16
>> (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds
>> (XEN) Disc information:
>> (XEN) Found 1 MBR signatures
>> (XEN) Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN) 0000000000000000 - 000000000009f000 (usable)
>> (XEN) 000000000009f000 - 00000000000a0000 (reserved)
>> (XEN) 00000000000d6000 - 00000000000d8000 (reserved)
>> (XEN) 00000000000e0000 - 0000000000100000 (reserved)
>> (XEN) 0000000000100000 - 000000007fff0000 (usable)
>> (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data)
>> (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS)
>> (XEN) 00000000fec00000 - 00000000fec10000 (reserved)
>> (XEN) 00000000fee00000 - 00000000fee01000 (reserved)
>> (XEN) 00000000fff80000 - 0000000100000000 (reserved)
>> (XEN) System RAM: 2047MB (2096700kB)
>> (XEN) Xen heap: 9MB (10168kB)
>> (XEN) Domain heap initialised: DMA width 32 bits
>> (XEN) PAE enabled, limit: 16 GB
>> (XEN) Processor #0 15:2 APIC version 20
>> (XEN) Processor #1 15:2 APIC version 20
>> (XEN) Processor #6 15:2 APIC version 20
>> (XEN) Processor #7 15:2 APIC version 20
>> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
>> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
>> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
>> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
>> (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Detected 3189.437 MHz processor.
>> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 1/1 eip 90000
>> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 2/6 eip 90000
>> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 3/7 eip 90000
>> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Total of 4 processors activated.
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN) -> Using new ACK method
>> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
>> (XEN) Platform timer overflows in 234 jiffies.
>> (XEN) Platform timer is 3.579MHz ACPI PM Timer
>> (XEN) Brought up 4 CPUs
>> (XEN) Policy len 0x168, start at 3ffff000 - module 2.
>> (XEN) acm_set_policy_reference: Activating policy example.client_v1
>> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot
>> policy.
>> (XEN) *** LOADING DOMAIN 0 ***
>> (XEN) Xen kernel: 32-bit, PAE, lsb
>> (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048 pages
>> to be allocated)
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN) Loaded kernel: c0100000->c044fb7c
>> (XEN) Init. ramdisk: c0450000->c0bba600
>> (XEN) Phys-Mach map: c0bbb000->c0cbb000
>> (XEN) Start info: c0cbb000->c0cbb46c
>> (XEN) Page tables: c0cbc000->c0cc9000
>> (XEN) Boot stack: c0cc9000->c0cca000
>> (XEN) TOTAL: c0000000->c1000000
>> (XEN) ENTRY ADDRESS: c0100000
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initrd len 0x76a600, start at 0xc0450000
>> (XEN) Scrubbing Free RAM: .........done.
>> (XEN) Xen trace buffers: disabled
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
>> input to Xen).
>> (XEN) Freed 88kB init memory.
>> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
>> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
>> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
>> -------------------------------------------------------------------------
>> Is it good in this ?
>>
>> Syunsuke HAYASHI
>> >
>> > xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 08/27/2007 04:00:14 AM:
>> >
>> > > Hi,
>> > > I have a problem about ACM module(hg.15730)
>> > > I want to label Domain-0.
>> > > I read xen user's manual v3.0 and "man xm" information.
>> > > ACM document mentions how to label Domain-0.
>> > > But I couldn't add the label when I tried the following steps.
>> > >
>> > > (test1)
>> > > #xm makepolicy example.client_v1
>> > > #xm cfgbootpolicy example.client_v1
>> > > #reboot
>> > >
>> > > (test2)
>> > > #xm setpolicy ACM example.client_v1
>> > > #xm activatepolicy --boot
>> > >
>> > > (result)
>> > > [root@bx607 ~]# xm list --label
>> > > Name ID Mem VCPUs State Time(s) Label
>> > > Domain-0 0 1024 4 r----- 105.1 unlabeled
>> > >
>> > > So,I tried to use "xm addlabel" command.
>> > >
>> > > #xm makepolicy example.client_v1
>> > > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1
>> > >
>> > > But I couldn't again.
>> > >
>> > > Is there any good idea ?
>> >
>> > Is there an ssidref=... in the 'kernel' line in the grub title you
>> are booting? Can you send this line and remove the ssidref=... and try
>> again?
>> > Otherwise if this is not the case, can you send the content of 'xm
>> dmesg'?
>> >
>> > Stefan
>> > >
>> > > Thanks,
>> > >
>> > > Syunsuke HAYASHI
>> > >
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Xen-devel mailing list
>> > > Xen-devel@xxxxxxxxxxxxxxxxxxx
>> > > http://lists.xensource.com/xen-devel
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|