WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [XSM] Setting of ACM Policy

from [Kuniyasu Suzaki] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
From: Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx>
Date: Tue, 26 Aug 2008 17:46:04 +0900 (JST)
Delivery-date: Tue, 26 Aug 2008 01:46:27 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <48ADFE0E.6010000@xxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20080822.002323.189707358.k.suzaki@xxxxxxxxxx> <48ADFE0E.6010000@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Dilshan,

Thank you for your advice. I failed to build a xsm.
I rebuild and succeed.

=============================================================
# /etc/init.d/xend start
# xm getpolicy
Supported security subsystems   : ACM 

Policy name           : DEFAULT
Policy type           : ACM
Version of XML policy : 1.0
Policy configuration  : loaded, activated for boot
# xm list --label
Name                                        ID   Mem VCPUs      State   Time(s) 
Label     
Domain-0                                     0   464     1     r-----    244.2 
ACM:DEFAULT:SystemManagement
=============================================================

I tried the policy file 
"/etc/xen/acm-security/policies/DEFAULT-UL-security_policy.xml".
=============================================================
# xm setpolicy ACM DEFAULT-UL
Successfully set the new policy.
Supported security subsystems   : ACM

Policy name           : DEFAULT-UL
Policy type           : ACM
Version of XML policy : 1.0
Policy configuration  : loaded, activated for boot

# xm list --label
Name                                        ID   Mem VCPUs      State   Time(s) 
Label
Domain-0                                     0  1887     2     r-----    226.7 
ACM:DEFAULT-UL:SystemManagement
# xm resetpolicy
Successfully reset the system's policy.
=============================================================

By the way I cannot make the "DEFAULT-UL.bin" file.
Can't I set the .bin file at GRUB Menu?

------
suzaki

 >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>
 >>Hi Suzaki,
 >>
 >>It looks like a faulty build. (I could be wrong)
 >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you 
 >>must get ACM as the supported security subsystem when you run 'xm 
 >>getpolicy'.
 >>
 >>If you just run 'xm setpolicy', you should get error but it also tells 
 >>you the supported policy type
 >>(...The only policytype that is currently supported is 'ACM'...)
 >>
 >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm 
 >>setpolicy...' to covert xml to binary format and to activate the policy.
 >>
 >>But if the XSM is not build properly, none of the above will work.
 >>
 >>Hope this helps.
 >>
 >>Cheers,
 >>Dilshan
 >>
 >>Kuniyasu Suzaki wrote:
 >>> Hello,
 >>>
 >>> Please tell me how to setup ACM of XSM.
 >>> I could build a XSM but it doesn't work well.
 >>>   # xm getpolicy
 >>>   Supported security subsystems: None
 >>>
 >>> I guess it is caused by the lack of a policy file.
 >>> I referred the following manual and tried to create poly file. 
 >>>   http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
 >>>
 >>> The manual tells that the following command create a policy file
 >>> "mytest.bin".
 >>>   # xm setpolicy ACM mytest
 >>>
 >>> However the command doesn't work well. Please tell me create a policy 
 >>> file. 
 >>> I tried on Xen 3.2.1. Is the step obsolete?
 >>>
 >>> ------
 >>> suzaki
 >>>
 >>> _______________________________________________
 >>> Xen-devel mailing list
 >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>> http://lists.xensource.com/xen-devel
 >>>   

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Re: [Qemu-devel] [PATCH 1/2] xenner: add event channel implementation., Keir Fraser
Next by Date:  Re: [Xen-devel] Identifying pagetype in they hypervisor, Tim Deegan
Previous by Thread:  Re: [Xen-devel] [XSM] Setting of ACM Policy, Dilshan Jayarathna
Next by Thread:  Re: [Xen-devel] [XSM] Setting of ACM Policy, Dilshan Jayarathna
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy