WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [XSM] Setting of ACM Policy

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
From: Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx>
Date: Fri, 29 Aug 2008 19:17:12 +0900 (JST)
Delivery-date: Fri, 29 Aug 2008 03:17:35 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <48B49278.6010205@xxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <48ADFE0E.6010000@xxxxxxxxx> <20080826.174604.226774505.k.suzaki@xxxxxxxxxx> <48B49278.6010205@xxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Dilshan,

 >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>
 >>Suzaki,
 >>
 >>Kuniyasu Suzaki wrote:
 >>> # xm setpolicy ACM DEFAULT-UL
 >>> Successfully set the new policy.
 >>> Supported security subsystems   : ACM
 >>>
 >>> Policy name           : DEFAULT-UL
 >>> Policy type           : ACM
 >>> Version of XML policy : 1.0
 >>> Policy configuration  : loaded, activated for boot
 >>>
 >>> # xm list --label
 >>> Name                                        ID   Mem VCPUs      State   
 >>> Time(s) Label
 >>> Domain-0                                     0  1887     2     r-----    
 >>> 226.7 ACM:DEFAULT-UL:SystemManagement
 >>> # xm resetpolicy
 >>> Successfully reset the system's policy.
 >>> =============================================================
 >>>
 >>> By the way I cannot make the "DEFAULT-UL.bin" file.
 >>> Can't I set the .bin file at GRUB Menu?
 >>>
 >>>   
 >>It look like you already have DEFAULT-UL.bin file. Check /boot.
 >>You can manually set it in grub.conf as below:
 >>module /DEFAULT-UL.bin

Thank you. I found a .bin file. The .bin file is also created at 
"/var/lib/xend/security/policies/" .
I could set up it the GRUB Menu.

Unforunately the setting is re-written by "DEFAULT policy" when xend is started.
Can't we fix the policy at the boot time?

------
suzaki

 >>
 >>Cheers,
 >>Dilshan
 >>
 >>> ------
 >>> suzaki
 >>>
 >>>  >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>>  >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>>  >>
 >>>  >>Hi Suzaki,
 >>>  >>
 >>>  >>It looks like a faulty build. (I could be wrong)
 >>>  >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you 
 >>>  >>must get ACM as the supported security subsystem when you run 'xm 
 >>>  >>getpolicy'.
 >>>  >>
 >>>  >>If you just run 'xm setpolicy', you should get error but it also tells 
 >>>  >>you the supported policy type
 >>>  >>(...The only policytype that is currently supported is 'ACM'...)
 >>>  >>
 >>>  >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm 
 >>>  >>setpolicy...' to covert xml to binary format and to activate the policy.
 >>>  >>
 >>>  >>But if the XSM is not build properly, none of the above will work.
 >>>  >>
 >>>  >>Hope this helps.
 >>>  >>
 >>>  >>Cheers,
 >>>  >>Dilshan
 >>>  >>
 >>>  >>Kuniyasu Suzaki wrote:
 >>>  >>> Hello,
 >>>  >>>
 >>>  >>> Please tell me how to setup ACM of XSM.
 >>>  >>> I could build a XSM but it doesn't work well.
 >>>  >>>   # xm getpolicy
 >>>  >>>   Supported security subsystems: None
 >>>  >>>
 >>>  >>> I guess it is caused by the lack of a policy file.
 >>>  >>> I referred the following manual and tried to create poly file. 
 >>>  >>>   http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
 >>>  >>>
 >>>  >>> The manual tells that the following command create a policy file
 >>>  >>> "mytest.bin".
 >>>  >>>   # xm setpolicy ACM mytest
 >>>  >>>
 >>>  >>> However the command doesn't work well. Please tell me create a policy 
 >>> file. 
 >>>  >>> I tried on Xen 3.2.1. Is the step obsolete?
 >>>  >>>
 >>>  >>> ------
 >>>  >>> suzaki
 >>>  >>>
 >>>  >>> _______________________________________________
 >>>  >>> Xen-devel mailing list
 >>>  >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>>  >>> http://lists.xensource.com/xen-devel
 >>>  >>>   
 >>>
 >>> _______________________________________________
 >>> Xen-devel mailing list
 >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>> http://lists.xensource.com/xen-devel
 >>>   
 >>
 >>_______________________________________________
 >>Xen-devel mailing list
 >>Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>http://lists.xensource.com/xen-devel
 >>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>