 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] [XSM] Setting of ACM Policy
|
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 08/29/2008 06:17:12 AM: > Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx> > Sent by: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx > > 08/29/2008 06:17 AM > > To > > xen-devel@xxxxxxxxxxxxxxxxxxx > > cc > > Subject > > Re: [Xen-devel] [XSM] Setting of ACM Policy > > > Dilshan, > > >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> > >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy > >> > >>Suzaki, > >> > >>Kuniyasu Suzaki wrote: > >>> # xm setpolicy ACM DEFAULT-UL > >>> Successfully set the new policy. > >>> Supported security subsystems : ACM > >>> > >>> Policy name : DEFAULT-UL > >>> Policy type : ACM > >>> Version of XML policy : 1.0 > >>> Policy configuration : loaded, activated for boot > >>> > >>> # xm list --label > >>> Name ID Mem VCPUs > State Time(s) Label > >>> Domain-0 0 1887 2 > r----- 226.7 ACM:DEFAULT-UL:SystemManagement > >>> # xm resetpolicy > >>> Successfully reset the system's policy. > >>> ============================================================= > >>> > >>> By the way I cannot make the "DEFAULT-UL.bin" file. > >>> Can't I set the .bin file at GRUB Menu? > >>> > >>> > >>It look like you already have DEFAULT-UL.bin file. Check /boot. > >>You can manually set it in grub.conf as below: > >>module /DEFAULT-UL.bin > > Thank you. I found a .bin file. The .bin file is also created at "/ > var/lib/xend/security/policies/" . > I could set up it the GRUB Menu. You made a copy of the DEFAULT.bin file into /boot I hope. > > Unforunately the setting is re-written by "DEFAULT policy" when xend > is started. > Can't we fix the policy at the boot time? I am not sure what you mean by 'fix the policy at the boot time?'. You seem to be using an older version of Xen. Is there any possibility to move to 3.3.0? Stefan > > ------ > suzaki > > >> > >>Cheers, > >>Dilshan > >> > >>> ------ > >>> suzaki > >>> > >>> >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> > >>> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy > >>> >> > >>> >>Hi Suzaki, > >>> >> > >>> >>It looks like a faulty build. (I could be wrong) > >>> >>If you've set ACM_SECURITY ?= y in Config.mk when you > building xen, you > >>> >>must get ACM as the supported security subsystem when you run 'xm > >>> >>getpolicy'. > >>> >> > >>> >>If you just run 'xm setpolicy', you should get error but it > also tells > >>> >>you the supported policy type > >>> >>(...The only policytype that is currently supported is 'ACM'...) > >>> >> > >>> >>You can use xensec_ezpolicy to create a policy in xml > format. Then 'xm > >>> >>setpolicy...' to covert xml to binary format and to activate > the policy. > >>> >> > >>> >>But if the XSM is not build properly, none of the above will work. > >>> >> > >>> >>Hope this helps. > >>> >> > >>> >>Cheers, > >>> >>Dilshan > >>> >> > >>> >>Kuniyasu Suzaki wrote: > >>> >>> Hello, > >>> >>> > >>> >>> Please tell me how to setup ACM of XSM. > >>> >>> I could build a XSM but it doesn't work well. > >>> >>> # xm getpolicy > >>> >>> Supported security subsystems: None > >>> >>> > >>> >>> I guess it is caused by the lack of a policy file. > >>> >>> I referred the following manual and tried to create poly file. > >>> >>> http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf > >>> >>> > >>> >>> The manual tells that the following command create a policy file > >>> >>> "mytest.bin". > >>> >>> # xm setpolicy ACM mytest > >>> >>> > >>> >>> However the command doesn't work well. Please tell me > create a policy file. > >>> >>> I tried on Xen 3.2.1. Is the step obsolete? > >>> >>> > >>> >>> ------ > >>> >>> suzaki > >>> >>> > >>> >>> _______________________________________________ > >>> >>> Xen-devel mailing list > >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx > >>> >>> http://lists.xensource.com/xen-devel > >>> >>> > >>> > >>> _______________________________________________ > >>> Xen-devel mailing list > >>> Xen-devel@xxxxxxxxxxxxxxxxxxx > >>> http://lists.xensource.com/xen-devel > >>> > >> > >>_______________________________________________ > >>Xen-devel mailing list > >>Xen-devel@xxxxxxxxxxxxxxxxxxx > >>http://lists.xensource.com/xen-devel > >> > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] [PATCH] constify microcode hypercall argument, Jan Beulich |
|---|---|
| Next by Date: | [Xen-devel] [PATCH] linux: don't round up swiotlb slab count, Jan Beulich |
| Previous by Thread: | Re: [Xen-devel] [XSM] Setting of ACM Policy, Kuniyasu Suzaki |
| Next by Thread: | [Xen-devel] [PATCH 00/13] merge some xen bits into qemu, Gerd Hoffmann |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
