WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [XSM] Setting of ACM Policy

from [Kuniyasu Suzaki] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
From: Kuniyasu Suzaki <k.suzaki@xxxxxxxxxx>
Date: Tue, 02 Sep 2008 18:03:32 +0900 (JST)
Delivery-date: Tue, 02 Sep 2008 02:03:58 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OF7DCE1233.F24C8584-ON852574B4.004702F4-852574B4.00474716@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <48B49278.6010205@xxxxxxxxx> <20080829.191712.189729447.k.suzaki@xxxxxxxxxx> <OF7DCE1233.F24C8584-ON852574B4.004702F4-852574B4.00474716@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Stefan,

 >>From: Stefan Berger <stefanb@xxxxxxxxxx>
 >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>
 >>> Unforunately the setting is re-written by "DEFAULT policy" when xend
 >>> is started.
 >>> Can't we fix the policy at the boot time?
 >>
 >>I am not sure what you mean by 'fix the policy at the boot time?'.

When I set up a policy at GRUB menu, the policy becomes immutably till shutdown.
I don't want the policy to be changed by any commands.

However "xend" and "xm" command change the policy easily on the current 
implementation. 
Should I use the Mandatory Access Control of SE-Linux on Dom0 to keep the 
policy?

 >>You seem to be using an older version of Xen. Is there any possibility to 
 >>move to 3.3.0?

When I tried xsm, Xen3.2.1 was the latest stable version. 
I will move to 3.3.0.

-----
suzaki

 >>>  >>
 >>>  >>Cheers,
 >>>  >>Dilshan
 >>>  >>
 >>>  >>> ------
 >>>  >>> suzaki
 >>>  >>>
 >>>  >>>  >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>>  >>>  >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>>  >>>  >>
 >>>  >>>  >>Hi Suzaki,
 >>>  >>>  >>
 >>>  >>>  >>It looks like a faulty build. (I could be wrong)
 >>>  >>>  >>If you've set ACM_SECURITY ?= y in Config.mk when you 
 >>> building xen, you 
 >>>  >>>  >>must get ACM as the supported security subsystem when you run 
 >>'xm 
 >>>  >>>  >>getpolicy'.
 >>>  >>>  >>
 >>>  >>>  >>If you just run 'xm setpolicy', you should get error but it 
 >>> also tells 
 >>>  >>>  >>you the supported policy type
 >>>  >>>  >>(...The only policytype that is currently supported is 'ACM'...)
 >>>  >>>  >>
 >>>  >>>  >>You can use xensec_ezpolicy to create a policy in xml 
 >>> format. Then 'xm 
 >>>  >>>  >>setpolicy...' to covert xml to binary format and to activate
 >>> the policy.
 >>>  >>>  >>
 >>>  >>>  >>But if the XSM is not build properly, none of the above will 
 >>work.
 >>>  >>>  >>
 >>>  >>>  >>Hope this helps.
 >>>  >>>  >>
 >>>  >>>  >>Cheers,
 >>>  >>>  >>Dilshan
 >>>  >>>  >>
 >>>  >>>  >>Kuniyasu Suzaki wrote:
 >>>  >>>  >>> Hello,
 >>>  >>>  >>>
 >>>  >>>  >>> Please tell me how to setup ACM of XSM.
 >>>  >>>  >>> I could build a XSM but it doesn't work well.
 >>>  >>>  >>>   # xm getpolicy
 >>>  >>>  >>>   Supported security subsystems: None
 >>>  >>>  >>>
 >>>  >>>  >>> I guess it is caused by the lack of a policy file.
 >>>  >>>  >>> I referred the following manual and tried to create poly file. 
 >>
 >>>  >>>  >>>   
 >>http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
 >>>  >>>  >>>
 >>>  >>>  >>> The manual tells that the following command create a policy 
 >>file
 >>>  >>>  >>> "mytest.bin".
 >>>  >>>  >>>   # xm setpolicy ACM mytest
 >>>  >>>  >>>
 >>>  >>>  >>> However the command doesn't work well. Please tell me 
 >>> create a policy file. 
 >>>  >>>  >>> I tried on Xen 3.2.1. Is the step obsolete?
 >>>  >>>  >>>
 >>>  >>>  >>> ------
 >>>  >>>  >>> suzaki
 >>>  >>>  >>>
 >>>  >>>  >>> _______________________________________________
 >>>  >>>  >>> Xen-devel mailing list
 >>>  >>>  >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>>  >>>  >>> http://lists.xensource.com/xen-devel
 >>>  >>>  >>> 
 >>>  >>>
 >>>  >>> _______________________________________________
 >>>  >>> Xen-devel mailing list
 >>>  >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>>  >>> http://lists.xensource.com/xen-devel
 >>>  >>> 
 >>>  >>
 >>>  >>_______________________________________________
 >>>  >>Xen-devel mailing list
 >>>  >>Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>>  >>http://lists.xensource.com/xen-devel
 >>>  >>
 >>> 
 >>> _______________________________________________
 >>> Xen-devel mailing list
 >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>> http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] FC-HBA assigned to guest domain does not work., Keir Fraser
Next by Date:  [Xen-devel] Question about the Xen Scheduler, Girish V
Previous by Thread:  Re: [Xen-devel] FC-HBA assigned to guest domain does not work., Yuji Shimada
Next by Thread:  Re: [Xen-devel] [XSM] Setting of ACM Policy, Dilshan Jayarathna
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy