On 07/09/2012 02:01 AM, Allan Chen wrote:> hi,all
> i follow the instruction in file xsm-flask.txt(in xen-4.1.2/docs/misc)
> to label a NIC,
> if i uncomment policy in file xen.te
> pirqcon 33 system_u:object_r:nicP_t
> then:
> make polily
>
> I got an error: pirqcon not supported for target
>
> where do i find a tutorial about labelling a NIC in XEN flask?
>
> thank you very mouch!
>
>
In order to use pirqcon or other static device labeling directives in the
security policy, you need to tell checkpolicy (the compiler) to enable
Xen policy features by adding "-t Xen" in tools/flask/policy/Makefile.
The
docs file mentions this under "Device Policy"; you may also want to
look
at 4.2''s docs as they better explain the origin of pcidevicecon.
If you are planning to switch to Xen 4.2 in the future, you may want to
look at the flask-label-pci tool which will handle dynamic addresses/IRQs.
--
Daniel De Graaf
National Security Agency