search for: loadpolicy

...itrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com> diff -r 7e90178b8bbf -r c995cdcc3700 .hgignore --- a/.hgignore Mon Dec 12 17:48:42 2011 +0000 +++ b/.hgignore Mon Dec 12 17:58:25 2011 +0000 @@ -157,6 +157,7 @@ ^tools/flask/utils/flask-getenforce$ ^tools/flask/utils/flask-loadpolicy$ ^tools/flask/utils/flask-setenforce$ +^tools/flask/utils/flask-label-pci$ ^tools/fs-back/fs-backend$ ^tools/hotplug/common/hotplugpath\.sh$ ^tools/include/xen/.*$ diff -r 7e90178b8bbf -r 7ca56cca09ad .hgignore --- a/.hgignore Mon Dec 12 17:48:42 2011 +0000 +++ b/.hgignore Mon Dec 12 17:59:43...

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06. ____________________...

Hi all, I had an issue this morning with one of my virtual machines. It wouldn't boot (into any runlevel), nor could I chroot into the root partition using a rescue disk. Unfortunately I didn't grab a screenshot, however the error(s) when booting were: /pre-pivot/50selinux-loadpolicy.sh: 14 <other messages> init: readahead main process (425) killed by SEGV signal init: readahead-col lector main process (421) killed by SEGV signal init: rcS pre-start process (425) killed by SEGV signal init: Error while reading from descriptor: Bad file descriptor init: readahead-col lec...

...ow_bug.cgi?id=554829 After thinking about this for some years and Pino Toscano implementing a new & useful copy-attributes API in libguestfs, I think what we really want is to copy security.selinux xattr from one file to another. This gives us almost all we need, doesn't require us to run loadpolicy, and should work independent of guest policy. Luckily for us ... it works! $ virt-builder fedora-20 $ guestfish -a fedora-20.img -i ><fs> getxattrs /etc/shadow [0] = { attrname: security.selinux attrval: system_u:object_r:shadow_t:s0\x00 } ><fs> cp /etc/shado...

These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build

...this morning with one of my virtual machines. It wouldn't > boot (into any runlevel), nor could I chroot into the root partition using > a rescue disk. > > Unfortunately I didn't grab a screenshot, however the error(s) when > booting were: > > > /pre-pivot/50selinux-loadpolicy.sh: 14 > > <other messages> > > init: readahead main process (425) killed by SEGV signal > init: readahead-col lector main process (421) killed by SEGV signal > init: rcS pre-start process (425) killed by SEGV signal > init: Error while reading from descriptor: Bad file d...

...urces. xen.xm.dumppolicy - Display currently enforced policy (low-level hypervisor representation). xen.xm.getlabel - Show the label for a domain or resoruce. xen.xm.help - Variable definition and help support for Python defconfig files. xen.xm.labels - Listing available labels for a policy. xen.xm.loadpolicy - Loading a compiled binary policy into the hypervisor. xen.xm.main - Grand unified management application for Xen. xen.xm.makepolicy - Compiling a XML source policy file into mapping and binary versions. xen.xm.migrate - Domain migration. xen.xm.new xen.xm.opts - Object-oriented command-line optio...

...module", "", }, { "setenforce", - &main_setenforce, 0, + &main_setenforce, 0, 1, "Sets the current enforcing mode of the Flask Xen security module", "<1|0|Enforcing|Permissive>", }, { "loadpolicy", - &main_loadpolicy, 0, + &main_loadpolicy, 0, 1, "Loads a new policy int the Flask Xen security module", "<policy file>", }, -- 1.7.7.5 (Apple Git-26)

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

This is v3 of my disk series. What were previously patches 01-06 have been applied. These are the tested and updated remainder, addressing the previous comments. 1 Preparatory work. 2-4 The new parser and its documentation. 5-6 Replace old parsers with calls to the new one. 7-8 Two features, one of them essential. 9 Basic test suite for disk string parsing, as adhoc script.