search for: ncsc

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

First, maintainer''s addresses (Ryan Wilson <hap9@epoch.ncsc.mil>, Chris Bookholt <hap10@epoch.ncsc.mil>) are wrong (users unknown to remote mailsystem), so posting to you: PCI bus format strings are wrong. "%04x:%02x:%02x.%d" should be used instead of "%04x:%02x:%02x.%1x" (in many places of linux+v3.2.1/drivers/xen/xen-pcib...

...was set on 15 Aug, 1983 (;-)) Seriously, though, the U.S. DOD did then define the minimum functionality required from access control lists for protection of confidentiality. All the various ACL designs are supersets of this standard (defined in the "orange book", http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html, appendix D) In addition, there is a detailed study of access control lists and permissions bits, written as a separate book, http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.html, which specifies the rules and also defines the criteri...

...th a check password script configured, does this setting disable the check password script as well, or just the built-in complexity checking? What I am actually trying to achieve is: - DISABLE the requirement for complex character sets in passwords, but - ENABLE a dictionary check following the NCSC password guidance: https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach But looking at the samba4 source, I suspect that setting complexity=off disables both checks. Is that correct? Thanks, Brian.

...| 8 ++ tools/libxl/libxl.idl | 3 tools/libxl/xl.h | 3 tools/libxl/xl_cmdimpl.c | 165 ++++++++++++++++++++++++++++++++++++++++++-- tools/libxl/xl_cmdtable.c | 18 ++++ 8 files changed, 261 insertions(+), 10 deletions(-) Signed-off-by: mbgrego@tycho.ncsc.mil -- Machon Gregory National Information Assurance Research Lab (NIARL) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

This patchset allows the user to define and manage groups of domains. The patch augments the xm utility with the following commands: grp-create, grp-shutdown, grp-destroy, grp-reboot, grp-pause, grp-unpause, grp-save, grp-restore, grp-join, and grp-migrate. A goal during development of group operations was to match support for common domain operations: create, shutdown, destroy, reboot, pause,

...proc/xen/xenbus. It was necessary to add some supporting infrastructure to linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c, such as an additional mutex to protect the response queue and a list of active watches associated with each connection. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> --- linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c | 114 +++++++++++++++++++ 1 file changed, 114 insertions(+) diff -r eb8083d63198 -r 0c8a22ad7e46 linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c --- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c Tue Aug 01 10:52:02...

...independent of preceding patch, however because the two affect the same areas it is important to either apply patch 1/5 first (if you want both patches) OR manually extract and apply the changes from this patch (if you want just the per-device patch). Signed-off-by: Chris Bookholt <hap10@tycho.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...configuration file access_control = ["policy=,label=system_u:object_r:domU_t"] This will cause a domain to be created with the label "system_u:object_r:domU_t". Flask does not use the policy value in the access_control structure. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...- Flask relies on the current value of ssidref returned by dominfo to ensure that the label to sid mapping is consistent. ssidref had been pop''ed from the dominfo object. The patch addresses this issue. - Flask python module style cleanups. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

This patch adds the missing presence checks for the pm_op and get_pmstat hooks in xsm_fixup_ops. Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -226,8 +226,8 @@ printk(" tcontext=%s", scontext); xfree(sco...

...when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9 deletions(-) Signed-off-by: mbgrego@tycho.ncsc.mil -- Machon Gregory National Information Assurance Research Lab (NIARL) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...permissions on arbitrary locations in XenStore from the command line. This is often helpful if you''re trying to debug an application that relies on XenStore and is encountering difficulties with permissions. Let me know what think, thanks! Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> --- tools/xenstore/Makefile | 2 tools/xenstore/xenstore_client.c | 106 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 105 insertions(+), 3 deletions(-) diff -r d2bf1a7cc131 -r 2353a28247b1 tools/xenstore/Makefile --- a/tools/xenstore/Makefile Sat Jul 29 14:05:59...

...</usr/share/ssl/private/mail.server.com.pem ssl_key = </usr/share/ssl/private/mail.server.com.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = tb-extra-mailbox-sep mail_plugins = " listescape" } Thanks for any pointers, Maura Dailey maura at eclipse.ncsc.mil

I have a system with several reserved ranges low in the e820 map which cause problems when starting PV domains with PCI devices. The machine memory map looks like: (XEN) 0000000000000000 - 0000000000060000 (usable) (XEN) 0000000000060000 - 0000000000068000 (reserved) (XEN) 0000000000068000 - 000000000009ac00 (usable) (XEN) 000000000009ac00 - 00000000000a0000 (reserved) (XEN) 00000000000e0000

I''ve configured puppet to use storedconfigs and puppetDB, If I start the puppet master using the init script puppetmaster I get a permission denied error when a node connects: Master: [root@puppet ~]# service puppetmaster start Starting puppetmaster: [ OK ] Node: [root@puppet-slave ~]# puppet agent --test err: Could not retrieve catalog from remote

Hi, I was discussing the common practice of disk eradication used by many firms for security. I was thinking this may be a useful feature of ZFS to have an option to eradicate data as its removed, meaning after the last reference/snapshot is done and a block is freed, then write the eradication patterns back to the removed blocks. By any chance, has this been discussed or considered before?

Hi , When cw is used, dom0 reboots. Though I set quest memory size. I want to study into the cause. Please teach how to examine it. #xm create vm1.conf <-- OK #xm create vm4.conf <-- NO ................... <-- system boot #last root pts/1 myPC Tue Sep 25 11:25 - crash (09:01) reboot system boot 2.6.18-xen Tue Sep 25 20:06 (-8:-16) ~~~~~~~~~~~

I''m currently working on moving storage services into their own domain and I''ve been looking at blktap2. I''ve been trying to get an image mounted with blktap2 and for some odd reason and tapdisk2 keeps hanging instead of quitting at the end. I haven''t removed any of the storage startup code at this point so everything should be as it normally is in xen-unstable.