search for: xsm

While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error. gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix inclu...

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Print which option was in error along with usage message xsm 1.0.4 Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (1): Remove obsolete Imake SIGNALRETURNSINT Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1): autogen.sh: use exec instead of waiting for configure to finish Stéphane Aule...

- The patch does away with the autogenerated xsm.py file and introduces a config parameter in xend-config.sxp to determine the security module. The parameter is (xsm_module_name {acm, dummy, flask}). The default setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py on commits. - The patch has created an xsconstant for XS_...

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06...

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [P...

...ned in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- xen/xsm/flask/hooks.c | 119 +++++++++++++++--------------- xen/xsm/flask/include/security.h | 8 ++ xen/xsm/flask/ss/services.c | 151 ++++++++++++++++++++++++++++++++------ 3 files changed, 196 insertions(+), 82 deletions(-) diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c...

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2 tools/libxl/libxl.c | 1 tools/libxl/libxl.h | 8 ++ tools/lib...

...f Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c --- a/xen/xsm/flask/avc.c +++ b/xen/xsm/flask/avc.c @@ -226,8 +226,8 @@ printk(" tcontext=%s", scontext); xfree(scontext); } - pri...

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9 deletions(-) Signed-off-by: mbgrego@tycho.ncsc.mil -- Mach...

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread: http://lists.xen.org/archives/html/xen-devel/2013-01/msg00956.html So he sa...

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. Wha...

hi all, just now i installed xenserver -6.0.2 in my machine. i have seen some Xen Security Modules (XSM) in xen hypervisor. i want to know any XSM things in Xenserver. If it is how i can test those things.? Suggest me some ideas. Regards, cooldharma06. :) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users

..._HEAD_READ_MOSTLY(name) \ struct list_head __read_mostly name = LIST_HEAD_INIT(name) +/* Do not move this ahead of the struct list_head definition! */ +#include <xen/prefetch.h> + static inline void INIT_LIST_HEAD(struct list_head *list) { list->next = list; --- a/xen/include/xsm/xsm.h +++ b/xen/include/xsm/xsm.h @@ -106,6 +106,7 @@ struct xsm_operations { int (*memory_adjust_reservation) (struct domain *d1, struct domain *d2); int (*memory_stat_reservation) (struct domain *d1, struct domain *d2); int (*memory_pin_page) (struct domain *d, struct page_info *pa...

Hi , When cw is used, dom0 reboots. Though I set quest memory size. I want to study into the cause. Please teach how to examine it. #xm create vm1.conf <-- OK #xm create vm4.conf <-- NO ................... <-- system boot #last root pts/1 myPC Tue Sep 25 11:25 - crash (09:01) reboot system boot 2.6.18-xen Tue Sep 25 20:06 (-8:-16) ~~~~~~~~~~~

This patch implements the Flask tools for the xen control plane (xm & xend). The patch also refactors the ACM toolchain so that a common security API (based on the existing ACM toolchain) is exported to xm and xend. To create a domain with the Flask module, add the following (for example) to a domain''s configuration file access_control =

This patch adds the missing presence checks for the pm_op and get_pmstat hooks in xsm_fixup_ops. Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...e code was moved to a different file and patch fixes that file. The following patch is for xen-4.1-testing.hg. diff -r 3ce155e77f39 xen/arch/x86/domctl.c --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -873,7 +873,7 @@ long arch_do_domctl( break; } - ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf); + ret = xsm_deassign_device(d, domctl->u.assign_device.machine_bdf); if ( ret ) goto deassign_device_out;

...42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index 50b740f..df36d43 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -28,6 +28,9 @@ #include <public/memory.h> #include <xsm/xsm.h> #include <xen/trace.h> +#ifdef CONFIG_ARM +#include <asm/platform.h> +#endif struct memop_args { /* INPUT */ @@ -90,7 +93,7 @@ static void increase_reservation(struct memop_args *a) static void populate_physmap(struct memop_args *a) { - struct page_info *page;...

Hi all, I''ve successfully installed xen3.3.0 on Linux ubuntu 2.6.27.5 #1 SMP i686 GNU/Linux. I built xen with the requisite XSM_ENABLE=y, ACM_SECURITY=y and believe I have the correct config parameters in the 2.6.27.5 kernel. Boot goes smoothly, set to automatically create 2 domUs. All appears okay with XSM/ACM... root@ubuntu:~# xm dmesg | grep -i xsm (XEN) XSM Framework v1.0.0 initialized (XEN) ACM-XSM: Initializing. r...