similar to: [PATCH 00/10] FLASK updates: MSI interrupts, cleanups

These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build

Changes from v3: - mini-os configuration files moved into stubdom/ - mini-os extra console support now a config option - Fewer #ifdefs - grant table setup uses hypercall bounce - Xenstore stub domain syslog support re-enabled Changes from v2: - configuration support added to mini-os build system - add mini-os support for conditionally compiling frontends, xenbus -

Hi community, there are some problems to start vTPM vtpm-stubdom following docs/misc/vtpm.txt. When I start vtpm-stbdom, the vtpmmgr-stubdom will print out: === ERROR[VTPM]: LoadKey failure: Unrecognized uuid! 69743ae0-9d4a-4ad6-9819-e602085b6792 ERROR[VTPM]: Failed to load key ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code: TPM_BAD_PARAMETER. === I start vtpmmgr-stubdom with

Hi community, there are some problems to start vTPM vtpm-stubdom following docs/misc/vtpm.txt. When I start vtpm-stbdom, the vtpmmgr-stubdom will print out: === ERROR[VTPM]: LoadKey failure: Unrecognized uuid! 69743ae0-9d4a-4ad6-9819-e602085b6792 ERROR[VTPM]: Failed to load key ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code: TPM_BAD_PARAMETER. === I start vtpmmgr-stubdom with

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06.

Hi, I am following http://xenbits.xen.org/docs/unstable/misc/vtpm.txt, but I''m having some problems when I try to start vtpmmgr-stubdom I''m using Xen 4.3 on Ubuntu 12.04 and I have a physical TPM. The config file for vTPM manager is: kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" memory=16 disk=["file:/var/vtpmmgr-stubdom.img,hda,w"]

Hi all, this patch series makes the necessary changes to make sure that the current ARM hypercall ABI can be used as-is on 64 bit ARM platforms: - it defines xen_ulong_t as uint64_t on ARM; - it introduces a new macro to handle guest pointers, called XEN_GUEST_HANDLE_PARAM (that has size 4 bytes on aarch and is going to have size 8 bytes on aarch64); - it replaces all the occurrences of

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9

Hi all, this patch series makes the necessary changes to make sure that the current ARM hypercall ABI can be used as-is on 64 bit ARM platforms: - it defines xen_ulong_t as uint64_t on ARM; - it introduces a new macro to handle guest pointers, called XEN_GUEST_HANDLE_PARAM (that has size 4 bytes on aarch and is going to have size 8 bytes on aarch64); - it replaces all the occurrences of

Hello list, Using the mainline 3.5-rc6 kernel and yesterday''s xen-unstable, I''m having trouble passing in some PCI devices. Everything else works smoothly. Attached are some of the relevant logs and configurations. I did notice from the qemu logs that all the problematic devices have "IRQ type = INTx" whereas those that are working have "IRQ type =

Hi, I‘m trying to install vTPM based on Xen-4.2.2, linux-kernel 3.9.1 (Dom0) and TPM emulator. However, I cannot find the TPM backed driver in this version of Dom0 linux kernel. There is no CONFIG_XEN_TPMDEV_BACKEND in the kernel config file. The config file for Dom0 is attached. Maybe it provides some useful information. So, how to install a Xen TPM backend driver in the Dom0 linux-kernel.

Hi, Header says: /* * Unmaps the @count pages starting at @start_address, which were mapped by a * call to xc_gntshr_share_*. Never logs. */ int xc_gntshr_munmap(xc_gntshr *xcg, void *start_address, uint32_t count); But implementation calls: static int linux_gntshr_munmap(xc_gntshr *xcg, xc_osdep_handle h, void *start_address, uint32_t count) { return

When a message with zero length is sent to xenstore, the body of the message was not processed until the socket or ring had more data to read; this will cause deadlocks if the requestor is waiting on a response to continue. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- tools/xenstore/xenstored_core.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git

This adds a backend_domname field in libxl devices that contain a backend_domid field, allowing either a domid or a domain name to be specified in the configuration structures. The domain name is resolved into a domain ID in the _setdefault function when adding the device. This change allows the backend of the block devices to be specified (which previously required passing the libxl_ctx down

Grant references for the xenstore and xenconsole shared pages exist, but currently only xenstore uses these references. Change the xenconsole daemon to prefer using the grant reference over map_foreign_range when mapping the shared console ring. This allows xenconsoled to be run in a domain other than dom0 if set up correctly - for libxl, the xenstore path /tool/xenconsoled/domid specifies the

The only time when granted pages need to be treated specially is when using Xen''s PTE modification for grant mappings owned by another domain. Otherwise, the area does not require VM_DONTCOPY and VM_PFNMAP, since it can be accessed just like any other page of RAM. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- drivers/xen/gntalloc.c | 14 ++++++++++++--

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread:

Guests other than domain 0 using the console output have previously been controlled by the VERBOSE define, but with no designation of which guest''s output was on the console. This patch converts the HVM output buffering to be used by all domains, line buffering their output and prefixing it with the domain ID. This is especially useful for debugging stub domains. Signed-off-by: Daniel De