similar to: xen (XSM policy) : Unload and analysis tool.

These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What

While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error. gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix include -Werror -Wno-pointer-arith -pipe

hi all, just now i installed xenserver -6.0.2 in my machine. i have seen some Xen Security Modules (XSM) in xen hypervisor. i want to know any XSM things in Xenserver. If it is how i can test those things.? Suggest me some ideas. Regards, cooldharma06. :) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

Hi community, there are some problems to start vTPM vtpm-stubdom following docs/misc/vtpm.txt. When I start vtpm-stbdom, the vtpmmgr-stubdom will print out: === ERROR[VTPM]: LoadKey failure: Unrecognized uuid! 69743ae0-9d4a-4ad6-9819-e602085b6792 ERROR[VTPM]: Failed to load key ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code: TPM_BAD_PARAMETER. === I start vtpmmgr-stubdom with

Hi community, there are some problems to start vTPM vtpm-stubdom following docs/misc/vtpm.txt. When I start vtpm-stbdom, the vtpmmgr-stubdom will print out: === ERROR[VTPM]: LoadKey failure: Unrecognized uuid! 69743ae0-9d4a-4ad6-9819-e602085b6792 ERROR[VTPM]: Failed to load key ERROR in vtpmmgr_LoadHashKey at vtpm_cmd_handler.c:78 code: TPM_BAD_PARAMETER. === I start vtpmmgr-stubdom with

Changes from v3: - mini-os configuration files moved into stubdom/ - mini-os extra console support now a config option - Fewer #ifdefs - grant table setup uses hypercall bounce - Xenstore stub domain syslog support re-enabled Changes from v2: - configuration support added to mini-os build system - add mini-os support for conditionally compiling frontends, xenbus -

Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Print which option was in error along with usage message xsm 1.0.4 Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (1): Remove obsolete Imake SIGNALRETURNSINT Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1):

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

- The patch does away with the autogenerated xsm.py file and introduces a config parameter in xend-config.sxp to determine the security module. The parameter is (xsm_module_name {acm, dummy, flask}). The default setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py on commits. - The patch has created an xsconstant for XS_POLICY_FLASK and updated the toolchain to check the

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread:

The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error.

cooldharma06 wrote: > hi, > > i found something im my log: (libvirtd.log) > > i dont know about this. but it may be helpful for you. So i am > forwarding this. > > 2013-09-26 11:43:58.507+0000: 10718: error : virDriverLoadModule:78 : > failed to load module > /usr/local/lib/libvirt/connection-driver/libvirt_driver_libxl.so > /usr/lib/libxenlight.so.2.0: undefined

hi, i prepared my xen-4.2.1 document with this mail. kindly refer the below attachment. i installed libvirt 1.1.1 like this it giving the following error: ./autogen.sh --system --with-xen=yes make /daemon/libvirtd -d then i checked with the virsh ->version virsh # version error: failed to connect to the hypervisor error: no valid connection error: Failed to connect socket to

hi, i found something im my log: (libvirtd.log) i dont know about this. but it may be helpful for you. So i am forwarding this. 2013-09-26 11:43:58.507+0000: 10718: error : virDriverLoadModule:78 : failed to load module /usr/local/lib/libvirt/connection-driver/libvirt_driver_libxl.so /usr/lib/libxenlight.so.2.0: undefined symbol: xs_check_watch 2013-09-26 11:43:58.790+0000: 10729: error :

hi, i removed all libvirt things form my system and i installed libvirt-0.9.12 frm my repository. then i installed libvirt-1.1.2 from the source with following commands. ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --with-xen=yes --with-libxl=yes make make install now its works with XM. but with xl its not working... i attached the corresponding screenshots also. kindly