similar to: LIbvirt seclabel.

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06.

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

Thanks for your suggestion! It seems to have gone a little further this time, but isn't accepting the key and is failing back on password-based auth. We're double-checking that the public key was correctly configured with the account, and also trying a DSA key to see if it behaves differently. Is there anything you'd suggest we look at or try at this point, and thank you very much

While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error. gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix include -Werror -Wno-pointer-arith -pipe

This patch implements the Flask tools for the xen control plane (xm & xend). The patch also refactors the ACM toolchain so that a common security API (based on the existing ACM toolchain) is exported to xm and xend. To create a domain with the Flask module, add the following (for example) to a domain''s configuration file access_control =

A number of build problems crept in once again. Fix them. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -683,7 +683,7 @@ long do_memory_op(unsigned long cmd, XEN mfn = get_gfn_untyped(d, xrfp.gpfn); if ( mfn_valid(mfn) ) - guest_physmap_remove_page(d, xrfp.gpfn, mfn, PAGE_ORDER_4K); +

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9

With the lake of iommu, dom0 must have a 1:1 memory mapping for all these guest physical address. When the ballon decides to give back a page to the kernel, this page must have the same address as previously. Otherwise, we will loose the 1:1 mapping and will break DMA-capable device. Signed-off-by: Julien Grall <julien.grall@linaro.org> CC: Keir Fraser <keir@xen.org> CC: Jan Beulich

hi all, just now i installed xenserver -6.0.2 in my machine. i have seen some Xen Security Modules (XSM) in xen hypervisor. i want to know any XSM things in Xenserver. If it is how i can test those things.? Suggest me some ideas. Regards, cooldharma06. :) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users

Dear list, I cannot load the tcltk library: > library(tcltk) Loading Tcl/Tk interface ... Error in fun(...) : Can't find a usable tk.tcl in the following directories: /usr/share/tcltk/tcl8.4/tk8.4 ./lib/tk8.4 /usr/local/lib/tcltk/tk8.4 /usr/local/share/tcltk/tk8.4 /usr/lib/tcltk/tk8.4 /usr/share/tcltk/tk8.4 ./library ./tk8.4.16/library This probably means that tk wasn't

Hi all, this patch series makes the necessary changes to make sure that the current ARM hypercall ABI can be used as-is on 64 bit ARM platforms: - it defines xen_ulong_t as uint64_t on ARM; - it introduces a new macro to handle guest pointers, called XEN_GUEST_HANDLE_PARAM (that has size 4 bytes on aarch and is going to have size 8 bytes on aarch64); - it replaces all the occurrences of

Hello, I'm looking for your insight about the log below. We have an SFTP server (IBM Sterling File Gateway) and we're connecting from an OpenSSH SFTP client but something fails during KEX. Complete client-side debug output is below, but I believe the relevant part is: debug1: kex: server->client cipher: aes192-cbc MAC: hmac-sha1 compression: none debug1: kex: client->server

libvirt version: 3.4.0 architecture: x86_64 ubuntu16.04-server hypervisor: kvm,qemu When migrate vm, I encounter error: "Migrate VM virt21 failed unsupported configuration: Unable to find security driver for model apparmor" but two host are same environment.before this error, migrate can be success. the source host seclabel configure is this : <seclabel type='dynamic'

Changes from v3: - mini-os configuration files moved into stubdom/ - mini-os extra console support now a config option - Fewer #ifdefs - grant table setup uses hypercall bounce - Xenstore stub domain syslog support re-enabled Changes from v2: - configuration support added to mini-os build system - add mini-os support for conditionally compiling frontends, xenbus -

This patchset allows the user to define and manage groups of domains. The patch augments the xm utility with the following commands: grp-create, grp-shutdown, grp-destroy, grp-reboot, grp-pause, grp-unpause, grp-save, grp-restore, grp-join, and grp-migrate. A goal during development of group operations was to match support for common domain operations: create, shutdown, destroy, reboot, pause,

Hello list, Using the mainline 3.5-rc6 kernel and yesterday''s xen-unstable, I''m having trouble passing in some PCI devices. Everything else works smoothly. Attached are some of the relevant logs and configurations. I did notice from the qemu logs that all the problematic devices have "IRQ type = INTx" whereas those that are working have "IRQ type =

Dear sir, I have configured samba with ads integration and it was working perfectly in RedHat Linux 9.0. But Yesterday I changed that configuration as simple user level security. But my problem was when I run 'smbpasswd' command I am getting one error as 'Segmentation fault'. What I can do to trouble shoot this problem. Kindly reply me as soon as possible.. Thanks & Rgds

Recent Linux tries to make use of this, and has no way of getting at these bits without Xen assisting it. There doesn''t appear to be a way to obtain the same information from UEFI. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/arch/x86/boot/trampoline.S +++ b/xen/arch/x86/boot/trampoline.S @@ -184,11 +184,16 @@ trampoline_boot_cpu_entry: * 1. Get memory map.