similar to: Xen 3.3 and ACM Security Errors

Hi All, There is no /etc/xen/acm-security directory or xensec programs. Then I created the /etc/xen/acm-security/policies directory and copied the client_v1-security-policy.xml from the source/tools/security/policies/examples directory. I then executed command xm makepolicy /etc/xen/acm-security/policies/client_v1-security-policy.xml I got an error saying: ACMError: Unknown policy

Hi all, I''ve successfully installed xen3.3.0 on Linux ubuntu 2.6.27.5 #1 SMP i686 GNU/Linux. I built xen with the requisite XSM_ENABLE=y, ACM_SECURITY=y and believe I have the correct config parameters in the 2.6.27.5 kernel. Boot goes smoothly, set to automatically create 2 domUs. All appears okay with XSM/ACM... root@ubuntu:~# xm dmesg | grep -i xsm (XEN) XSM Framework v1.0.0

While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error. gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix include -Werror -Wno-pointer-arith -pipe

Hi , When cw is used, dom0 reboots. Though I set quest memory size. I want to study into the cause. Please teach how to examine it. #xm create vm1.conf <-- OK #xm create vm4.conf <-- NO ................... <-- system boot #last root pts/1 myPC Tue Sep 25 11:25 - crash (09:01) reboot system boot 2.6.18-xen Tue Sep 25 20:06 (-8:-16) ~~~~~~~~~~~

# HG changeset patch # User Roger Pau Monne <roger.pau@entel.upc.edu> # Date 1326606960 -3600 # Node ID a1986ef30b7dab4f60fe5cda70856f5751a9fde2 # Parent cd47dde439e688cac244c7eb9f55d826c85c844f libxl: add support for yajl 2.x This patch adds support for yajl versions 2.x, while retaining 1.x compatibility. All the needed ifdefs can be found in libxl_json.h. Tested with yajl 2.0.3 and

Hi all, I want to build sHype into Xen on ubuntu 8.04, In Config.mk I changed XSM_ENABLE ?= n to XSM_ENABLE ?= y ACM_SECURITY ?= n to ACM_SECURITY ?= y; then #make xen tools #make install-xen install-tools without any error; but when I reboot and type "xm resetpolicy", I got an error "ACM policy

Hi, I have compiled xen-unstable (using hg clone http://xenbits.xensource.com/xen-unstable.hg). I have successfully booted into the dom0 kernel. output of xm list: Name ID Mem VCPUs State Time(s) Domain-0 0 932 1 r----- 591.2 But whenever I xm create, I get: # xm create /etc/xen/domu1 Using config file

Hi all, Could you teach me about the behavior of xm commands when ''ACMError'' occurred? I am testing the behavior of xm commands with wrong arguments. When I tested xm commands related to security (xm *label/*policy), I found that some of them. - return 0, - show ACMError''s Traceback messages. Are these results specifications or bugs? Example: # xm cfgbootpolicy

# HG changeset patch # User Roger Pau Monne <roger.pau@entel.upc.edu> # Date 1324385575 -3600 # Node ID 716d6d48e647d1d4352f7206e74e693152a4f8fa # Parent f72b99fccfca694674259cc1c03c526a827b67ec libxl: add support for yajl 2.x This patch adds support for yajl versions 2.x, while retaining 1.x compatibility. This patch adds quite a lot of #ifdefs all over the json code, so I''m open

Alan Coopersmith (4): configure: Drop AM_MAINTAINER_MODE autogen.sh: Honor NOCONFIGURE=1 Print which option was in error along with usage message xsm 1.0.4 Emil Velikov (1): autogen.sh: use quoted string variables Gaetan Nadon (1): Remove obsolete Imake SIGNALRETURNSINT Mihail Konev (1): autogen: add default patch prefix Peter Hutterer (1):

The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error.

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06.

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread:

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What

hi, i cleared all the stuffs(everything) related to xen and libvirt. i installed freshly xen-4.2.1 from the source. *Installation steps are as follows:* apt-get build-dep xen apt-get install libc6-dev libglib2.0-dev libyajl-dev yajl-tools libbz2-dev bison flex zlib1g-dev git-core texinfo debhelper debconf-utils debootstrap fakeroot *OR* apt-get install bcc bin86 gawk bridge-utils iproute

- The patch does away with the autogenerated xsm.py file and introduces a config parameter in xend-config.sxp to determine the security module. The parameter is (xsm_module_name {acm, dummy, flask}). The default setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py on commits. - The patch has created an xsconstant for XS_POLICY_FLASK and updated the toolchain to check the

A number of build problems crept in once again. Fix them. Signed-off-by: Jan Beulich <jbeulich@suse.com> --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -683,7 +683,7 @@ long do_memory_op(unsigned long cmd, XEN mfn = get_gfn_untyped(d, xrfp.gpfn); if ( mfn_valid(mfn) ) - guest_physmap_remove_page(d, xrfp.gpfn, mfn, PAGE_ORDER_4K); +

hi all, just now i installed xenserver -6.0.2 in my machine. i have seen some Xen Security Modules (XSM) in xen hypervisor. i want to know any XSM things in Xenserver. If it is how i can test those things.? Suggest me some ideas. Regards, cooldharma06. :) _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users