similar to: shype for Xen / readme

Lets not confuse the issues here and don''t turn this into a programming language argument. With the sHype patches there is a well defined language for specifying policies and there is a well defined binary representation for that policy. That is a very good start! I see the java tool as a *sample* implementation of a translator between the two. You are free to write/use your own compiler

This patch fixes an indentation error in main.py. The effect of this bug is that block-attach does not check labels if the ACM is active. This bug slipped in with change set 11572_:_ ad22c711ccb7 <http://xenbits.xensource.com/xen-unstable.hg?cs=ad22c711ccb7>. This patch is essential and should get into 3.0.3. I tested the patch with security off and on. Thanks Reiner P.S. We are

This patch: * adds a C-based security policy translation tool to Xen (secpol_xml2bin) and removes the current Java security policy translator (Java dependencies). The C-based tool integrates into the Xen source tree build and install (using gnome libxml2 for XML parsing). See install.txt. * introduces security labels and related tools. Users can now use semantic-rich label names to put

Updates xensec_ezpolicy ACM policy generation tool so that it works with wxPython under Python 2.5 as well. Thanks Reiner Signed-off by: Reiner Sailer <sailer@us.ibm.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

This patch fixes return codes for the acm-related Xen management scripts (error conditions) and addresses minor issues that ''pycheck'' complains about. It is tested with xm-test and by manually running the xm commands. It also handles the return case (reported by Masaki Kanno) that was missed in the originally patch. Signed-off by: Reiner Sailer <sailer@us.ibm.com>

Same functionality as the previous patches in this series. I have updated the error handling to correct the problems discovered by Ewan. This patch successfully completes the xm-test suite on my dev machine. In addition, we have tested out the affected commands by hand to ensure that error handling is being done properly. Hopefully this one will not create any more problems.

This patch adds a policy name to the policy definition. This policy name must be unique and must change if the content of the file changes. The policy name is used to ensure that the XM tools and the hypervisor work on the same policy, i.e., interpret the security information on domains consistently. This patch also simplifies the policy management by moving policy and labels into a single

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

> From: David Hopwood <david@bl...> > [image removed] Re: trusted computing > 2004-10-18 19:24 > Tim Freeman wrote: > > > not about Xen in particular, but as a side note, because I think some > > people are interested in trusted computing and virtualization? If > > you"re not, sorry for the intrusion! > > > >

Hi all, Could you teach me about the behavior of xm commands when ''ACMError'' occurred? I am testing the behavior of xm commands with wrong arguments. When I tested xm commands related to security (xm *label/*policy), I found that some of them. - return 0, - show ACMError''s Traceback messages. Are these results specifications or bugs? Example: # xm cfgbootpolicy

I was just looking for an easy way to convert between COM datetime and chron datetime (both ways.) I found examples on the list, but they involved origin. Does anyone have functions for converting COM datetime <-> chron datetimethat work "safely"? David L. Reiner > -----Original Message----- > From: Gabor Grothendieck [mailto:ggrothendieck@gmail.com] >

I didn't know you are courageous. I upgraded to 1.4 last night. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Stephen Bosch Sent: Friday, March 09, 2007 11:30 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] RE: Coaching in asterisk Wai Wu wrote: > Ouch, I

hello, I used to start a network installation from redhat or suse over PXE using the pxelinux component from the syslinux package. At the beginning of installation I want to read some files (e.g. the kickstart-file) over tftp from the pxe server. The problem is that from the point of view of the installation loader I don't know the ip-address and the tftp path prefix of the pxe server. Is

BTW. We only use Asterisk for a few functions. Everything else is done on an extenal application controlling Asterisk through AMI. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Wai Wu Sent: Friday, March 09, 2007 12:22 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE:

Folks, It seems like the * v 0.9 and iaxcomm won't speak to each other. Is there another IAX2 client that is usable under Linux (Debian preferred)? Thanks, Tim --

What is the best inexpensive voip phone out there? I want to try a few with *, but don't want to go broke while I'm just playing around... Tim --

Hi, Try either: tolerance <- read.csv("http://www.ats.ucla.edu/stat/r/examples/alda/data/tolerance1.txt") ?aggregate(exposure~male,data=tolerance,mean) ?# male exposure #1??? 0 1.246667 #2??? 1 1.120000 #or ?library(plyr) ?ddply(tolerance,.(male),summarize,exposure=mean(exposure)) #? male exposure #1??? 0 1.246667 #2??? 1 1.120000 #or

I have a system that has a TDM400 with 3 FXO modules. Recently, the system started not seeing the ports. No answer, no lines available for oubound dial, and only a reboot of the machine will bring it back. Any ideas to try? Thanks, Tim --

I am trying to make a nice 2x1 plot and add a timestamp with comment. The pstamp function from Hmisc works nicely when mfcol=c(1,1), but when mfcol=c(2,1), the stamp winds up in the wrong place: > require('Hmisc') > opar <- par(mfcol=c(2,1)) > plot(1:10) > title(main="MAIN Title") > plot(1:20) > title(main="Another Title") > pstamp("normal

Hi all, I want to build sHype into Xen on ubuntu 8.04, In Config.mk I changed XSM_ENABLE ?= n to XSM_ENABLE ?= y ACM_SECURITY ?= n to ACM_SECURITY ?= y; then #make xen tools #make install-xen install-tools without any error; but when I reboot and type "xm resetpolicy", I got an error "ACM policy