similar to: [Xense-devel] [PATCH] [3/4] Flask XSM tools

Displaying 20 results from an estimated 800 matches similar to: "[Xense-devel] [PATCH] [3/4] Flask XSM tools"

2008 Sep 12
3
[XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub
- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list
2009 Aug 14
0
[PATCH] xen/xsm/flask: Fix AVC audit message format
Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)
2008 Sep 03
0
[XSM][PATCH] XSM python tools patch - remove autogenerated xsm.py
- The patch does away with the autogenerated xsm.py file and introduces a config parameter in xend-config.sxp to determine the security module. The parameter is (xsm_module_name {acm, dummy, flask}). The default setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py on commits. - The patch has created an xsconstant for XS_POLICY_FLASK and updated the toolchain to check the
2011 Apr 15
3
[PATCHv3] libxl: Exposed Flask XSM functionality
Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2
2011 Apr 04
2
[PATCHv2] libxl: Exposed Flask XSM functionality
Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9
2009 Apr 10
0
[PATCH][XSM] missing entries to xsm_fixup_ops
This patch adds the missing presence checks for the pm_op and get_pmstat hooks in xsm_fixup_ops. Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
2013 Feb 01
0
xenstore stubdom on Xen 4.2.1 (XSM/FLASK problem)
Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread:
2011 Nov 21
0
[PATCH] xsm/flask: fix resource list range checks
The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. This also corrects a bug where adding overlapping resource ranges did not trigger an error.
2007 Sep 25
4
[XSM:ACM] When cw is used, dom0 reboots.
Hi , When cw is used, dom0 reboots. Though I set quest memory size. I want to study into the cause. Please teach how to examine it. #xm create vm1.conf <-- OK #xm create vm4.conf <-- NO ................... <-- system boot #last root pts/1 myPC Tue Sep 25 11:25 - crash (09:01) reboot system boot 2.6.18-xen Tue Sep 25 20:06 (-8:-16) ~~~~~~~~~~~
2012 Jan 31
26
[PATCH 00/10] FLASK updates: MSI interrupts, cleanups
This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:
2013 Feb 13
4
[PATCH 0/3] FLASK policy build rework
These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build
2011 Dec 12
0
[PATCH] flask: add tools/flask/utils/flask-label-pci to .hgignore
I have just committed the patch below. Ian. # HG changeset patch # User Ian Jackson <Ian.Jackson@eu.citrix.com> # Date 1323712783 0 # Node ID 7ca56cca09ade16645fb4806be2c5b2b0bc3332b # Parent 7e90178b8bbfd2f78e8f4c6d593a2fb233350f41 flask: add tools/flask/utils/flask-label-pci to .hgignore This was apparently forgotten in 24353:448c48326d6b Signed-off-by: Ian Jackson
2008 Jun 09
1
Security module (Flask) support should be disabled
I notice that the Flask / ACM security module support has been enabled in the latest Debian Xen packages. I'm afraid I think this is a mistake. In our opinion this code is of very poor quality. It is certainly ill-tested and not widely used. We (Xensource/Citrix) have received more than one serious vulnerability report, of problems which make an installation with the Flask support compiled
2011 Feb 07
0
[xen-unstable test] 5665: regressions - FAIL
flight 5665 xen-unstable real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/5665/ Regressions :-( Tests which did not succeed and are blocking: build-amd64-oldkern 4 xen-build fail REGR. vs. 5640 build-amd64 4 xen-build fail REGR. vs. 5640 build-i386-oldkern 4 xen-build fail REGR. vs. 5640
2008 Oct 07
0
[PATCH] [Flask] Add 2 permissions to the default flask policy to get a VIF-enabled guest to work
This adds two more permissions to the default Flask policy to get a VM with a network interface to work. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
2013 Aug 06
1
LIbvirt seclabel.
hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What
2013 Jul 19
1
xen (XSM policy) : Unload and analysis tool.
Hi all, i want to know about the following things: 1.unloading XSM policy. -xl loadpolicy xenpolicy.24 to load the policy. For unloading is there any command is available.? 2. i want to know any analysis tool is available for XSM policy. 3. Apart from wiki.org/XSM any other tutorial is available for developing own XSM policy.? Thanks and regards, cooldharma06.
2012 Mar 13
0
No rule to make target ‘/usr/lib/gcc/x86-64-redhat-linux/4.1.2/include/stddef.h when installing flask
Hi folks, I am new to install xen 4.1.0-rc6-pre version on RHEL 6.2. When installing xen tools flask, I got an error said “No rule to make target ‘/usr/lib/gcc/x86-64-redhat-linux/4.1.2/include/stddef.h”, but I am using gcc 4.4..6. How to fix this? Thanks & Best Regards Shengkai _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org
2005 Jun 22
0
RE: [Xense-devel] Re: [PATCH] sHype access controlarchitecture for Xen
Lets not confuse the issues here and don''t turn this into a programming language argument. With the sHype patches there is a well defined language for specifying policies and there is a well defined binary representation for that policy. That is a very good start! I see the java tool as a *sample* implementation of a translator between the two. You are free to write/use your own compiler
2010 Jan 09
0
Real-Time and XenSE
We are interested in building a Xen application that is secure and compatible with running Java RTS on Solaris 10 with trusted extensions domUs. If you have a thought on this, we would appreciate it. Mike Sent from my iPhone _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users