Displaying 20 results from an estimated 800 matches similar to: "[PATCH] xen/xsm/flask: Fix AVC audit message format"
2006 Dec 20
0
[Xense-devel] [PATCH] [3/4] Flask XSM tools
This patch implements the Flask tools for the xen control plane (xm &
xend). The patch also refactors the ACM toolchain so that a common
security API (based on the existing ACM toolchain) is exported to xm and
xend.
To create a domain with the Flask module, add the following (for
example) to a domain''s configuration file
access_control =
2008 Sep 03
0
[XSM][PATCH] XSM python tools patch - remove autogenerated xsm.py
- The patch does away with the autogenerated xsm.py file and introduces a
config parameter in xend-config.sxp to determine the security module. The
parameter is (xsm_module_name {acm, dummy, flask}). The default
setting/option is dummy. .hgignore is also updated to stop ignoring xsm.py
on commits.
- The patch has created an xsconstant for XS_POLICY_FLASK and updated the
toolchain to check the
2013 Feb 01
0
xenstore stubdom on Xen 4.2.1 (XSM/FLASK problem)
Hello all,
I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom
to get to work on Xen 4.2.1.
I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with
XSM and FLASK.
I already talked with Daniel de Graaf (on the mailinglists) and Steven
Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset
in this thread:
2011 Nov 21
0
[PATCH] xsm/flask: fix resource list range checks
The FLASK security checks for resource ranges were not implemented
correctly - only the permissions on the endpoints of a range were
checked, instead of all items contained in the range. This would allow
certain resources (I/O ports, I/O memory) to be used by domains in
contravention to security policy.
This also corrects a bug where adding overlapping resource ranges did
not trigger an error.
2011 Apr 04
2
[PATCHv2] libxl: Exposed Flask XSM functionality
Adds support for assigning a label to domains, obtaining and setting the
current enforcing mode, and loading a policy with xl command when the
Flask XSM is in use.
libxl.c | 1
libxl.idl | 3 -
xl.h | 3 +
xl_cmdimpl.c | 171
+++++++++++++++++++++++++++++++++++++++++++++++++++++++---
xl_cmdtable.c | 18 +++++-
5 files changed, 187 insertions(+), 9
2011 Apr 15
3
[PATCHv3] libxl: Exposed Flask XSM functionality
Adds support for assigning a label to domains, obtaining and setting the
current enforcing mode, and loading a policy with xl command and libxl
header when the Flask XSM is in use. Adheres to the changes made by the
patch to remove exposure of libxenctrl/libxenstore headers via libxl.h.
tools/libxl/libxl_flask.c | 71 ++++++++++++++++++
tools/libxl/Makefile | 2
2008 Sep 12
3
[XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub
- This minor patch implements the missing stub function
security_label_to_details in the dummy module. This stub function is
necessary to create domains with network interfaces for modules that do not
implement the security_label_to_details function.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
_______________________________________________
Xen-devel mailing list
2012 Jan 31
26
[PATCH 00/10] FLASK updates: MSI interrupts, cleanups
This patch set adds XSM security labels to useful debugging output
locations, and fixes some assumptions that all interrupts behaved like
GSI interrupts (which had useful non-dynamic IDs). It also cleans up the
policy build process and adds an example of how to use the user field in
the security context.
Debug output:
[PATCH 01/10] xsm: Add security labels to event-channel dump
[PATCH 02/10] xsm:
2013 Jul 19
1
xen (XSM policy) : Unload and analysis tool.
Hi all,
i want to know about the following things:
1.unloading XSM policy.
-xl loadpolicy xenpolicy.24
to load the policy. For unloading is there any command is available.?
2. i want to know any analysis tool is available for XSM policy.
3. Apart from wiki.org/XSM any other tutorial is available for developing
own XSM policy.?
Thanks and regards,
cooldharma06.
2009 Apr 10
0
[PATCH][XSM] missing entries to xsm_fixup_ops
This patch adds the missing presence checks for the pm_op and get_pmstat
hooks in xsm_fixup_ops.
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
2013 Feb 13
4
[PATCH 0/3] FLASK policy build rework
These patches update the example FLASK policy shipped with Xen and
enable its build if the required tools are present. The third patch
requires rerunning autoconf to update tools/configure.
[PATCH 1/3] flask/policy: sort dom0 accesses
[PATCH 2/3] flask/policy: rework policy build system
[PATCH 3/3] tools/flask: add FLASK policy to build
2011 Dec 12
0
[PATCH] flask: add tools/flask/utils/flask-label-pci to .hgignore
I have just committed the patch below.
Ian.
# HG changeset patch
# User Ian Jackson <Ian.Jackson@eu.citrix.com>
# Date 1323712783 0
# Node ID 7ca56cca09ade16645fb4806be2c5b2b0bc3332b
# Parent 7e90178b8bbfd2f78e8f4c6d593a2fb233350f41
flask: add tools/flask/utils/flask-label-pci to .hgignore
This was apparently forgotten in 24353:448c48326d6b
Signed-off-by: Ian Jackson
2011 Sep 14
1
[PATCH] xen/xsm: Compile error due to naming clash between XSM and EFI runtime
While compiling XEN with XSM_ENABLE=y and FLASK_ENABLE=y, I received the following error.
gcc -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -Wdeclaration-after-statement -Wno-unused-but-set-variable -fno-builtin -fno-common -Wredundant-decls -iwithprefix include -Werror -Wno-pointer-arith -pipe
2018 Mar 10
0
[ANNOUNCE] xsm 1.0.4
Alan Coopersmith (4):
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Print which option was in error along with usage message
xsm 1.0.4
Emil Velikov (1):
autogen.sh: use quoted string variables
Gaetan Nadon (1):
Remove obsolete Imake SIGNALRETURNSINT
Mihail Konev (1):
autogen: add default patch prefix
Peter Hutterer (1):
2011 Feb 07
0
[xen-unstable test] 5665: regressions - FAIL
flight 5665 xen-unstable real [real]
http://www.chiark.greenend.org.uk/~xensrcts/logs/5665/
Regressions :-(
Tests which did not succeed and are blocking:
build-amd64-oldkern 4 xen-build fail REGR. vs. 5640
build-amd64 4 xen-build fail REGR. vs. 5640
build-i386-oldkern 4 xen-build fail REGR. vs. 5640
2008 Jun 09
1
Security module (Flask) support should be disabled
I notice that the Flask / ACM security module support has been enabled
in the latest Debian Xen packages. I'm afraid I think this is a
mistake.
In our opinion this code is of very poor quality. It is certainly
ill-tested and not widely used.
We (Xensource/Citrix) have received more than one serious
vulnerability report, of problems which make an installation with the
Flask support compiled
2014 Oct 13
0
XSM in Xenserver.
hi all,
just now i installed xenserver -6.0.2 in my machine. i have seen some Xen
Security Modules (XSM) in xen hypervisor. i want to know any XSM things in
Xenserver. If it is how i can test those things.?
Suggest me some ideas.
Regards,
cooldharma06. :)
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
2008 Oct 07
0
[PATCH] [Flask] Add 2 permissions to the default flask policy to get a VIF-enabled guest to work
This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
2012 Jul 15
2
Certain PCI passthrough devices don't work
Hello list,
Using the mainline 3.5-rc6 kernel and yesterday''s xen-unstable,
I''m having trouble passing in some PCI devices. Everything else works
smoothly.
Attached are some of the relevant logs and configurations. I did
notice from the qemu logs that all the problematic devices have "IRQ
type = INTx" whereas those that are working have "IRQ type =
2011 May 26
0
dom0 linux system consoles; running domU problems
Note: I''m familiar with gentoo distribution, but not with xen.
A time has come, I desided, I need several xen virtual guests on my box
(mostly because I want some personal web-applications installed on
different environment that my desctop machine and desire to have
''playground'' for web-development attempts)
What I have done
1) installed recent gentoo-sources (2.6.39),