Hi, I am trying build Xen with XSM enabled using xen-unstable.hg. When I do: # xm getpolicy I get: Supported security subsystems: None It looks like it is creating all accessory directories, etc., but ACM doesn''t seems to be enabled. Config.mk file has: # Enable XSM security module. Enabling XSM requires selection of an # XSM security module (FLASK_ENABLE or ACM_SECURITY). XSM_ENABLE ?= y FLASK_ENABLE ?= n ACM_SECURITY ?= y Build and install completes without errors. I also updated the unstable.hg using ''hg pull -u'', but no luck. I''ve built 3.2.1 as well as 3.3.0 with ACM enabled and everything seems to be OK. Is there anything extra I should do with xen-unstable.hg? OS: CentOS 5.2 (i386) Regards, Dilshan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
George S. Coker, II
2008-Sep-24 19:58 UTC
Re: [Xen-devel] ACM not enabled with xen-unstable
I bet the problem is that you don¹t have an entry like, (xsm_module_name acm) in your xend-config.sxp file. A patch was recently introduced into the python tool chain that removed some autogenerated python code based on these variables in favor of a key-value pair set in xend-config.sxp. The default setting is dummy and if you have a pre-existing xend-config, you don''t get a default key-value entry on a fresh -unstable install. George On 9/23/08 8:00 PM, "Dilshan Jayarathna" <dilshan@ics.mq.edu.au> wrote:> Hi, > > I am trying build Xen with XSM enabled using xen-unstable.hg. > > When I do: > # xm getpolicy > I get: > Supported security subsystems: None > > It looks like it is creating all accessory directories, etc., but ACM doesn''t > seems to be enabled. > > Config.mk file has: > # Enable XSM security module. Enabling XSM requires selection of an > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > XSM_ENABLE ?= y > FLASK_ENABLE ?= n > ACM_SECURITY ?= y > > Build and install completes without errors. I also updated the unstable.hg > using ''hg pull -u'', but no luck. > I''ve built 3.2.1 as well as 3.3.0 with ACM enabled and everything seems to be > OK. > > Is there anything extra I should do with xen-unstable.hg? > > OS: CentOS 5.2 (i386) > > Regards, > Dilshan > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel-- George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Dilshan Jayarathna
2008-Sep-25 00:30 UTC
Re: [Xen-devel] ACM not enabled with xen-unstable
Hi George, Indeed, you''re correct. It wasn''t even uncommented. I''ll try with (xsm_module_name acm). What would be the best suitable version for try out XSM/ACM? I was thinking xen-unstable due to constant patches. Thanks, Dilshan George S. Coker, II wrote:> I bet the problem is that you don¹t have an entry like, > (xsm_module_name acm) in your xend-config.sxp file. A patch was recently > introduced into the python tool chain that removed some autogenerated python > code based on these variables in favor of a key-value pair set in > xend-config.sxp. The default setting is dummy and if you have a > pre-existing xend-config, you don''t get a default key-value entry on a fresh > -unstable install. > > George > > On 9/23/08 8:00 PM, "Dilshan Jayarathna" <dilshan@ics.mq.edu.au> wrote: > > >> Hi, >> >> I am trying build Xen with XSM enabled using xen-unstable.hg. >> >> When I do: >> # xm getpolicy >> I get: >> Supported security subsystems: None >> >> It looks like it is creating all accessory directories, etc., but ACM doesn''t >> seems to be enabled. >> >> Config.mk file has: >> # Enable XSM security module. Enabling XSM requires selection of an >> # XSM security module (FLASK_ENABLE or ACM_SECURITY). >> XSM_ENABLE ?= y >> FLASK_ENABLE ?= n >> ACM_SECURITY ?= y >> >> Build and install completes without errors. I also updated the unstable.hg >> using ''hg pull -u'', but no luck. >> I''ve built 3.2.1 as well as 3.3.0 with ACM enabled and everything seems to be >> OK. >> >> Is there anything extra I should do with xen-unstable.hg? >> >> OS: CentOS 5.2 (i386) >> >> Regards, >> Dilshan >> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel >> > > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
George S. Coker, II
2008-Sep-25 17:12 UTC
Re: [Xen-devel] ACM not enabled with xen-unstable
While I do maintain XSM and XSM/FLASK, I’m not that familiar with XSM/ACM. I don’t believe any significant ACM patches have been committed to -unstable since the 3.3 release. The issue that you uncovered is due to a recent patch to unstable, 3.3 is unaffected. On 9/24/08 8:30 PM, "Dilshan Jayarathna" <dilshan@ics.mq.edu.au> wrote:> Hi George, > > Indeed, you''re correct. It wasn''t even uncommented. > > I''ll try with (xsm_module_name acm). > > What would be the best suitable version for try out XSM/ACM? > I was thinking xen-unstable due to constant patches. > > Thanks, > Dilshan > > George S. Coker, II wrote: >> >> I bet the problem is that you don¹t have an entry like, >> (xsm_module_name acm) in your xend-config.sxp file. A patch was recently >> introduced into the python tool chain that removed some autogenerated python >> code based on these variables in favor of a key-value pair set in >> xend-config.sxp. The default setting is dummy and if you have a >> pre-existing xend-config, you don''t get a default key-value entry on a fresh >> -unstable install. >> >> George >> >> On 9/23/08 8:00 PM, "Dilshan Jayarathna" <dilshan@ics.mq.edu.au> >> <mailto:dilshan@ics.mq.edu.au> wrote: >> >> >> >>> >>> Hi, >>> >>> I am trying build Xen with XSM enabled using xen-unstable.hg. >>> >>> When I do: >>> # xm getpolicy >>> I get: >>> Supported security subsystems: None >>> >>> It looks like it is creating all accessory directories, etc., but ACM >>> doesn''t >>> seems to be enabled. >>> >>> Config.mk file has: >>> # Enable XSM security module. Enabling XSM requires selection of an >>> # XSM security module (FLASK_ENABLE or ACM_SECURITY). >>> XSM_ENABLE ?= y >>> FLASK_ENABLE ?= n >>> ACM_SECURITY ?= y >>> >>> Build and install completes without errors. I also updated the unstable.hg >>> using ''hg pull -u'', but no luck. >>> I''ve built 3.2.1 as well as 3.3.0 with ACM enabled and everything seems to >>> be >>> OK. >>> >>> Is there anything extra I should do with xen-unstable.hg? >>> >>> OS: CentOS 5.2 (i386) >>> >>> Regards, >>> Dilshan >>> >>> >>> _______________________________________________ >>> Xen-devel mailing list >>> Xen-devel@lists.xensource.com >>> http://lists.xensource.com/xen-devel >>> >>> >> >> >> >> > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel-- George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Dilshan Jayarathna
2008-Sep-25 23:35 UTC
Re: [Xen-devel] ACM not enabled with xen-unstable
Thanks. I''ll stick to 3.3 then. Dilshan George S. Coker, II wrote:> > While I do maintain XSM and XSM/FLASK, I’m not that familiar with > XSM/ACM. I don’t believe any significant > ACM patches have been committed to -unstable since the 3.3 release. > The issue that you uncovered is due to > a recent patch to --unstable, 3.3 is unaffected. > > > On 9/24/08 8:30 PM, "Dilshan Jayarathna" <dilshan@ics.mq.edu.au> wrote: > > Hi George, > > Indeed, you''re correct. It wasn''t even uncommented. > > I''ll try with (xsm_module_name acm). > > What would be the best suitable version for try out XSM/ACM? > I was thinking xen-unstable due to constant patches. > > Thanks, > Dilshan > > George S. Coker, II wrote: > > > I bet the problem is that you don¹t have an entry like, > (xsm_module_name acm) in your xend-config.sxp file. A patch > was recently > introduced into the python tool chain that removed some > autogenerated python > code based on these variables in favor of a key-value pair set in > xend-config.sxp. The default setting is dummy and if you have a > pre-existing xend-config, you don''t get a default key-value > entry on a fresh > -unstable install. > > George > > On 9/23/08 8:00 PM, "Dilshan Jayarathna" > <dilshan@ics.mq.edu.au> <mailto:dilshan@ics.mq.edu.au> wrote: > > > > > Hi, > > I am trying build Xen with XSM enabled using xen-unstable.hg. > > When I do: > # xm getpolicy > I get: > Supported security subsystems: None > > It looks like it is creating all accessory directories, > etc., but ACM doesn''t > seems to be enabled. > > Config.mk file has: > # Enable XSM security module. Enabling XSM requires > selection of an > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > XSM_ENABLE ?= y > FLASK_ENABLE ?= n > ACM_SECURITY ?= y > > Build and install completes without errors. I also updated > the unstable.hg > using ''hg pull -u'', but no luck. > I''ve built 3.2.1 as well as 3.3.0 with ACM enabled and > everything seems to be > OK. > > Is there anything extra I should do with xen-unstable.hg? > > OS: CentOS 5.2 (i386) > > Regards, > Dilshan > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > > > > > > > > ------------------------------------------------------------------------ > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel > > > -- > George S. Coker, II <gscoker@alpha.ncsc.mil>_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel