Yanjun Wu
2009-May-06 09:01 UTC
[Xen-devel] question about xm getpolicy with ACM/XSM enabled
I use xen-3.3.1 and 2.6.18 dom0, and enabled XSM/ACM by changing Config.mk as XSM_ENABLE ?= y FLASK_ENABLE ?= n ACM_SECURITY ?= y After "make dist clean", "make dist" and "make install", the system boots with new xen-3.3.1.gz successfully. I can see the following messages in "xm dmesg": (XEN) XSM Framework v1.0.0 initialized (XEN) ACM-XSM: Initializing. (XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE ENFORCEMENT). And if I use "xensec_tool getpolicy", it outputs as follows: <snip> Policy dump: ===========POLICY REFERENCE = DEFAULT. PolicyVer = 0. XML Vers. = 0.0 Magic = 1debc. Len = 9c. Primary = CHINESE WALL (c=1, off=4c). Secondary = SIMPLE TYPE ENFORCEMENT (c=2, off=7c). Chinese Wall policy: ===================Policy version= 0. Max Types = 1. Max Ssidrefs = 2. Max ConfSets = 1. Ssidrefs Off = 24. Conflicts Off = 28. Runing T. Off = 2a. C. Agg. Off = 2c. SSID To CHWALL-Type matrix: ssidref 0: 00 ssidref 1: 00 <-- Domain-0 Confict Sets: c-set 0: 00 Running Types: 00 Conflict Aggregate Set: 00 Simple Type Enforcement policy: ==============================Policy version= 0. Max Types = 2. Max Ssidrefs = 2. Ssidrefs Off = 14. SSID To STE-Type matrix: ssidref 0: 00 01 ssidref 1: 01 01 <-- Domain-0 </snip> The question is, when I try "xm getpolicy", it always says: Supported security subsystems : None No policy is installed. and other commands like "xm setpolicy ACM example.test" cannot work as well. any hint? Thanks. -- Yanjun Wu _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel