Thomas DuBuisson
2009-Jul-08 03:28 UTC
[Xen-devel] BUG using xen-unstable with XSM + Flask
While xen-unstable works OK for me normally, when I compile xen.gz with XSM and Flask I can''t boot - instead I get a panic from domain_build.c line 1100. That line is a "BUG_ON( rc != 0)" in the function construct_dom0(). My system: Thinkpad T61 (Intel core2 duo) Software config: Fedora 11 i686 (gcc 4.4.0), using current HEAD from xen-unstable. Let me know what other info would help if you''re interested. Thomas _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
George S. Coker, II
2009-Jul-10 17:28 UTC
Re: [Xen-devel] BUG using xen-unstable with XSM + Flask
Thomas, Are you booting with the policy in enforcing or permissive mode? We''re using the same configuration here but only in permissive mode. I see some policy violations in the xen dmesg. (We''re overdue for some updates to the sample policy to include some organizational cleanups.) I suspect you are running in enforcing mode and simply need to update your policy. The iomem/ioports/irq_permit/deny_access have security checks in the add/remove_rangeset codepaths. These are the only xsm hooks relevant to your report and flask will cause rc != 0 in enforcing mode. Which changeset, HEAD is too relative. George On 7/7/09 11:28 PM, "Thomas DuBuisson" <thomas.dubuisson@gmail.com> wrote:> While xen-unstable works OK for me normally, when I compile xen.gz > with XSM and Flask I can''t boot - instead I get a panic from > domain_build.c line 1100. That line is a "BUG_ON( rc != 0)" in the > function construct_dom0(). > > My system: > Thinkpad T61 (Intel core2 duo) > > Software config: > Fedora 11 i686 (gcc 4.4.0), using current HEAD from xen-unstable. > > Let me know what other info would help if you''re interested. > > Thomas > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel-- George S. Coker, II <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel