------- Comment #15 From Konrad Rzeszutek Wilk 2011-08-05 19:11 [reply] ------- Just copy-n-paste the bug and post it on xen-devel mailing list. http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775 a reduced summary; This fault renders xen unworkable, only in the packaged install of distro gentoo/ gentoo64 grub # eix xen [I] app-emulation/xen Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags debug flask pae xsm} Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm -custom-cflags) Homepage: http://xen.org/ Description: The Xen virtual machine monitor This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I can bring up virt-manager which happily lists the vms. On attempting to boot a v the moment the xen equipped kernel attempts to boot the vm, the system is crashed. That is, it seems to trigger reboot because that is what happens, Just reboot. I haven''t bothered with any logs because this instantaneous crash should fail to write any events to logs, correct me if I''m wrong ------- Comment #1 From IAN DELANEY 2011-07-30 02:36 [reply] ------- should have mentioned. idella@gentoo64 ~/bin $ ls /boot/ ........... xen-4.1.0-rc7-pre.gz xen-4.1.0.gz ........ The xen-4.1.0-rc7-pre.gz is fine The xen-4.1.0.gz hypervisor is broken. idella@gentoo64 ~/bin $ emerge xen -pv These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug flask pae xsm" 0 kB shows the compiled in features. What can trigger this type of system crash? ------- Comment #3 From IAN DELANEY 2011-07-30 07:31 [reply] ------- It seems the cause of this is in gentoo terms the use of the use flags acm and xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345. It seems disabling these flags allows the hypervisor to boot vms. What I need to know is where this flaw comes from. There is a gentoo package xsm, but not asm. asm is a security portion of the source. Is the flaw in the gentoo package xsm, is it the xensource code, and can you list the step or steps to sensure xsm and acm directly in the xensource code so I can replicate it; suspect they are options manually put after make on the command line. ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] ------- Aha from Config.mk # Enable XSM security module. Enabling XSM requires selection of an # XSM security module (FLASK_ENABLE or ACM_SECURITY). XSM_ENABLE ?= n FLASK_ENABLE ?= n ACM_SECURITY ?= n These are the default settings, so it seems the hypervisor I am using does in fact not have these set. So why are they turned off, and do they have an unresolved issue? ------- Comment #6 From Konrad Rzeszutek Wilk 2011-07-30 08:26 [reply] ------- (In reply to comment #5)> Aha > > from Config.mk > > # Enable XSM security module. Enabling XSM requires selection of an > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > XSM_ENABLE ?= n > FLASK_ENABLE ?= n > ACM_SECURITY ?= n > > These are the default settings, so it seems the hypervisor I am using does in > fact not have these set. > So why are they turned off, and do they have an unresolved issue?B/c the maintainer for them is .. gone? I suspect the code is bit-rotten. You might want to open a Gentoo bug to turn those off until somebody fixes whatever the issue you have with ACM.>------- Comment #7 From IAN DELANEY 2011-07-30 08:40 [reply] ------- Konrad; I can get the use flags withdrawn, but the task at hand is to get them to work. I can say that change to setting FLASK_ENABLE ?= y cause the emerge or build to fail in my gentoo ------- Comment #8 From IAN DELANEY 2011-07-30 10:04 [reply] ------- ok I''m picking up the threads. # make clean # nano Config.mk # emerge install-xen for each alteration. the build fails only for setting ACM_SECURITY ?= y. ------- Comment #9 From Konrad Rzeszutek Wilk 2011-07-31 08:14 [reply] ------- (In reply to comment #7)> Konrad; > > thanks. When you say maintainer, do you mean a gentoo maintainer?Cool. So in regards to disable ACM/FLask - that was to you. In regards to actually figuring why ACM/Flask does not seem to work - that was meant for the maintainer of that code in Xen - who seemed to have moved on to other things.> I can get the use flags withdrawn, but the task at hand is to get them to work.Ah, then you will need to figure out why FLASK does not work - I have no knowledge of that code so won''t be much help. You might have better luck digging up the authors of said code and emailing them.> I can say that change to setting > FLASK_ENABLE ?= y > cause the emerge or build to fail in my gentoo > > Thanks for your important help. >------- Comment #10 From IAN DELANEY 2011-07-31 08:49 [reply] ------- ok; to correct last entries. It seems that flask is fine. On repeating it a number of times, for whatever reason, on compiling the xensource package xen-4.1-testing.hg, it appears that entries flask and acm will in fact compile fine. It seems that setting flask on its own will fail, it depends upon xsm being set. Setting xsm om its own or with flask works. In fact, setting all 3, the package builds. But like the gentoo emerge, the hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So the flaw isn''t in gentoo, it'' in the source. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Tim, George, Any ideas who at might know more about the ACM flask? On Sat, Aug 06, 2011 at 04:28:37PM +0800, Windows Live wrote:> > ------- Comment > > #15 From > Konrad Rzeszutek Wilk > 2011-08-05 19:11 > > [reply] > ------- > > > > > Just copy-n-paste the bug and post it on xen-devel mailing list. > > > http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775 > > a reduced summary; > > > This fault renders xen unworkable, only in the packaged install of distro > gentoo/ > > gentoo64 grub # eix xen > [I] app-emulation/xen > Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags > debug flask pae xsm} > Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm > -custom-cflags) > Homepage: http://xen.org/ > Description: The Xen virtual machine monitor > > This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I can > bring up virt-manager which happily lists the vms. > > On attempting to boot a v the moment the xen equipped kernel attempts to boot > the vm, the system is crashed. > > That is, it seems to trigger reboot because that is what happens, > Just reboot. > I haven''t bothered with any logs because this instantaneous crash should fail > to write any events to logs, correct me if I''m wrong > > ------- Comment > > #1 From > IAN DELANEY > 2011-07-30 02:36 > > [reply] > ------- > > > > > should have mentioned. > > idella@gentoo64 ~/bin $ ls /boot/ > ........... > xen-4.1.0-rc7-pre.gz > xen-4.1.0.gz > ........ > > The xen-4.1.0-rc7-pre.gz is fine > The xen-4.1.0.gz hypervisor is broken. > > idella@gentoo64 ~/bin $ emerge xen -pv > > These are the packages that would be merged, in order: > > Calculating dependencies... done! > [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug flask > pae xsm" 0 kB > > shows the compiled in features. What can trigger this type of system crash? > > > > > ------- Comment > > #3 From > IAN DELANEY > 2011-07-30 07:31 > > [reply] > ------- > > > > > It seems the cause of this is in gentoo terms the use of the use flags acm and > xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345. > It seems disabling these flags allows the hypervisor to boot vms. > What I need to know is where this flaw comes from. There is a gentoo package > xsm, but not asm. > asm is a security portion of the source. > Is the flaw in the gentoo package xsm, is it the xensource code, and can you > list the step or steps to sensure xsm and acm directly in the xensource code so > I can replicate it; suspect they are options manually put after make on the > command line. > > ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] ------- > > > > > Aha > > from Config.mk > > # Enable XSM security module. Enabling XSM requires selection of an > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > XSM_ENABLE ?= n > FLASK_ENABLE ?= n > ACM_SECURITY ?= n > > These are the default settings, so it seems the hypervisor I am using does in > fact not have these set. > So why are they turned off, and do they have an unresolved issue? > > > > > > > ------- Comment > > #6 From > Konrad Rzeszutek Wilk > 2011-07-30 08:26 > > [reply] > ------- > > > > > (In reply to comment #5) > > Aha > > > > from Config.mk > > > > # Enable XSM security module. Enabling XSM requires selection of an > > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > > XSM_ENABLE ?= n > > FLASK_ENABLE ?= n > > ACM_SECURITY ?= n > > > > These are the default settings, so it seems the hypervisor I am using does in > > fact not have these set. > > So why are they turned off, and do they have an unresolved issue? > > B/c the maintainer for them is .. gone? I suspect the code is bit-rotten. You > might want to open a Gentoo bug to turn those off until somebody fixes whatever > the issue you have with ACM. > > > > > > > > > > ------- Comment > > #7 From > IAN DELANEY > 2011-07-30 08:40 > > [reply] > ------- > > > > > Konrad; > > > I can get the use flags withdrawn, but the task at hand is to get them to work. > I can say that change to setting > FLASK_ENABLE ?= y > cause the emerge or build to fail in my gentoo > > > > > ------- Comment > > #8 From > IAN DELANEY > 2011-07-30 10:04 > > [reply] > ------- > > > > > ok I''m picking up the threads. > > # make clean > # nano Config.mk > # emerge install-xen > > for each alteration. > > the build fails only for setting ACM_SECURITY ?= y. > > > > > > > ------- Comment > > #9 From > Konrad Rzeszutek Wilk > 2011-07-31 08:14 > > [reply] > ------- > > > > > (In reply to comment #7) > > Konrad; > > > > thanks. When you say maintainer, do you mean a gentoo maintainer? > > Cool. So in regards to disable ACM/FLask - that was to you. In regards to > actually figuring why ACM/Flask does not seem to work - that was meant for the > maintainer of that code in Xen - who seemed to have moved on to other things. > > > > I can get the use flags withdrawn, but the task at hand is to get them to work. > > Ah, then you will need to figure out why FLASK does not work - I have no > knowledge of that code so won''t be much help. You might have better luck > digging up the authors of said code and emailing them. > > > I can say that change to setting > > FLASK_ENABLE ?= y > > cause the emerge or build to fail in my gentoo > > > > Thanks for your important help. > > > > > > > > > ------- Comment > > #10 From > IAN DELANEY > 2011-07-31 08:49 > > [reply] > ------- > > > > > ok; to correct last entries. > > It seems that flask is fine. On repeating it a number of times, for whatever > reason, on compiling the xensource package xen-4.1-testing.hg, it appears that > entries flask and acm will in fact compile fine. It seems that setting flask on > its own will fail, it depends upon xsm being set. Setting xsm om its own or > with flask works. > > In fact, setting all 3, the package builds. But like the gentoo emerge, the > hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM > presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So the > flaw isn''t in gentoo, it'' in the source.> _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Tue, 2011-08-09 at 15:29 +0100, Konrad Rzeszutek Wilk wrote:> Tim, George, > > Any ideas who at might know more about the ACM flask?Didn''t Keir remove ACM support back in 23097:2aeebd5cbbad? Probably post Xen 4.1 but on that basis I wouldn''t recommend enabling it on any recent release which happened to include it -- it was removed because it was unmaintained. Ian.> > On Sat, Aug 06, 2011 at 04:28:37PM +0800, Windows Live wrote: > > > > ------- Comment > > > > #15 From > > Konrad Rzeszutek Wilk > > 2011-08-05 19:11 > > > > [reply] > > ------- > > > > > > > > > > Just copy-n-paste the bug and post it on xen-devel mailing list. > > > > > > http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775 > > > > a reduced summary; > > > > > > This fault renders xen unworkable, only in the packaged install of distro > > gentoo/ > > > > gentoo64 grub # eix xen > > [I] app-emulation/xen > > Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags > > debug flask pae xsm} > > Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm > > -custom-cflags) > > Homepage: http://xen.org/ > > Description: The Xen virtual machine monitor > > > > This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I can > > bring up virt-manager which happily lists the vms. > > > > On attempting to boot a v the moment the xen equipped kernel attempts to boot > > the vm, the system is crashed. > > > > That is, it seems to trigger reboot because that is what happens, > > Just reboot. > > I haven''t bothered with any logs because this instantaneous crash should fail > > to write any events to logs, correct me if I''m wrong > > > > ------- Comment > > > > #1 From > > IAN DELANEY > > 2011-07-30 02:36 > > > > [reply] > > ------- > > > > > > > > > > should have mentioned. > > > > idella@gentoo64 ~/bin $ ls /boot/ > > ........... > > xen-4.1.0-rc7-pre.gz > > xen-4.1.0.gz > > ........ > > > > The xen-4.1.0-rc7-pre.gz is fine > > The xen-4.1.0.gz hypervisor is broken. > > > > idella@gentoo64 ~/bin $ emerge xen -pv > > > > These are the packages that would be merged, in order: > > > > Calculating dependencies... done! > > [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug flask > > pae xsm" 0 kB > > > > shows the compiled in features. What can trigger this type of system crash? > > > > > > > > > > ------- Comment > > > > #3 From > > IAN DELANEY > > 2011-07-30 07:31 > > > > [reply] > > ------- > > > > > > > > > > It seems the cause of this is in gentoo terms the use of the use flags acm and > > xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345. > > It seems disabling these flags allows the hypervisor to boot vms. > > What I need to know is where this flaw comes from. There is a gentoo package > > xsm, but not asm. > > asm is a security portion of the source. > > Is the flaw in the gentoo package xsm, is it the xensource code, and can you > > list the step or steps to sensure xsm and acm directly in the xensource code so > > I can replicate it; suspect they are options manually put after make on the > > command line. > > > > ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] ------- > > > > > > > > > > Aha > > > > from Config.mk > > > > # Enable XSM security module. Enabling XSM requires selection of an > > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > > XSM_ENABLE ?= n > > FLASK_ENABLE ?= n > > ACM_SECURITY ?= n > > > > These are the default settings, so it seems the hypervisor I am using does in > > fact not have these set. > > So why are they turned off, and do they have an unresolved issue? > > > > > > > > > > > > > > ------- Comment > > > > #6 From > > Konrad Rzeszutek Wilk > > 2011-07-30 08:26 > > > > [reply] > > ------- > > > > > > > > > > (In reply to comment #5) > > > Aha > > > > > > from Config.mk > > > > > > # Enable XSM security module. Enabling XSM requires selection of an > > > # XSM security module (FLASK_ENABLE or ACM_SECURITY). > > > XSM_ENABLE ?= n > > > FLASK_ENABLE ?= n > > > ACM_SECURITY ?= n > > > > > > These are the default settings, so it seems the hypervisor I am using does in > > > fact not have these set. > > > So why are they turned off, and do they have an unresolved issue? > > > > B/c the maintainer for them is .. gone? I suspect the code is bit-rotten. You > > might want to open a Gentoo bug to turn those off until somebody fixes whatever > > the issue you have with ACM. > > > > > > > > > > > > > > > > > > > ------- Comment > > > > #7 From > > IAN DELANEY > > 2011-07-30 08:40 > > > > [reply] > > ------- > > > > > > > > > > Konrad; > > > > > > I can get the use flags withdrawn, but the task at hand is to get them to work. > > I can say that change to setting > > FLASK_ENABLE ?= y > > cause the emerge or build to fail in my gentoo > > > > > > > > > > ------- Comment > > > > #8 From > > IAN DELANEY > > 2011-07-30 10:04 > > > > [reply] > > ------- > > > > > > > > > > ok I''m picking up the threads. > > > > # make clean > > # nano Config.mk > > # emerge install-xen > > > > for each alteration. > > > > the build fails only for setting ACM_SECURITY ?= y. > > > > > > > > > > > > > > ------- Comment > > > > #9 From > > Konrad Rzeszutek Wilk > > 2011-07-31 08:14 > > > > [reply] > > ------- > > > > > > > > > > (In reply to comment #7) > > > Konrad; > > > > > > thanks. When you say maintainer, do you mean a gentoo maintainer? > > > > Cool. So in regards to disable ACM/FLask - that was to you. In regards to > > actually figuring why ACM/Flask does not seem to work - that was meant for the > > maintainer of that code in Xen - who seemed to have moved on to other things. > > > > > > > I can get the use flags withdrawn, but the task at hand is to get them to work. > > > > Ah, then you will need to figure out why FLASK does not work - I have no > > knowledge of that code so won''t be much help. You might have better luck > > digging up the authors of said code and emailing them. > > > > > I can say that change to setting > > > FLASK_ENABLE ?= y > > > cause the emerge or build to fail in my gentoo > > > > > > Thanks for your important help. > > > > > > > > > > > > > > > > > ------- Comment > > > > #10 From > > IAN DELANEY > > 2011-07-31 08:49 > > > > [reply] > > ------- > > > > > > > > > > ok; to correct last entries. > > > > It seems that flask is fine. On repeating it a number of times, for whatever > > reason, on compiling the xensource package xen-4.1-testing.hg, it appears that > > entries flask and acm will in fact compile fine. It seems that setting flask on > > its own will fail, it depends upon xsm being set. Setting xsm om its own or > > with flask works. > > > > In fact, setting all 3, the package builds. But like the gentoo emerge, the > > hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM > > presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So the > > flaw isn''t in gentoo, it'' in the source. > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 09/08/2011 15:34, "Ian Campbell" <Ian.Campbell@citrix.com> wrote:> On Tue, 2011-08-09 at 15:29 +0100, Konrad Rzeszutek Wilk wrote: >> Tim, George, >> >> Any ideas who at might know more about the ACM flask? > > Didn''t Keir remove ACM support back in 23097:2aeebd5cbbad? Probably post > Xen 4.1 but on that basis I wouldn''t recommend enabling it on any recent > release which happened to include it -- it was removed because it was > unmaintained.Yes, Flask and ACM are (were) two different security models implemented under a common XSM security framework. Only Flask is being actively maintained, so I deleted ACM. I would recommend Gentoo only enable xsm in their build -- at least if that fails there are maintainers who should be interested in helping to fix it. Noone will help you with acm. -- Keir> Ian. > >> >> On Sat, Aug 06, 2011 at 04:28:37PM +0800, Windows Live wrote: >>> >>> ------- Comment >>> >>> #15 From >>> Konrad Rzeszutek Wilk >>> 2011-08-05 19:11 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> Just copy-n-paste the bug and post it on xen-devel mailing list. >>> >>> >>> http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775 >>> >>> a reduced summary; >>> >>> >>> This fault renders xen unworkable, only in the packaged install of distro >>> gentoo/ >>> >>> gentoo64 grub # eix xen >>> [I] app-emulation/xen >>> Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags >>> debug flask pae xsm} >>> Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm >>> -custom-cflags) >>> Homepage: http://xen.org/ >>> Description: The Xen virtual machine monitor >>> >>> This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I >>> can >>> bring up virt-manager which happily lists the vms. >>> >>> On attempting to boot a v the moment the xen equipped kernel attempts to >>> boot >>> the vm, the system is crashed. >>> >>> That is, it seems to trigger reboot because that is what happens, >>> Just reboot. >>> I haven''t bothered with any logs because this instantaneous crash should >>> fail >>> to write any events to logs, correct me if I''m wrong >>> >>> ------- Comment >>> >>> #1 From >>> IAN DELANEY >>> 2011-07-30 02:36 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> should have mentioned. >>> >>> idella@gentoo64 ~/bin $ ls /boot/ >>> ........... >>> xen-4.1.0-rc7-pre.gz >>> xen-4.1.0.gz >>> ........ >>> >>> The xen-4.1.0-rc7-pre.gz is fine >>> The xen-4.1.0.gz hypervisor is broken. >>> >>> idella@gentoo64 ~/bin $ emerge xen -pv >>> >>> These are the packages that would be merged, in order: >>> >>> Calculating dependencies... done! >>> [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug >>> flask >>> pae xsm" 0 kB >>> >>> shows the compiled in features. What can trigger this type of system crash? >>> >>> >>> >>> >>> ------- Comment >>> >>> #3 From >>> IAN DELANEY >>> 2011-07-30 07:31 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> It seems the cause of this is in gentoo terms the use of the use flags acm >>> and >>> xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345. >>> It seems disabling these flags allows the hypervisor to boot vms. >>> What I need to know is where this flaw comes from. There is a gentoo >>> package >>> xsm, but not asm. >>> asm is a security portion of the source. >>> Is the flaw in the gentoo package xsm, is it the xensource code, and can you >>> list the step or steps to sensure xsm and acm directly in the xensource code >>> so >>> I can replicate it; suspect they are options manually put after make on the >>> command line. >>> >>> ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] ------- >>> >>> >>> >>> >>> Aha >>> >>> from Config.mk >>> >>> # Enable XSM security module. Enabling XSM requires selection of an >>> # XSM security module (FLASK_ENABLE or ACM_SECURITY). >>> XSM_ENABLE ?= n >>> FLASK_ENABLE ?= n >>> ACM_SECURITY ?= n >>> >>> These are the default settings, so it seems the hypervisor I am using does >>> in >>> fact not have these set. >>> So why are they turned off, and do they have an unresolved issue? >>> >>> >>> >>> >>> >>> >>> ------- Comment >>> >>> #6 From >>> Konrad Rzeszutek Wilk >>> 2011-07-30 08:26 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> (In reply to comment #5) >>>> Aha >>>> >>>> from Config.mk >>>> >>>> # Enable XSM security module. Enabling XSM requires selection of an >>>> # XSM security module (FLASK_ENABLE or ACM_SECURITY). >>>> XSM_ENABLE ?= n >>>> FLASK_ENABLE ?= n >>>> ACM_SECURITY ?= n >>>> >>>> These are the default settings, so it seems the hypervisor I am using does >>>> in >>>> fact not have these set. >>>> So why are they turned off, and do they have an unresolved issue? >>> >>> B/c the maintainer for them is .. gone? I suspect the code is bit-rotten. >>> You >>> might want to open a Gentoo bug to turn those off until somebody fixes >>> whatever >>> the issue you have with ACM. >>> >>>> >>> >>> >>> >>> >>> >>> >>> ------- Comment >>> >>> #7 From >>> IAN DELANEY >>> 2011-07-30 08:40 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> Konrad; >>> >>> >>> I can get the use flags withdrawn, but the task at hand is to get them to >>> work. >>> I can say that change to setting >>> FLASK_ENABLE ?= y >>> cause the emerge or build to fail in my gentoo >>> >>> >>> >>> >>> ------- Comment >>> >>> #8 From >>> IAN DELANEY >>> 2011-07-30 10:04 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> ok I''m picking up the threads. >>> >>> # make clean >>> # nano Config.mk >>> # emerge install-xen >>> >>> for each alteration. >>> >>> the build fails only for setting ACM_SECURITY ?= y. >>> >>> >>> >>> >>> >>> >>> ------- Comment >>> >>> #9 From >>> Konrad Rzeszutek Wilk >>> 2011-07-31 08:14 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> (In reply to comment #7) >>>> Konrad; >>>> >>>> thanks. When you say maintainer, do you mean a gentoo maintainer? >>> >>> Cool. So in regards to disable ACM/FLask - that was to you. In regards to >>> actually figuring why ACM/Flask does not seem to work - that was meant for >>> the >>> maintainer of that code in Xen - who seemed to have moved on to other >>> things. >>> >>> >>>> I can get the use flags withdrawn, but the task at hand is to get them to >>>> work. >>> >>> Ah, then you will need to figure out why FLASK does not work - I have no >>> knowledge of that code so won''t be much help. You might have better luck >>> digging up the authors of said code and emailing them. >>> >>>> I can say that change to setting >>>> FLASK_ENABLE ?= y >>>> cause the emerge or build to fail in my gentoo >>>> >>>> Thanks for your important help. >>>> >>> >>> >>> >>> >>> >>> >>> ------- Comment >>> >>> #10 From >>> IAN DELANEY >>> 2011-07-31 08:49 >>> >>> [reply] >>> ------- >>> >>> >>> >>> >>> ok; to correct last entries. >>> >>> It seems that flask is fine. On repeating it a number of times, for >>> whatever >>> reason, on compiling the xensource package xen-4.1-testing.hg, it appears >>> that >>> entries flask and acm will in fact compile fine. It seems that setting flask >>> on >>> its own will fail, it depends upon xsm being set. Setting xsm om its own or >>> with flask works. >>> >>> In fact, setting all 3, the package builds. But like the gentoo emerge, the >>> hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM >>> presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So >>> the >>> flaw isn''t in gentoo, it'' in the source. >> >>> _______________________________________________ >>> Xen-devel mailing list >>> Xen-devel@lists.xensource.com >>> http://lists.xensource.com/xen-devel >> >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@lists.xensource.com >> http://lists.xensource.com/xen-devel > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel