Xen devel - Jul 2013 - xen (XSM policy) : Unload and analysis tool.

Hi all,

i want to know about the following things:

1.unloading XSM policy.

-xl loadpolicy xenpolicy.24

to load the policy. For unloading is there any command is available.?

2. i want to know any analysis tool is available for XSM policy.

3. Apart from wiki.org/XSM any other tutorial is available for developing
own XSM policy.?

Thanks and regards,
cooldharma06.


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

On 07/19/2013 02:33 AM, cooldharma06 wrote:
> Hi all,
>
> i want to know about the following things:
>
> 1.unloading XSM policy.
>
> -xl loadpolicy xenpolicy.24
>
> to load the policy. For unloading is there any command is available.?
No. Loading another policy will replace the existing one, so there is no
need to unload a policy. Disabling enforcing mode will prevent XSM from
denying any accesses, which has a similar effect to unloading the policy.
> 2. i want to know any analysis tool is available for XSM policy.
SELinux tools such as sesearch will work on XSM policy; you just need to
point them at the Xen policy explicitly. For some of the tools, you may
need to explicitly tell the tool that MLS is disabled.
> 3. Apart from wiki.org/XSM any other tutorial is available for developing
> own XSM policy.?
The xen source has docs/misc/xsm-flask.txt; otherwise, any tutorial on writing
SELinux policy should apply (although the specific macros and access vectors
will be different). I am not aware of a xen-specific tutorial.
> Thanks and regards,
> cooldharma06.
>
-- 
Daniel De Graaf
National Security Agency