Hi, I have a problem about ACM module(hg.15730) I want to label Domain-0. I read xen user''s manual v3.0 and "man xm" information. ACM document mentions how to label Domain-0. But I couldn''t add the label when I tried the following steps. (test1) #xm makepolicy example.client_v1 #xm cfgbootpolicy example.client_v1 #reboot (test2) #xm setpolicy ACM example.client_v1 #xm activatepolicy --boot (result) [root@bx607 ~]# xm list --label Name ID Mem VCPUs State Time(s) Label Domain-0 0 1024 4 r----- 105.1 unlabeled So,I tried to use "xm addlabel" command. #xm makepolicy example.client_v1 #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 But I couldn''t again. Is there any good idea ? Thanks, Syunsuke HAYASHI _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
xen-devel-bounces@lists.xensource.com wrote on 08/27/2007 04:00:14 AM:> Hi, > I have a problem about ACM module(hg.15730) > I want to label Domain-0. > I read xen user''s manual v3.0 and "man xm" information. > ACM document mentions how to label Domain-0. > But I couldn''t add the label when I tried the following steps. > > (test1) > #xm makepolicy example.client_v1 > #xm cfgbootpolicy example.client_v1 > #reboot > > (test2) > #xm setpolicy ACM example.client_v1 > #xm activatepolicy --boot > > (result) > [root@bx607 ~]# xm list --label > Name ID Mem VCPUs State Time(s) Label > Domain-0 0 1024 4 r----- 105.1 unlabeled > > So,I tried to use "xm addlabel" command. > > #xm makepolicy example.client_v1 > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 > > But I couldn''t again. > > Is there any good idea ?Is there an ssidref=... in the ''kernel'' line in the grub title you are booting? Can you send this line and remove the ssidref=... and try again? Otherwise if this is not the case, can you send the content of ''xm dmesg''? Stefan> > Thanks, > > Syunsuke HAYASHI > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
I''ve been looking into this and I can''t find anything that is XSM related to this problem. However, parts of ACM''s policy management are cryptic to me, so I defer to Stefan to provide more insight here. George On Tue, 2007-08-28 at 13:17 -0400, Stefan Berger wrote:> > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007 04:00:14 AM: > > > Hi, > > I have a problem about ACM module(hg.15730) > > I want to label Domain-0. > > I read xen user''s manual v3.0 and "man xm" information. > > ACM document mentions how to label Domain-0. > > But I couldn''t add the label when I tried the following steps. > > > > (test1) > > #xm makepolicy example.client_v1 > > #xm cfgbootpolicy example.client_v1 > > #reboot > > > > (test2) > > #xm setpolicy ACM example.client_v1 > > #xm activatepolicy --boot > > > > (result) > > [root@bx607 ~]# xm list --label > > Name ID Mem VCPUs State Time(s) Label > > Domain-0 0 1024 4 r----- 105.1 unlabeled > > > > So,I tried to use "xm addlabel" command. > > > > #xm makepolicy example.client_v1 > > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 > > > > But I couldn''t again. > > > > Is there any good idea ? > > Is there an ssidref=... in the ''kernel'' line in the grub title you are > booting? Can you send this line and remove the ssidref=... and try > again? > Otherwise if this is not the case, can you send the content of ''xm > dmesg''? > > Stefan > > > > Thanks, > > > > Syunsuke HAYASHI > > > > > > > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Syunsuke HAYASHI
2007-Aug-29 04:26 UTC
[Xen-users] Re: [Xen-devel] Loading ACM policy in XSM
Hi,Stefan
Thank you for the help.
I was not describing an ssidref=... in grub.conf.
I show grub.conf and dmesg when I execute "xm chgpolicy
example.client_v1" command and reboot.
----------------------------grub.conf--------------------------------------
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda3
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title xen-unstable0827
root (hd0,0)
kernel /xen.gz dom0_mem=1024M
module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
module /initrd-2.6.18-xen.img
module /example.client_v1.bin
-----------------------------dmesg----------------------------------------
__ __ _____ ___ _ _ _
\ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | | ___
\ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/ __| __/ _` |
''_ \| |/ _ \
/ \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | | __/
/_/\_\___|_| |_| |____(_)___/ \__,_|_| |_|___/\__\__,_|_.__/|_|\___|
http://www.cl.cam.ac.uk/netos/xen
University of Cambridge Computer Laboratory
Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc version
4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
(XEN) Command line: /xen.gz dom0_mem=1024M
(XEN) Video information:
(XEN) VGA is text mode 80x25, font 8x16
(XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds
(XEN) Disc information:
(XEN) Found 1 MBR signatures
(XEN) Found 1 EDD information structures
(XEN) Xen-e820 RAM map:
(XEN) 0000000000000000 - 000000000009f000 (usable)
(XEN) 000000000009f000 - 00000000000a0000 (reserved)
(XEN) 00000000000d6000 - 00000000000d8000 (reserved)
(XEN) 00000000000e0000 - 0000000000100000 (reserved)
(XEN) 0000000000100000 - 000000007fff0000 (usable)
(XEN) 000000007fff0000 - 000000007ffff000 (ACPI data)
(XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS)
(XEN) 00000000fec00000 - 00000000fec10000 (reserved)
(XEN) 00000000fee00000 - 00000000fee01000 (reserved)
(XEN) 00000000fff80000 - 0000000100000000 (reserved)
(XEN) System RAM: 2047MB (2096700kB)
(XEN) Xen heap: 9MB (10168kB)
(XEN) Domain heap initialised: DMA width 32 bits
(XEN) PAE enabled, limit: 16 GB
(XEN) Processor #0 15:2 APIC version 20
(XEN) Processor #1 15:2 APIC version 20
(XEN) Processor #6 15:2 APIC version 20
(XEN) Processor #7 15:2 APIC version 20
(XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
(XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
(XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
(XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
(XEN) Enabling APIC mode: Flat. Using 4 I/O APICs
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Detected 3189.437 MHz processor.
(XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
(XEN) Booting processor 1/1 eip 90000
(XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
(XEN) Booting processor 2/6 eip 90000
(XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
(XEN) Booting processor 3/7 eip 90000
(XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
(XEN) Total of 4 processors activated.
(XEN) ENABLING IO-APIC IRQs
(XEN) -> Using new ACK method
(XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
(XEN) Platform timer overflows in 234 jiffies.
(XEN) Platform timer is 3.579MHz ACPI PM Timer
(XEN) Brought up 4 CPUs
(XEN) Policy len 0x168, start at 3ffff000 - module 2.
(XEN) acm_set_policy_reference: Activating policy example.client_v1
(XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot
policy.
(XEN) *** LOADING DOMAIN 0 ***
(XEN) Xen kernel: 32-bit, PAE, lsb
(XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048 pages
to be allocated)
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN) Loaded kernel: c0100000->c044fb7c
(XEN) Init. ramdisk: c0450000->c0bba600
(XEN) Phys-Mach map: c0bbb000->c0cbb000
(XEN) Start info: c0cbb000->c0cbb46c
(XEN) Page tables: c0cbc000->c0cc9000
(XEN) Boot stack: c0cc9000->c0cca000
(XEN) TOTAL: c0000000->c1000000
(XEN) ENTRY ADDRESS: c0100000
(XEN) Dom0 has maximum 4 VCPUs
(XEN) Initrd len 0x76a600, start at 0xc0450000
(XEN) Scrubbing Free RAM: .........done.
(XEN) Xen trace buffers: disabled
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type ''CTRL-a'' three times
to switch
input to Xen).
(XEN) Freed 88kB init memory.
(XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
(XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
(XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
-------------------------------------------------------------------------
Is it good in this ?
Syunsuke HAYASHI
>
> xen-devel-bounces@lists.xensource.com wrote on 08/27/2007 04:00:14 AM:
>
> > Hi,
> > I have a problem about ACM module(hg.15730)
> > I want to label Domain-0.
> > I read xen user''s manual v3.0 and "man xm"
information.
> > ACM document mentions how to label Domain-0.
> > But I couldn''t add the label when I tried the following
steps.
> >
> > (test1)
> > #xm makepolicy example.client_v1
> > #xm cfgbootpolicy example.client_v1
> > #reboot
> >
> > (test2)
> > #xm setpolicy ACM example.client_v1
> > #xm activatepolicy --boot
> >
> > (result)
> > [root@bx607 ~]# xm list --label
> > Name ID Mem VCPUs State Time(s) Label
> > Domain-0 0 1024 4 r----- 105.1 unlabeled
> >
> > So,I tried to use "xm addlabel" command.
> >
> > #xm makepolicy example.client_v1
> > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1
> >
> > But I couldn''t again.
> >
> > Is there any good idea ?
>
> Is there an ssidref=... in the ''kernel'' line in the grub
title you
are booting? Can you send this line and remove the ssidref=... and try
again?
> Otherwise if this is not the case, can you send the content of
''xm
dmesg''?
>
> Stefan
> >
> > Thanks,
> >
> > Syunsuke HAYASHI
> >
> >
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
I believe that your ''managed_policies'' file is missing or empty. Please look at /etc/xen/acm-security/policies/managed_policies. If this is a new installation, I do not believe that ACM will create the ''managed_policies'' file. George On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:> Hi,Stefan > Thank you for the help. > > I was not describing an ssidref=... in grub.conf. > I show grub.conf and dmesg when I execute "xm chgpolicy > example.client_v1" command and reboot. > > ----------------------------grub.conf-------------------------------------- > # grub.conf generated by anaconda > # > # Note that you do not have to rerun grub after making changes to this file > # NOTICE: You have a /boot partition. This means that > # all kernel and initrd paths are relative to /boot/, eg. > # root (hd0,0) > # kernel /vmlinuz-version ro root=/dev/sda3 > # initrd /initrd-version.img > #boot=/dev/sda > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > hiddenmenu > title xen-unstable0827 > root (hd0,0) > kernel /xen.gz dom0_mem=1024M > module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb > module /initrd-2.6.18-xen.img > module /example.client_v1.bin > > > -----------------------------dmesg---------------------------------------- > __ __ _____ ___ _ _ _ > \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | | ___ > \ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/ __| __/ _` | ''_ \| |/ _ \ > / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | | __/ > /_/\_\___|_| |_| |____(_)___/ \__,_|_| |_|___/\__\__,_|_.__/|_|\___| > > http://www.cl.cam.ac.uk/netos/xen > University of Cambridge Computer Laboratory > > Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc version > 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007 > Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7 > > (XEN) Command line: /xen.gz dom0_mem=1024M > (XEN) Video information: > (XEN) VGA is text mode 80x25, font 8x16 > (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds > (XEN) Disc information: > (XEN) Found 1 MBR signatures > (XEN) Found 1 EDD information structures > (XEN) Xen-e820 RAM map: > (XEN) 0000000000000000 - 000000000009f000 (usable) > (XEN) 000000000009f000 - 00000000000a0000 (reserved) > (XEN) 00000000000d6000 - 00000000000d8000 (reserved) > (XEN) 00000000000e0000 - 0000000000100000 (reserved) > (XEN) 0000000000100000 - 000000007fff0000 (usable) > (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data) > (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS) > (XEN) 00000000fec00000 - 00000000fec10000 (reserved) > (XEN) 00000000fee00000 - 00000000fee01000 (reserved) > (XEN) 00000000fff80000 - 0000000100000000 (reserved) > (XEN) System RAM: 2047MB (2096700kB) > (XEN) Xen heap: 9MB (10168kB) > (XEN) Domain heap initialised: DMA width 32 bits > (XEN) PAE enabled, limit: 16 GB > (XEN) Processor #0 15:2 APIC version 20 > (XEN) Processor #1 15:2 APIC version 20 > (XEN) Processor #6 15:2 APIC version 20 > (XEN) Processor #7 15:2 APIC version 20 > (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15 > (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31 > (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47 > (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63 > (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs > (XEN) Using scheduler: SMP Credit Scheduler (credit) > (XEN) Detected 3189.437 MHz processor. > (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 1/1 eip 90000 > (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 2/6 eip 90000 > (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 3/7 eip 90000 > (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Total of 4 processors activated. > (XEN) ENABLING IO-APIC IRQs > (XEN) -> Using new ACK method > (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC > (XEN) Platform timer overflows in 234 jiffies. > (XEN) Platform timer is 3.579MHz ACPI PM Timer > (XEN) Brought up 4 CPUs > (XEN) Policy len 0x168, start at 3ffff000 - module 2. > (XEN) acm_set_policy_reference: Activating policy example.client_v1 > (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot > policy. > (XEN) *** LOADING DOMAIN 0 *** > (XEN) Xen kernel: 32-bit, PAE, lsb > (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c > (XEN) PHYSICAL MEMORY ARRANGEMENT: > (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048 pages > to be allocated) > (XEN) VIRTUAL MEMORY ARRANGEMENT: > (XEN) Loaded kernel: c0100000->c044fb7c > (XEN) Init. ramdisk: c0450000->c0bba600 > (XEN) Phys-Mach map: c0bbb000->c0cbb000 > (XEN) Start info: c0cbb000->c0cbb46c > (XEN) Page tables: c0cbc000->c0cc9000 > (XEN) Boot stack: c0cc9000->c0cca000 > (XEN) TOTAL: c0000000->c1000000 > (XEN) ENTRY ADDRESS: c0100000 > (XEN) Dom0 has maximum 4 VCPUs > (XEN) Initrd len 0x76a600, start at 0xc0450000 > (XEN) Scrubbing Free RAM: .........done. > (XEN) Xen trace buffers: disabled > (XEN) Std. Loglevel: Errors and warnings > (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings) > (XEN) Xen is relinquishing VGA console. > (XEN) *** Serial input -> DOM0 (type ''CTRL-a'' three times to switch > input to Xen). > (XEN) Freed 88kB init memory. > (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0 > (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0 > (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ! > ------------------------------------------------------------------------- > Is it good in this ? > > Syunsuke HAYASHI > > > > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007 04:00:14 AM: > > > > > Hi, > > > I have a problem about ACM module(hg.15730) > > > I want to label Domain-0. > > > I read xen user''s manual v3.0 and "man xm" information. > > > ACM document mentions how to label Domain-0. > > > But I couldn''t add the label when I tried the following steps. > > > > > > (test1) > > > #xm makepolicy example.client_v1 > > > #xm cfgbootpolicy example.client_v1 > > > #reboot > > > > > > (test2) > > > #xm setpolicy ACM example.client_v1 > > > #xm activatepolicy --boot > > > > > > (result) > > > [root@bx607 ~]# xm list --label > > > Name ID Mem VCPUs State Time(s) Label > > > Domain-0 0 1024 4 r----- 105.1 unlabeled > > > > > > So,I tried to use "xm addlabel" command. > > > > > > #xm makepolicy example.client_v1 > > > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 > > > > > > But I couldn''t again. > > > > > > Is there any good idea ? > > > > Is there an ssidref=... in the ''kernel'' line in the grub title you > are booting? Can you send this line and remove the ssidref=... and try > again? > > Otherwise if this is not the case, can you send the content of ''xm > dmesg''? > > > > Stefan > > > > > > Thanks, > > > > > > Syunsuke HAYASHI > > > > > > > > > > > > > > > _______________________________________________ > > > Xen-devel mailing list > > > Xen-devel@lists.xensource.com > > > http://lists.xensource.com/xen-devel > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Syunsuke HAYASHI
2007-Aug-30 04:49 UTC
[Xen-users] Re: [Xen-devel] Loading ACM policy in XSM
Hi, Stefan.
I tested as you said.
■"Module/example.client_b1.bin" is written in grub.conf
-----------------------------------------------------------------------
# xm list --label
Name ID Mem VCPUs State Time(s)
Label
Domain-0 0 1024 4 r----- 47.7
unlabeled
# xm getpolicy
Error: xm needs to be configured to use the xen-api.
Usage: xm getpolicy [options]
Get the policy of the system.
Usage: xm getpolicy [options]
The following options are defined
--dumpxml Display the XML of the policy
Get the policy managed by xend.
-----------------------------------------------------------------------
■"Module/example.client_b1.bin" is not written in grub.conf
-----------------------------------------------------------------------
#xm list --label
Name ID Mem VCPUs State Time(s)
Label
Domain-0 0 1024 4 r----- 46.5
DEFAULT
#xm getpolicy
Error: xm needs to be configured to use the xen-api.
Usage: xm getpolicy [options]
Get the policy of the system.
Usage: xm getpolicy [options]
The following options are defined
--dumpxml Display the XML of the policy
Get the policy managed by xend.
-----------------------------------------------------------------------
Is it good in this?
Thanks,
Syunsuke HAYASHI>
> Syunsuke HAYASHI <syunsuke@jp.fujitsu.com> wrote on 08/28/2007
09:20:44 PM:
>
> > Hi,Stefan
> > Thank you for the help.
> >
> > I was not describing an ssidref=... in grub.conf.
> > I show grub.conf and dmesg when I execute "xm chgpolicy
> > example.client_v1" command and reboot.
> >
> >
> ----------------------------grub.conf--------------------------------------
> > # grub.conf generated by anaconda
> > module /example.client_v1.bin
>
> looks good
> >
> >
> >
> -----------------------------dmesg----------------------------------------
> > __ __ _____ ___ _ _ _
> [...]
> > (XEN) Brought up 4 CPUs
> > (XEN) Policy len 0x168, start at 3ffff000 - module 2.
> > (XEN) acm_set_policy_reference: Activating policy example.client_v1
> > (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT
boot
> > policy.
>
> So at this point the policy is loaded.
> What does ''xm getpolicy'' show?
>
> You seem to have XSM as a patch applied to Xen - what happens if you do
> this without XSM applied?
>
> Stefan
>
> > [...]
> > Is it good in this ?
> >
> > Syunsuke HAYASHI
> > >
> > > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007
04:00:14 AM:
> > >
> > > > Hi,
> > > > I have a problem about ACM module(hg.15730)
> > > > I want to label Domain-0.
> > > > I read xen user''s manual v3.0 and "man
xm" information.
> > > > ACM document mentions how to label Domain-0.
> > > > But I couldn''t add the label when I tried the
following steps.
> > > >
> > > > (test1)
> > > > #xm makepolicy example.client_v1
> > > > #xm cfgbootpolicy example.client_v1
> > > > #reboot
> > > >
> > > > (test2)
> > > > #xm setpolicy ACM example.client_v1
> > > > #xm activatepolicy --boot
> > > >
> > > > (result)
> > > > [root@bx607 ~]# xm list --label
> > > > Name ID Mem VCPUs State Time(s) Label
> > > > Domain-0 0 1024 4 r----- 105.1 unlabeled
> > > >
> > > > So,I tried to use "xm addlabel" command.
> > > >
> > > > #xm makepolicy example.client_v1
> > > > #xm addlabel dom_SystemManagement mgt Domain-0
example.client_v1
> > > >
> > > > But I couldn''t again.
> > > >
> > > > Is there any good idea ?
> > >
> > > Is there an ssidref=... in the ''kernel'' line
in the grub title you are
> > > booting? Can you send this line and remove the ssidref=... and
try
> again?
> > > Otherwise if this is not the case, can you send the content of
''xm
> dmesg''?
> > >
> > > Stefan
> > > >
> > > > Thanks,
> > > >
> > > > Syunsuke HAYASHI
> > > >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Xen-devel mailing list
> > > > Xen-devel@lists.xensource.com
> > > > http://lists.xensource.com/xen-devel
> >
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users
Hi, George.
I checked it as George said.
"Managed-policy" file is put on/etc/xen/acm-security/policies/example/
.
It shows following steps.
--1--
#pwd
/etc/xen/acm-security/policies/example
#ls
client_v1-security_policy.xml client_v1.bin client_v1.map
test-security_policy.xml
--2--
#xm makepolicy example.client_v1 <---- looks good
#xm cfgbootpolicy example.client_v1 <---- looks good
Boot entry ''xen-unstable0827'' extended and
''example.client_v1.bin''
copied to /boot
--3--
#cat /etc/grub.conf
title xen-unstable0827
root (hd0,0)
kernel /xen.gz dom0_mem=1024M
module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
module /initrd-2.6.18-xen.img
module /example.client_v1.bin
#cd /boot
#ls
System.map-2.6.18-xen initrd-2.6.18-xen.img
vmlinuz-2.6.21-1.3194.fc7
System.map-2.6.21-1.3194.fc7 initrd-2.6.18-xenU.img
xen-3.0-unstable.gz
client_v1.bin initrd-2.6.21-1.3194.fc7.img xen-3.0.gz
config-2.6.18-xen lost+found xen-3.gz
config-2.6.21-1.3194.fc7 vmlinux-syms-2.6.18-xen
xen-syms-3.0-unstable
example.test.bin vmlinuz-2.6-xen xen.gz
grub vmlinuz-2.6.18-xen
example.client_v1.bin
--4--
#xm list --label <-- I think the failure.
Name ID Mem VCPUs State Time(s) Label
Domain-0 0 1024 4 r----- 98.4 unlabeled
Is there any good idea ?
Thanks,
Syunsuke HAYASHI
> I believe that your ''managed_policies'' file is missing or
empty. Please
> look at /etc/xen/acm-security/policies/managed_policies. If this is a
> new installation, I do not believe that ACM will create the
> ''managed_policies'' file.
>
> George
>
> On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
>> Hi,Stefan
>> Thank you for the help.
>>
>> I was not describing an ssidref=... in grub.conf.
>> I show grub.conf and dmesg when I execute "xm chgpolicy
>> example.client_v1" command and reboot.
>>
>>
----------------------------grub.conf--------------------------------------
>> # grub.conf generated by anaconda
>> #
>> # Note that you do not have to rerun grub after making changes to this
file
>> # NOTICE: You have a /boot partition. This means that
>> # all kernel and initrd paths are relative to /boot/, eg.
>> # root (hd0,0)
>> # kernel /vmlinuz-version ro root=/dev/sda3
>> # initrd /initrd-version.img
>> #boot=/dev/sda
>> default=0
>> timeout=5
>> splashimage=(hd0,0)/grub/splash.xpm.gz
>> hiddenmenu
>> title xen-unstable0827
>> root (hd0,0)
>> kernel /xen.gz dom0_mem=1024M
>> module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
>> module /initrd-2.6.18-xen.img
>> module /example.client_v1.bin
>>
>>
>>
-----------------------------dmesg----------------------------------------
>> __ __ _____ ___ _ _ _
>> \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | |
___
>> \ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/ __|
__/ _` | ''_ \| |/ _ \
>> / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | |
__/
>> /_/\_\___|_| |_| |____(_)___/ \__,_|_|
|_|___/\__\__,_|_.__/|_|\___|
>>
>> http://www.cl.cam.ac.uk/netos/xen
>> University of Cambridge Computer Laboratory
>>
>> Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc version
>> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
>> Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
>>
>> (XEN) Command line: /xen.gz dom0_mem=1024M
>> (XEN) Video information:
>> (XEN) VGA is text mode 80x25, font 8x16
>> (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds
>> (XEN) Disc information:
>> (XEN) Found 1 MBR signatures
>> (XEN) Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN) 0000000000000000 - 000000000009f000 (usable)
>> (XEN) 000000000009f000 - 00000000000a0000 (reserved)
>> (XEN) 00000000000d6000 - 00000000000d8000 (reserved)
>> (XEN) 00000000000e0000 - 0000000000100000 (reserved)
>> (XEN) 0000000000100000 - 000000007fff0000 (usable)
>> (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data)
>> (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS)
>> (XEN) 00000000fec00000 - 00000000fec10000 (reserved)
>> (XEN) 00000000fee00000 - 00000000fee01000 (reserved)
>> (XEN) 00000000fff80000 - 0000000100000000 (reserved)
>> (XEN) System RAM: 2047MB (2096700kB)
>> (XEN) Xen heap: 9MB (10168kB)
>> (XEN) Domain heap initialised: DMA width 32 bits
>> (XEN) PAE enabled, limit: 16 GB
>> (XEN) Processor #0 15:2 APIC version 20
>> (XEN) Processor #1 15:2 APIC version 20
>> (XEN) Processor #6 15:2 APIC version 20
>> (XEN) Processor #7 15:2 APIC version 20
>> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
>> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
>> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
>> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
>> (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Detected 3189.437 MHz processor.
>> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 1/1 eip 90000
>> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 2/6 eip 90000
>> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 3/7 eip 90000
>> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Total of 4 processors activated.
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN) -> Using new ACK method
>> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
>> (XEN) Platform timer overflows in 234 jiffies.
>> (XEN) Platform timer is 3.579MHz ACPI PM Timer
>> (XEN) Brought up 4 CPUs
>> (XEN) Policy len 0x168, start at 3ffff000 - module 2.
>> (XEN) acm_set_policy_reference: Activating policy example.client_v1
>> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot
>> policy.
>> (XEN) *** LOADING DOMAIN 0 ***
>> (XEN) Xen kernel: 32-bit, PAE, lsb
>> (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048
pages
>> to be allocated)
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN) Loaded kernel: c0100000->c044fb7c
>> (XEN) Init. ramdisk: c0450000->c0bba600
>> (XEN) Phys-Mach map: c0bbb000->c0cbb000
>> (XEN) Start info: c0cbb000->c0cbb46c
>> (XEN) Page tables: c0cbc000->c0cc9000
>> (XEN) Boot stack: c0cc9000->c0cca000
>> (XEN) TOTAL: c0000000->c1000000
>> (XEN) ENTRY ADDRESS: c0100000
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initrd len 0x76a600, start at 0xc0450000
>> (XEN) Scrubbing Free RAM: .........done.
>> (XEN) Xen trace buffers: disabled
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type ''CTRL-a''
three times to switch
>> input to Xen).
>> (XEN) Freed 88kB init memory.
>> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
>> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
>> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
>>
-------------------------------------------------------------------------
>> Is it good in this ?
>>
>> Syunsuke HAYASHI
>> >
>> > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007
04:00:14 AM:
>> >
>> > > Hi,
>> > > I have a problem about ACM module(hg.15730)
>> > > I want to label Domain-0.
>> > > I read xen user''s manual v3.0 and "man
xm" information.
>> > > ACM document mentions how to label Domain-0.
>> > > But I couldn''t add the label when I tried the
following steps.
>> > >
>> > > (test1)
>> > > #xm makepolicy example.client_v1
>> > > #xm cfgbootpolicy example.client_v1
>> > > #reboot
>> > >
>> > > (test2)
>> > > #xm setpolicy ACM example.client_v1
>> > > #xm activatepolicy --boot
>> > >
>> > > (result)
>> > > [root@bx607 ~]# xm list --label
>> > > Name ID Mem VCPUs State Time(s) Label
>> > > Domain-0 0 1024 4 r----- 105.1 unlabeled
>> > >
>> > > So,I tried to use "xm addlabel" command.
>> > >
>> > > #xm makepolicy example.client_v1
>> > > #xm addlabel dom_SystemManagement mgt Domain-0
example.client_v1
>> > >
>> > > But I couldn''t again.
>> > >
>> > > Is there any good idea ?
>> >
>> > Is there an ssidref=... in the ''kernel'' line in
the grub title you
>> are booting? Can you send this line and remove the ssidref=... and try
>> again?
>> > Otherwise if this is not the case, can you send the content of
''xm
>> dmesg''?
>> >
>> > Stefan
>> > >
>> > > Thanks,
>> > >
>> > > Syunsuke HAYASHI
>> > >
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Xen-devel mailing list
>> > > Xen-devel@lists.xensource.com
>> > > http://lists.xensource.com/xen-devel
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Syunsuke HAYASHI
2007-Sep-11 10:28 UTC
Re: [Xen-users] Re: [Xen-devel] Loading ACM policy in XSM
Hi
Thank you for the help.
I have a question about how to make ''managed_policies''.
I understood that ''managed_policies was made from "xm
setpolicy" command.
But I don''t know how to call "xm setpolicy" from
''Xen-api''.
How should I call it ?
--------------------------------xm setpolicy----------------------------
#xm setpolicy ACM example.client_v1 --boot
Error: xm needs to be configured to use the xen-api.
Usage: xm setpolicy <policytype> <policyfile> [options]
Set the policy of the system.
Usage: xm setpolicy <policytype> <policy> [options]
Set the policy managed by xend.
The only policytype that is currently supported is ''ACM''.
The following options are defined
--load Load the policy immediately
--boot Have the system load the policy during boot
--update Automatically adapt the policy so that it will be
treated as an update to the current policy
--------------------------------------------------------------------------
Thanks,
Syunsuke HAYASHI> I believe that your ''managed_policies'' file is missing or
empty. Please
> look at /etc/xen/acm-security/policies/managed_policies. If this is a
> new installation, I do not believe that ACM will create the
> ''managed_policies'' file.
>
> George
>
> On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
>> Hi,Stefan
>> Thank you for the help.
>>
>> I was not describing an ssidref=... in grub.conf.
>> I show grub.conf and dmesg when I execute "xm chgpolicy
>> example.client_v1" command and reboot.
>>
>>
----------------------------grub.conf--------------------------------------
>> # grub.conf generated by anaconda
>> #
>> # Note that you do not have to rerun grub after making changes to this
file
>> # NOTICE: You have a /boot partition. This means that
>> # all kernel and initrd paths are relative to /boot/, eg.
>> # root (hd0,0)
>> # kernel /vmlinuz-version ro root=/dev/sda3
>> # initrd /initrd-version.img
>> #boot=/dev/sda
>> default=0
>> timeout=5
>> splashimage=(hd0,0)/grub/splash.xpm.gz
>> hiddenmenu
>> title xen-unstable0827
>> root (hd0,0)
>> kernel /xen.gz dom0_mem=1024M
>> module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
>> module /initrd-2.6.18-xen.img
>> module /example.client_v1.bin
>>
>>
>>
-----------------------------dmesg----------------------------------------
>> __ __ _____ ___ _ _ _
>> \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | |
___
>> \ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/ __|
__/ _` | ''_ \| |/ _ \
>> / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | |
__/
>> /_/\_\___|_| |_| |____(_)___/ \__,_|_|
|_|___/\__\__,_|_.__/|_|\___|
>>
>> http://www.cl.cam.ac.uk/netos/xen
>> University of Cambridge Computer Laboratory
>>
>> Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc version
>> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
>> Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7
>>
>> (XEN) Command line: /xen.gz dom0_mem=1024M
>> (XEN) Video information:
>> (XEN) VGA is text mode 80x25, font 8x16
>> (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds
>> (XEN) Disc information:
>> (XEN) Found 1 MBR signatures
>> (XEN) Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN) 0000000000000000 - 000000000009f000 (usable)
>> (XEN) 000000000009f000 - 00000000000a0000 (reserved)
>> (XEN) 00000000000d6000 - 00000000000d8000 (reserved)
>> (XEN) 00000000000e0000 - 0000000000100000 (reserved)
>> (XEN) 0000000000100000 - 000000007fff0000 (usable)
>> (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data)
>> (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS)
>> (XEN) 00000000fec00000 - 00000000fec10000 (reserved)
>> (XEN) 00000000fee00000 - 00000000fee01000 (reserved)
>> (XEN) 00000000fff80000 - 0000000100000000 (reserved)
>> (XEN) System RAM: 2047MB (2096700kB)
>> (XEN) Xen heap: 9MB (10168kB)
>> (XEN) Domain heap initialised: DMA width 32 bits
>> (XEN) PAE enabled, limit: 16 GB
>> (XEN) Processor #0 15:2 APIC version 20
>> (XEN) Processor #1 15:2 APIC version 20
>> (XEN) Processor #6 15:2 APIC version 20
>> (XEN) Processor #7 15:2 APIC version 20
>> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15
>> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31
>> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47
>> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63
>> (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Detected 3189.437 MHz processor.
>> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 1/1 eip 90000
>> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 2/6 eip 90000
>> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Booting processor 3/7 eip 90000
>> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
>> (XEN) Total of 4 processors activated.
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN) -> Using new ACK method
>> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
>> (XEN) Platform timer overflows in 234 jiffies.
>> (XEN) Platform timer is 3.579MHz ACPI PM Timer
>> (XEN) Brought up 4 CPUs
>> (XEN) Policy len 0x168, start at 3ffff000 - module 2.
>> (XEN) acm_set_policy_reference: Activating policy example.client_v1
>> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot
>> policy.
>> (XEN) *** LOADING DOMAIN 0 ***
>> (XEN) Xen kernel: 32-bit, PAE, lsb
>> (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048
pages
>> to be allocated)
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN) Loaded kernel: c0100000->c044fb7c
>> (XEN) Init. ramdisk: c0450000->c0bba600
>> (XEN) Phys-Mach map: c0bbb000->c0cbb000
>> (XEN) Start info: c0cbb000->c0cbb46c
>> (XEN) Page tables: c0cbc000->c0cc9000
>> (XEN) Boot stack: c0cc9000->c0cca000
>> (XEN) TOTAL: c0000000->c1000000
>> (XEN) ENTRY ADDRESS: c0100000
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initrd len 0x76a600, start at 0xc0450000
>> (XEN) Scrubbing Free RAM: .........done.
>> (XEN) Xen trace buffers: disabled
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type ''CTRL-a''
three times to switch
>> input to Xen).
>> (XEN) Freed 88kB init memory.
>> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
>> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
>> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ!
>>
-------------------------------------------------------------------------
>> Is it good in this ?
>>
>> Syunsuke HAYASHI
>> >
>> > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007
04:00:14 AM:
>> >
>> > > Hi,
>> > > I have a problem about ACM module(hg.15730)
>> > > I want to label Domain-0.
>> > > I read xen user''s manual v3.0 and "man
xm" information.
>> > > ACM document mentions how to label Domain-0.
>> > > But I couldn''t add the label when I tried the
following steps.
>> > >
>> > > (test1)
>> > > #xm makepolicy example.client_v1
>> > > #xm cfgbootpolicy example.client_v1
>> > > #reboot
>> > >
>> > > (test2)
>> > > #xm setpolicy ACM example.client_v1
>> > > #xm activatepolicy --boot
>> > >
>> > > (result)
>> > > [root@bx607 ~]# xm list --label
>> > > Name ID Mem VCPUs State Time(s) Label
>> > > Domain-0 0 1024 4 r----- 105.1 unlabeled
>> > >
>> > > So,I tried to use "xm addlabel" command.
>> > >
>> > > #xm makepolicy example.client_v1
>> > > #xm addlabel dom_SystemManagement mgt Domain-0
example.client_v1
>> > >
>> > > But I couldn''t again.
>> > >
>> > > Is there any good idea ?
>> >
>> > Is there an ssidref=... in the ''kernel'' line in
the grub title you
>> are booting? Can you send this line and remove the ssidref=... and try
>> again?
>> > Otherwise if this is not the case, can you send the content of
''xm
>> dmesg''?
>> >
>> > Stefan
>> > >
>> > > Thanks,
>> > >
>> > > Syunsuke HAYASHI
>> > >
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > Xen-devel mailing list
>> > > Xen-devel@lists.xensource.com
>> > > http://lists.xensource.com/xen-devel
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
George S. Coker, II
2007-Sep-11 22:05 UTC
Re: [Xen-users] Re: [Xen-devel] Loading ACM policy in XSM
You need to make sure that xm and xend are setup for xen-api. On my
system I had to use the -xenapi config files in /etc/xen.
You could also create a managed_policies file by hand. The format of
the file is:
managed_policies = {
''7bd38df8-3f0c-a97d-cf54-fcbd98f7cb35'':
(u''example.client_v1'',
''ACM''),
''7bd38df8-3f0c-a97d-cf54-fcbd98f7cb36'':
(u''example.test'', ''ACM''),
}
On Tue, 2007-09-11 at 19:28 +0900, Syunsuke HAYASHI wrote:
> Hi
> Thank you for the help.
>
> I have a question about how to make ''managed_policies''.
> I understood that ''managed_policies was made from "xm
setpolicy" command.
> But I don''t know how to call "xm setpolicy" from
''Xen-api''.
>
> How should I call it ?
>
> --------------------------------xm setpolicy----------------------------
> #xm setpolicy ACM example.client_v1 --boot
>
> Error: xm needs to be configured to use the xen-api.
> Usage: xm setpolicy <policytype> <policyfile> [options]
> Set the policy of the system.
> Usage: xm setpolicy <policytype> <policy> [options]
>
> Set the policy managed by xend.
>
> The only policytype that is currently supported is
''ACM''.
>
> The following options are defined
> --load Load the policy immediately
> --boot Have the system load the policy during boot
> --update Automatically adapt the policy so that it will be
> treated as an update to the current policy
> --------------------------------------------------------------------------
>
> Thanks,
>
> Syunsuke HAYASHI
> > I believe that your ''managed_policies'' file is
missing or empty. Please
> > look at /etc/xen/acm-security/policies/managed_policies. If this is a
> > new installation, I do not believe that ACM will create the
> > ''managed_policies'' file.
> >
> > George
> >
> > On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote:
> >> Hi,Stefan
> >> Thank you for the help.
> >>
> >> I was not describing an ssidref=... in grub.conf.
> >> I show grub.conf and dmesg when I execute "xm chgpolicy
> >> example.client_v1" command and reboot.
> >>
> >>
----------------------------grub.conf--------------------------------------
> >> # grub.conf generated by anaconda
> >> #
> >> # Note that you do not have to rerun grub after making changes to
this file
> >> # NOTICE: You have a /boot partition. This means that
> >> # all kernel and initrd paths are relative to /boot/, eg.
> >> # root (hd0,0)
> >> # kernel /vmlinuz-version ro root=/dev/sda3
> >> # initrd /initrd-version.img
> >> #boot=/dev/sda
> >> default=0
> >> timeout=5
> >> splashimage=(hd0,0)/grub/splash.xpm.gz
> >> hiddenmenu
> >> title xen-unstable0827
> >> root (hd0,0)
> >> kernel /xen.gz dom0_mem=1024M
> >> module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb
> >> module /initrd-2.6.18-xen.img
> >> module /example.client_v1.bin
> >>
> >>
> >>
-----------------------------dmesg----------------------------------------
> >> __ __ _____ ___ _ _
_
> >> \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ |
| ___
> >> \ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/
__| __/ _` | ''_ \| |/ _ \
> >> / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) |
| __/
> >> /_/\_\___|_| |_| |____(_)___/ \__,_|_|
|_|___/\__\__,_|_.__/|_|\___|
> >>
> >> http://www.cl.cam.ac.uk/netos/xen
> >> University of Cambridge Computer Laboratory
> >>
> >> Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc
version
> >> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007
> >> Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100
15730:256160ff19b7
> >>
> >> (XEN) Command line: /xen.gz dom0_mem=1024M
> >> (XEN) Video information:
> >> (XEN) VGA is text mode 80x25, font 8x16
> >> (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds
> >> (XEN) Disc information:
> >> (XEN) Found 1 MBR signatures
> >> (XEN) Found 1 EDD information structures
> >> (XEN) Xen-e820 RAM map:
> >> (XEN) 0000000000000000 - 000000000009f000 (usable)
> >> (XEN) 000000000009f000 - 00000000000a0000 (reserved)
> >> (XEN) 00000000000d6000 - 00000000000d8000 (reserved)
> >> (XEN) 00000000000e0000 - 0000000000100000 (reserved)
> >> (XEN) 0000000000100000 - 000000007fff0000 (usable)
> >> (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data)
> >> (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS)
> >> (XEN) 00000000fec00000 - 00000000fec10000 (reserved)
> >> (XEN) 00000000fee00000 - 00000000fee01000 (reserved)
> >> (XEN) 00000000fff80000 - 0000000100000000 (reserved)
> >> (XEN) System RAM: 2047MB (2096700kB)
> >> (XEN) Xen heap: 9MB (10168kB)
> >> (XEN) Domain heap initialised: DMA width 32 bits
> >> (XEN) PAE enabled, limit: 16 GB
> >> (XEN) Processor #0 15:2 APIC version 20
> >> (XEN) Processor #1 15:2 APIC version 20
> >> (XEN) Processor #6 15:2 APIC version 20
> >> (XEN) Processor #7 15:2 APIC version 20
> >> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI
0-15
> >> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI
16-31
> >> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI
32-47
> >> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI
48-63
> >> (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs
> >> (XEN) Using scheduler: SMP Credit Scheduler (credit)
> >> (XEN) Detected 3189.437 MHz processor.
> >> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> >> (XEN) Booting processor 1/1 eip 90000
> >> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> >> (XEN) Booting processor 2/6 eip 90000
> >> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> >> (XEN) Booting processor 3/7 eip 90000
> >> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05
> >> (XEN) Total of 4 processors activated.
> >> (XEN) ENABLING IO-APIC IRQs
> >> (XEN) -> Using new ACK method
> >> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC
> >> (XEN) Platform timer overflows in 234 jiffies.
> >> (XEN) Platform timer is 3.579MHz ACPI PM Timer
> >> (XEN) Brought up 4 CPUs
> >> (XEN) Policy len 0x168, start at 3ffff000 - module 2.
> >> (XEN) acm_set_policy_reference: Activating policy
example.client_v1
> >> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT
boot
> >> policy.
> >> (XEN) *** LOADING DOMAIN 0 ***
> >> (XEN) Xen kernel: 32-bit, PAE, lsb
> >> (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 ->
0xc044fb7c
> >> (XEN) PHYSICAL MEMORY ARRANGEMENT:
> >> (XEN) Dom0 alloc.: 000000003e000000->000000003f000000
(258048 pages
> >> to be allocated)
> >> (XEN) VIRTUAL MEMORY ARRANGEMENT:
> >> (XEN) Loaded kernel: c0100000->c044fb7c
> >> (XEN) Init. ramdisk: c0450000->c0bba600
> >> (XEN) Phys-Mach map: c0bbb000->c0cbb000
> >> (XEN) Start info: c0cbb000->c0cbb46c
> >> (XEN) Page tables: c0cbc000->c0cc9000
> >> (XEN) Boot stack: c0cc9000->c0cca000
> >> (XEN) TOTAL: c0000000->c1000000
> >> (XEN) ENTRY ADDRESS: c0100000
> >> (XEN) Dom0 has maximum 4 VCPUs
> >> (XEN) Initrd len 0x76a600, start at 0xc0450000
> >> (XEN) Scrubbing Free RAM: .........done.
> >> (XEN) Xen trace buffers: disabled
> >> (XEN) Std. Loglevel: Errors and warnings
> >> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
> >> (XEN) Xen is relinquishing VGA console.
> >> (XEN) *** Serial input -> DOM0 (type ''CTRL-a''
three times to switch
> >> input to Xen).
> >> (XEN) Freed 88kB init memory.
> >> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0
> >> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0
> >> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use
IRQ!
> >>
-------------------------------------------------------------------------
> >> Is it good in this ?
> >>
> >> Syunsuke HAYASHI
> >> >
> >> > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007
04:00:14 AM:
> >> >
> >> > > Hi,
> >> > > I have a problem about ACM module(hg.15730)
> >> > > I want to label Domain-0.
> >> > > I read xen user''s manual v3.0 and "man
xm" information.
> >> > > ACM document mentions how to label Domain-0.
> >> > > But I couldn''t add the label when I tried the
following steps.
> >> > >
> >> > > (test1)
> >> > > #xm makepolicy example.client_v1
> >> > > #xm cfgbootpolicy example.client_v1
> >> > > #reboot
> >> > >
> >> > > (test2)
> >> > > #xm setpolicy ACM example.client_v1
> >> > > #xm activatepolicy --boot
> >> > >
> >> > > (result)
> >> > > [root@bx607 ~]# xm list --label
> >> > > Name ID Mem VCPUs State Time(s) Label
> >> > > Domain-0 0 1024 4 r----- 105.1
unlabeled
> >> > >
> >> > > So,I tried to use "xm addlabel" command.
> >> > >
> >> > > #xm makepolicy example.client_v1
> >> > > #xm addlabel dom_SystemManagement mgt Domain-0
example.client_v1
> >> > >
> >> > > But I couldn''t again.
> >> > >
> >> > > Is there any good idea ?
> >> >
> >> > Is there an ssidref=... in the ''kernel''
line in the grub title you
> >> are booting? Can you send this line and remove the ssidref=... and
try
> >> again?
> >> > Otherwise if this is not the case, can you send the content
of ''xm
> >> dmesg''?
> >> >
> >> > Stefan
> >> > >
> >> > > Thanks,
> >> > >
> >> > > Syunsuke HAYASHI
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > _______________________________________________
> >> > > Xen-devel mailing list
> >> > > Xen-devel@lists.xensource.com
> >> > > http://lists.xensource.com/xen-devel
> >>
> >>
> >> _______________________________________________
> >> Xen-devel mailing list
> >> Xen-devel@lists.xensource.com
> >> http://lists.xensource.com/xen-devel
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@lists.xensource.com
> > http://lists.xensource.com/xen-users
>
--
George S. Coker, II <gscoker@alpha.ncsc.mil> 443-479-6944
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Syunsuke HAYASHI
2007-Sep-12 07:23 UTC
Re: [Xen-users] Re: [Xen-devel] Loading ACM policy in XSM
Hi, George. I triedd it as George said. #ls /etc/xen/acm-security/policies/ client_v1-security_policy.xml default-ul-security_policy.xml managed_policies security_policy.xsd default-security_policy.xml example resource_labels test-security_policy.xml #xm list --label Name ID Mem VCPUs State Time(s) Label Domain-0 0 1024 2 r----- 86.1 ACM:example.client_v1:dom_SystemManagement #xm create vm1.conf Using config file "./vm1.conf". Started domain vm1 #xm list --label Name ID Mem VCPUs State Time(s) Label vm1 1 128 1 r----- 4.7 ACM:example.client_v1:dom_HomeBanking Domain-0 0 1024 2 r----- 94.6 ACM:example.client_v1:dom_SystemManagement It looks good. Thank you for your help. Syunsuke HAYASHI> You need to make sure that xm and xend are setup for xen-api. On my > system I had to use the -xenapi config files in /etc/xen. > > You could also create a managed_policies file by hand. The format of > the file is: > > managed_policies = { > ''7bd38df8-3f0c-a97d-cf54-fcbd98f7cb35'': (u''example.client_v1'', > ''ACM''), > ''7bd38df8-3f0c-a97d-cf54-fcbd98f7cb36'': (u''example.test'', ''ACM''), > } > > On Tue, 2007-09-11 at 19:28 +0900, Syunsuke HAYASHI wrote: >> Hi >> Thank you for the help. >> >> I have a question about how to make ''managed_policies''. >> I understood that ''managed_policies was made from "xm setpolicy" command. >> But I don''t know how to call "xm setpolicy" from ''Xen-api''. >> >> How should I call it ? >> >> --------------------------------xm setpolicy---------------------------- >> #xm setpolicy ACM example.client_v1 --boot >> >> Error: xm needs to be configured to use the xen-api. >> Usage: xm setpolicy <policytype> <policyfile> [options] >> Set the policy of the system. >> Usage: xm setpolicy <policytype> <policy> [options] >> >> Set the policy managed by xend. >> >> The only policytype that is currently supported is ''ACM''. >> >> The following options are defined >> --load Load the policy immediately >> --boot Have the system load the policy during boot >> --update Automatically adapt the policy so that it will be >> treated as an update to the current policy >> -------------------------------------------------------------------------- >> >> Thanks, >> >> Syunsuke HAYASHI >>> I believe that your ''managed_policies'' file is missing or empty. Please >>> look at /etc/xen/acm-security/policies/managed_policies. If this is a >>> new installation, I do not believe that ACM will create the >>> ''managed_policies'' file. >>> >>> George >>> >>> On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote: >>>> Hi,Stefan >>>> Thank you for the help. >>>> >>>> I was not describing an ssidref=... in grub.conf. >>>> I show grub.conf and dmesg when I execute "xm chgpolicy >>>> example.client_v1" command and reboot. >>>> >>>> ----------------------------grub.conf-------------------------------------- >>>> # grub.conf generated by anaconda >>>> # >>>> # Note that you do not have to rerun grub after making changes to this file >>>> # NOTICE: You have a /boot partition. This means that >>>> # all kernel and initrd paths are relative to /boot/, eg. >>>> # root (hd0,0) >>>> # kernel /vmlinuz-version ro root=/dev/sda3 >>>> # initrd /initrd-version.img >>>> #boot=/dev/sda >>>> default=0 >>>> timeout=5 >>>> splashimage=(hd0,0)/grub/splash.xpm.gz >>>> hiddenmenu >>>> title xen-unstable0827 >>>> root (hd0,0) >>>> kernel /xen.gz dom0_mem=1024M >>>> module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb >>>> module /initrd-2.6.18-xen.img >>>> module /example.client_v1.bin >>>> >>>> >>>> -----------------------------dmesg---------------------------------------- >>>> __ __ _____ ___ _ _ _ >>>> \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | | ___ >>>> \ // _ \ ''_ \ |_ \| | | |__| | | | ''_ \/ __| __/ _` | ''_ \| |/ _ \ >>>> / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | | __/ >>>> /_/\_\___|_| |_| |____(_)___/ \__,_|_| |_|___/\__\__,_|_.__/|_|\___| >>>> >>>> http://www.cl.cam.ac.uk/netos/xen >>>> University of Cambridge Computer Laboratory >>>> >>>> Xen version 3.0-unstable (root@sky.yk.fujitsu.co.jp) (gcc version >>>> 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007 >>>> Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7 >>>> >>>> (XEN) Command line: /xen.gz dom0_mem=1024M >>>> (XEN) Video information: >>>> (XEN) VGA is text mode 80x25, font 8x16 >>>> (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds >>>> (XEN) Disc information: >>>> (XEN) Found 1 MBR signatures >>>> (XEN) Found 1 EDD information structures >>>> (XEN) Xen-e820 RAM map: >>>> (XEN) 0000000000000000 - 000000000009f000 (usable) >>>> (XEN) 000000000009f000 - 00000000000a0000 (reserved) >>>> (XEN) 00000000000d6000 - 00000000000d8000 (reserved) >>>> (XEN) 00000000000e0000 - 0000000000100000 (reserved) >>>> (XEN) 0000000000100000 - 000000007fff0000 (usable) >>>> (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data) >>>> (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS) >>>> (XEN) 00000000fec00000 - 00000000fec10000 (reserved) >>>> (XEN) 00000000fee00000 - 00000000fee01000 (reserved) >>>> (XEN) 00000000fff80000 - 0000000100000000 (reserved) >>>> (XEN) System RAM: 2047MB (2096700kB) >>>> (XEN) Xen heap: 9MB (10168kB) >>>> (XEN) Domain heap initialised: DMA width 32 bits >>>> (XEN) PAE enabled, limit: 16 GB >>>> (XEN) Processor #0 15:2 APIC version 20 >>>> (XEN) Processor #1 15:2 APIC version 20 >>>> (XEN) Processor #6 15:2 APIC version 20 >>>> (XEN) Processor #7 15:2 APIC version 20 >>>> (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15 >>>> (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31 >>>> (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47 >>>> (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63 >>>> (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs >>>> (XEN) Using scheduler: SMP Credit Scheduler (credit) >>>> (XEN) Detected 3189.437 MHz processor. >>>> (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 >>>> (XEN) Booting processor 1/1 eip 90000 >>>> (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 >>>> (XEN) Booting processor 2/6 eip 90000 >>>> (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 >>>> (XEN) Booting processor 3/7 eip 90000 >>>> (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 >>>> (XEN) Total of 4 processors activated. >>>> (XEN) ENABLING IO-APIC IRQs >>>> (XEN) -> Using new ACK method >>>> (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC >>>> (XEN) Platform timer overflows in 234 jiffies. >>>> (XEN) Platform timer is 3.579MHz ACPI PM Timer >>>> (XEN) Brought up 4 CPUs >>>> (XEN) Policy len 0x168, start at 3ffff000 - module 2. >>>> (XEN) acm_set_policy_reference: Activating policy example.client_v1 >>>> (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot >>>> policy. >>>> (XEN) *** LOADING DOMAIN 0 *** >>>> (XEN) Xen kernel: 32-bit, PAE, lsb >>>> (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c >>>> (XEN) PHYSICAL MEMORY ARRANGEMENT: >>>> (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048 pages >>>> to be allocated) >>>> (XEN) VIRTUAL MEMORY ARRANGEMENT: >>>> (XEN) Loaded kernel: c0100000->c044fb7c >>>> (XEN) Init. ramdisk: c0450000->c0bba600 >>>> (XEN) Phys-Mach map: c0bbb000->c0cbb000 >>>> (XEN) Start info: c0cbb000->c0cbb46c >>>> (XEN) Page tables: c0cbc000->c0cc9000 >>>> (XEN) Boot stack: c0cc9000->c0cca000 >>>> (XEN) TOTAL: c0000000->c1000000 >>>> (XEN) ENTRY ADDRESS: c0100000 >>>> (XEN) Dom0 has maximum 4 VCPUs >>>> (XEN) Initrd len 0x76a600, start at 0xc0450000 >>>> (XEN) Scrubbing Free RAM: .........done. >>>> (XEN) Xen trace buffers: disabled >>>> (XEN) Std. Loglevel: Errors and warnings >>>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings) >>>> (XEN) Xen is relinquishing VGA console. >>>> (XEN) *** Serial input -> DOM0 (type ''CTRL-a'' three times to switch >>>> input to Xen). >>>> (XEN) Freed 88kB init memory. >>>> (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0 >>>> (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0 >>>> (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ! >>>> ------------------------------------------------------------------------- >>>> Is it good in this ? >>>> >>>> Syunsuke HAYASHI >>>> > >>>> > xen-devel-bounces@lists.xensource.com wrote on 08/27/2007 04:00:14 AM: >>>> > >>>> > > Hi, >>>> > > I have a problem about ACM module(hg.15730) >>>> > > I want to label Domain-0. >>>> > > I read xen user''s manual v3.0 and "man xm" information. >>>> > > ACM document mentions how to label Domain-0. >>>> > > But I couldn''t add the label when I tried the following steps. >>>> > > >>>> > > (test1) >>>> > > #xm makepolicy example.client_v1 >>>> > > #xm cfgbootpolicy example.client_v1 >>>> > > #reboot >>>> > > >>>> > > (test2) >>>> > > #xm setpolicy ACM example.client_v1 >>>> > > #xm activatepolicy --boot >>>> > > >>>> > > (result) >>>> > > [root@bx607 ~]# xm list --label >>>> > > Name ID Mem VCPUs State Time(s) Label >>>> > > Domain-0 0 1024 4 r----- 105.1 unlabeled >>>> > > >>>> > > So,I tried to use "xm addlabel" command. >>>> > > >>>> > > #xm makepolicy example.client_v1 >>>> > > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 >>>> > > >>>> > > But I couldn''t again. >>>> > > >>>> > > Is there any good idea ? >>>> > >>>> > Is there an ssidref=... in the ''kernel'' line in the grub title you >>>> are booting? Can you send this line and remove the ssidref=... and try >>>> again? >>>> > Otherwise if this is not the case, can you send the content of ''xm >>>> dmesg''? >>>> > >>>> > Stefan >>>> > > >>>> > > Thanks, >>>> > > >>>> > > Syunsuke HAYASHI >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > _______________________________________________ >>>> > > Xen-devel mailing list >>>> > > Xen-devel@lists.xensource.com >>>> > > http://lists.xensource.com/xen-devel >>>> >>>> >>>> _______________________________________________ >>>> Xen-devel mailing list >>>> Xen-devel@lists.xensource.com >>>> http://lists.xensource.com/xen-devel >>> _______________________________________________ >>> Xen-users mailing list >>> Xen-users@lists.xensource.com >>> http://lists.xensource.com/xen-users_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel