Xen users - Aug 2008 - ACM errors -- CentOS 5.2 and Xen 3.2.1 incompatibility?

Has anyone seen the following errors on CentOS 5.2 with Xen 3.2.1:

# xm list
ACMError: Policy file
''/etc/xen/acm-security/policies/-security_policy.xml'' not
found.
# xm dmesg
Error: (13, ''Permission denied'')


I get these every time I do the following:

1. Default install of CentOS 5.2 on Intel DQ35 motherboard system
2. Install mercurial
3. Download xen-3.2.1.tar.gz from xen.org and untar.
4. make world (fails when it can''t find linux-2.6.18-xen.hg)
5. hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
6. make all (succeeds)
7. make install (succeeds)
8. depmod & mkinitrd
9. edit grub.conf and reboot new Xen kernel

After reboot, I then run "xm list" and "xm dmesg" which used
to work but now give the above error.

Evidently it doesn''t like my security policy and more -- any
thoughts/ideas on why?   Is this a known bug or incompatibility? Is my
build/config wrong?

Thanks,
Ed Nadolski
LSI




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Ed,

I have xen 3.2.0 (from source rpm) built with CentOS 5.2 on DQ35 box 
with ACM enabled and the commands in question seem to work.

Do you have xml file beginning with your policy name in 
/etc/xen/acm-security/policies/?
You must have file called
"<your_security_policy_name>-security_policy.xml".
e.g. ''DEFAULT-UL-security_policy.xml (default policy)

Regards,
Dilshan

Nadolski, Ed wrote:
> Has anyone seen the following errors on CentOS 5.2 with Xen 3.2.1:
>
> # xm list
> ACMError: Policy file
''/etc/xen/acm-security/policies/-security_policy.xml'' not
found.
> # xm dmesg
> Error: (13, ''Permission denied'')
>
>
> I get these every time I do the following:
>
> 1. Default install of CentOS 5.2 on Intel DQ35 motherboard system
> 2. Install mercurial
> 3. Download xen-3.2.1.tar.gz from xen.org and untar.
> 4. make world (fails when it can''t find linux-2.6.18-xen.hg)
> 5. hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
> 6. make all (succeeds)
> 7. make install (succeeds)
> 8. depmod & mkinitrd
> 9. edit grub.conf and reboot new Xen kernel
>
> After reboot, I then run "xm list" and "xm dmesg" which
used to work but now give the above error.
>
> Evidently it doesn''t like my security policy and more -- any
thoughts/ideas on why?   Is this a known bug or incompatibility? Is my
build/config wrong?
>
> Thanks,
> Ed Nadolski
> LSI
>
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Thanks Dilshan.  I don''t see the .xml file -- did you have to run
xensec_ezpolicy or anything else to generate that, or to compile/load a policy?

I upgraded to xen-unstable.hg and built with the following changes in Config.mk:

XSM_ENABLE ?= y
FLASK_ENABLE ?= n
ACM_SECURITY ?= y
ACM_DEFAULT_SECURITY_POLICY  ?= ACM_NULL_POLICY

However I am not sure if these are correct since some of my docs/info may be out
of date.

With the above, the ACMError for the "xm list" goes away, and "xm
list -label" shows "INACTIVE" .  But the "xm dmesg" and
"xm_info" still give the ''Permission denied'' error. 
So I''m not sure if this is related to the ACM/policy or if it is
something else.

I''ll see if the policy compile/load helps.  Any other thoughts/ideas?

Thanks once again,
Ed

________________________________________
From: Dilshan Jayarathna [mailto:dilshan.jayarathna@mq.edu.au]
Sent: Tuesday, August 12, 2008 9:52 PM
To: Nadolski, Ed; xen-users@lists.xensource.com
Subject: Re: [Xen-users] ACM errors -- CentOS 5.2 and Xen 3.2.1 incompatibility?

Hi Ed,

I have xen 3.2.0 (from source rpm) built with CentOS 5.2 on DQ35 box with ACM
enabled and the commands in question seem to work.

Do you have xml file beginning with your policy name in
/etc/xen/acm-security/policies/?
You must have file called
"<your_security_policy_name>-security_policy.xml".
e.g. ''DEFAULT-UL-security_policy.xml (default policy)

Regards,
Dilshan

Nadolski, Ed wrote:
Has anyone seen the following errors on CentOS 5.2 with Xen 3.2.1:

# xm list
ACMError: Policy file
''/etc/xen/acm-security/policies/-security_policy.xml'' not
found.
# xm dmesg
Error: (13, ''Permission denied'')


I get these every time I do the following:

1. Default install of CentOS 5.2 on Intel DQ35 motherboard system
2. Install mercurial
3. Download xen-3.2.1.tar.gz from xen.org and untar.
4. make world (fails when it can''t find linux-2.6.18-xen.hg)
5. hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
6. make all (succeeds)
7. make install (succeeds)
8. depmod & mkinitrd
9. edit grub.conf and reboot new Xen kernel

After reboot, I then run "xm list" and "xm dmesg" which used
to work but now give the above error.

Evidently it doesn''t like my security policy and more -- any
thoughts/ideas on why?   Is this a known bug or incompatibility? Is my
build/config wrong?

Thanks,
Ed Nadolski
LSI




_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Hi Ed,

You should have them there by default, given that you built it correctly 
and you don''t have to run xensec_ezpolicy to get this (according to my 
knowledge, it is just a GUI to make life bit easier to create/update 
policies).

There are some examples in /etc/xen/acm-security/policies/example as well.

I don''t seem to have ACM_DEFAULT_SECURITY_POLICY in Config.mk file, but
I vaguely recall it was there in version 3.0.x. Are you sure you used 
xen-unstable.hg or xen-3.2.1.tar.gz, because I am quite certain that 
config parameter is not in either releases.

Regards,
Dilshan


Nadolski, Ed wrote:
> Thanks Dilshan.  I don''t see the .xml file -- did you have to run
xensec_ezpolicy or anything else to generate that, or to compile/load a policy?
>
> I upgraded to xen-unstable.hg and built with the following changes in
Config.mk:
>
> XSM_ENABLE ?= y
> FLASK_ENABLE ?= n
> ACM_SECURITY ?= y
> ACM_DEFAULT_SECURITY_POLICY  ?= ACM_NULL_POLICY
>
> However I am not sure if these are correct since some of my docs/info may
be out of date.
>
> With the above, the ACMError for the "xm list" goes away, and
"xm list -label" shows "INACTIVE" .  But the "xm
dmesg" and "xm_info" still give the ''Permission
denied'' error.  So I''m not sure if this is related to the
ACM/policy or if it is something else.
>
> I''ll see if the policy compile/load helps.  Any other
thoughts/ideas?
>
> Thanks once again,
> Ed
>
> ________________________________________
> From: Dilshan Jayarathna [mailto:dilshan.jayarathna@mq.edu.au]
> Sent: Tuesday, August 12, 2008 9:52 PM
> To: Nadolski, Ed; xen-users@lists.xensource.com
> Subject: Re: [Xen-users] ACM errors -- CentOS 5.2 and Xen 3.2.1
incompatibility?
>
> Hi Ed,
>
> I have xen 3.2.0 (from source rpm) built with CentOS 5.2 on DQ35 box with
ACM enabled and the commands in question seem to work.
>
> Do you have xml file beginning with your policy name in
/etc/xen/acm-security/policies/?
> You must have file called
"<your_security_policy_name>-security_policy.xml".
> e.g. ''DEFAULT-UL-security_policy.xml (default policy)
>
> Regards,
> Dilshan
>
> Nadolski, Ed wrote:
> Has anyone seen the following errors on CentOS 5.2 with Xen 3.2.1:
>
> # xm list
> ACMError: Policy file
''/etc/xen/acm-security/policies/-security_policy.xml'' not
found.
> # xm dmesg
> Error: (13, ''Permission denied'')
>
>
> I get these every time I do the following:
>
> 1. Default install of CentOS 5.2 on Intel DQ35 motherboard system
> 2. Install mercurial
> 3. Download xen-3.2.1.tar.gz from xen.org and untar.
> 4. make world (fails when it can''t find linux-2.6.18-xen.hg)
> 5. hg clone http://xenbits.xensource.com/linux-2.6.18-xen.hg
> 6. make all (succeeds)
> 7. make install (succeeds)
> 8. depmod & mkinitrd
> 9. edit grub.conf and reboot new Xen kernel
>
> After reboot, I then run "xm list" and "xm dmesg" which
used to work but now give the above error.
>
> Evidently it doesn''t like my security policy and more -- any
thoughts/ideas on why?   Is this a known bug or incompatibility? Is my
build/config wrong?
>
> Thanks,
> Ed Nadolski
> LSI
>
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>   

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users