Xen users - Apr 2009 - acm_init: Loading default policy but not policy is installed.

Hi all,

I''ve successfully installed xen3.3.0 on Linux ubuntu 2.6.27.5 #1 SMP
i686 GNU/Linux. I
built xen with the requisite XSM_ENABLE=y, ACM_SECURITY=y and believe I have the
correct
config parameters in the 2.6.27.5 kernel. 

Boot goes smoothly, set to automatically create 2 domUs. All appears okay with
XSM/ACM...

root@ubuntu:~# xm dmesg | grep -i xsm
(XEN) XSM Framework v1.0.0 initialized
(XEN) ACM-XSM:  Initializing.
root@ubuntu:~# xm dmesg | grep -i acm
(XEN) ACM-XSM:  Initializing.
(XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE
ENFORCEMENT).
> okay, but...
root@ubuntu:~# xm getpolicy
Supported security subsystems   : None 

No policy is installed.

(----------------------
( - try:
( 1) reboot xen w/0 domUs and ck xm getpolicy:
(----------------------

root@ubuntu:/home/bruce# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0   512     4     r-----     11.6
mail.argusology.com                          1  1024     1     -b----     23.1
www.argusology.com                           2  1024     1     -b----     23.7

root@ubuntu:/home/bruce# xm shutdown mail.argusology.com
root@ubuntu:/home/bruce# xm shutdown webServer

root@ubuntu:/home/bruce# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0   512     4     r-----     13.2

root@ubuntu:/home/bruce# /etc/init.d/xend stop
root@ubuntu:/home/bruce# /etc/init.d/xend start

root@ubuntu:/home/bruce# xm getpolicy
Supported security subsystems   : None 

No policy is installed.

(----------------------
( 2) check xm dmesg
(----------------------
root@ubuntu:/home/bruce# xm dmesg | more
 __  __            _____  _____  ___  
 \ \/ /___ _ __   |___ / |___ / / _ \ 
  \  // _ \ ''_ \    |_ \   |_ \| | | |
  /  \  __/ | | |  ___) | ___) | |_| |
 /_/\_\___|_| |_| |____(_)____(_)___/ 
                                      
(XEN) Xen version 3.3.0 (root@LINTON) (gcc version 4.2.4 (Ubuntu 4.2.4-1ubuntu3)
) Tue Apr  7 10:31:02 PDT 2009
(XEN) Latest ChangeSet: unavailable
(XEN) Command line: dom0_mem=512m
(XEN) Video information:
(XEN)  VGA is text mode 80x25, font 8x16
(XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
(XEN)  EDID info not retrieved because no DDC retrieval method detected
(XEN) Disc information:
(XEN)  Found 1 MBR signatures
(XEN)  Found 1 EDD information structures
(XEN) Xen-e820 RAM map:
(XEN)  0000000000000000 - 00000000000a0000 (usable)
(XEN)  0000000000100000 - 00000000cfb50000 (usable)
(XEN)  00000000cfb50000 - 00000000cfb66000 (reserved)
(XEN)  00000000cfb66000 - 00000000cfb85c00 (ACPI data)
(XEN)  00000000cfb85c00 - 00000000d0000000 (reserved)
(XEN)  00000000e0000000 - 00000000f0000000 (reserved)
(XEN)  00000000fe000000 - 0000000100000000 (reserved)
(XEN)  0000000100000000 - 0000000130000000 (usable)
(XEN) System RAM: 4090MB (4189120kB)
(XEN) ACPI: RSDP 000F2160, 0024 (r2 DELL  )
(XEN) ACPI: XSDT 000F21FC, 0084 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: FACP CFB83524, 00F4 (r3 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: DSDT CFB66000, 4996 (r1 DELL   PE_SC3          1 INTL 20050624)
(XEN) ACPI: FACS CFB85C00, 0040
(XEN) ACPI: APIC CFB83078, 0092 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: SPCR CFB83130, 0050 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: HPET CFB83184, 0038 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: MCFG CFB831C0, 003C (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: WD__ CFB83200, 0134 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: SLIC CFB83338, 0024 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: ERST CFB6AB18, 0210 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: HEST CFB6AD28, 027C (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: BERT CFB6A998, 0030 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: EINJ CFB6A9C8, 0150 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) ACPI: TCPA CFB834BC, 0064 (r1 DELL   PE_SC3          1 DELL        1)
(XEN) Xen heap: 9MB (9660kB)
(XEN) Domain heap initialised
(XEN) Processor #0 7:7 APIC version 20
(XEN) Processor #2 7:7 APIC version 20
(XEN) Processor #1 7:7 APIC version 20
(XEN) Processor #3 7:7 APIC version 20
(XEN) IOAPIC[0]: apic_id 4, version 32, address 0xfec00000, GSI 0-23
(XEN) Enabling APIC mode:  Flat.  Using 1 I/O APICs
(XEN) XSM Framework v1.0.0 initialized
(XEN) ACM-XSM:  Initializing.
(XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE
ENFORCEMENT).
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Detected 2327.595 MHz processor.
(XEN) CPU0: VMX disabled by BIOS.
(XEN) VMX: failed to initialise.
(XEN) CPU0: Intel(R) Xeon(R) CPU           L5410  @ 2.33GHz stepping 0a
(XEN) Booting processor 1/2 eip 8c000
(XEN) CPU1: Intel(R) Xeon(R) CPU           L5410  @ 2.33GHz stepping 0a
(XEN) Booting processor 2/1 eip 8c000
(XEN) CPU2: Intel(R) Xeon(R) CPU           L5410  @ 2.33GHz stepping 0a
(XEN) Booting processor 3/3 eip 8c000
(XEN) CPU3: Intel(R) Xeon(R) CPU           L5410  @ 2.33GHz stepping 0a
(XEN) Total of 4 processors activated.
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using new ACK method
(XEN) checking TSC synchronization across 4 CPUs: passed.
(XEN) Platform timer is 14.318MHz HPET
(XEN) Brought up 4 CPUs
(XEN) I/O virtualisation disabled
(XEN) *** LOADING DOMAIN 0 ***
(XEN)  Xen  kernel: 32-bit, PAE, lsb
(XEN)  Dom0 kernel: 32-bit, PAE, lsb, paddr 0x100000 -> 0x602000
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN)  Dom0 alloc.:   000000003c000000->000000003e000000 (122880 pages to be
all
ocated)
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN)  Loaded kernel: c0100000->c0602000
(XEN)  Init. ramdisk: c0602000->c1ae0000
(XEN)  Phys-Mach map: c1ae0000->c1b60000
(XEN)  Start info:    c1b60000->c1b60474
(XEN)  Page tables:   c1b61000->c1b74000
(XEN)  Boot stack:    c1b74000->c1b75000
(XEN)  TOTAL:         c0000000->c1c00000
(XEN)  ENTRY ADDRESS: c0100000
(XEN) Dom0 has maximum 4 VCPUs
(XEN) Scrubbing Free RAM: ....................................done.
(XEN) Xen trace buffers: disabled
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type ''CTRL-a'' three times
to switch input to Xen
)
(XEN) Freed 100kB init memory.

(----------------------
( 3) is the default policy really loaded? (i.e. is the config file ok?)
(----------------------
root@ubuntu:/etc/xen/acm-security/policies# less security_policy.xsd 
- appears okay

(-----------------------------
( 4) check logs
(-----------------------------
- the other xen logs show nothing. Below is xend.log from when I restarted xend.
root@ubuntu:/var/log/xen# cat xend.log | grep 2009-04-12

[2009-04-12 11:28:43 6500] DEBUG (SrvServer:76) SrvServer.cleanup() 
[2009-04-12 11:28:43 6500] DEBUG (XMLRPCServer:235) XMLRPCServer.cleanup() 
[2009-04-12 11:28:43 6500] DEBUG (XMLRPCServer:235) XMLRPCServer.cleanup() 
[2009-04-12 11:28:43 6500] DEBUG (XendDomain:615) cleanup_domains
[2009-04-12 11:28:43 6494] INFO (SrvDaemon:219) Xend exited with status 0.  
[2009-04-1211:28:46 7505] INFO (SrvDaemon:331) Xend Daemon started 
[2009-04-12 11:28:46 7505] INFO(SrvDaemon:335) Xend changeset: unavailable.  
[2009-04-12 11:28:47 7505] DEBUG(XendDomainInfo:137)
XendDomainInfo.recreate({''max_vcpu_id'': 3,
''cpu_time'': 14236978880L, ''ssidref'': 65537,
''hvm'': 0, ''shutdown_reason'': 0,
''dying'': 0, ''online_vcpus'': 4,
''domid'': 0, ''paused'': 0,
''crashed'': 0, ''running'': 1,
''maxmem_kb'': 4294967292L, ''shutdown'': 0,
''mem_kb'': 524288L,
''handle'': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
''blocked'': 0, ''name'':
''Domain-0''})
[2009-04-12 11:28:47 7505] INFO (XendDomainInfo:154) Recreating domain 0, UUID
00000000-0000-0000-0000-000000000000. at /local/domain/0
[2009-04-1211:28:47 7505] DEBUG (XendDomain:447) Adding Domain: 0 
[2009-04-12 11:28:47 7505] DEBUG(XendDomain:383) number of vcpus to use is 0 
[2009-04-12 11:28:47 7505] DEBUG(XendDomainInfo:1443)
XendDomainInfo.handleShutdownWatch
[2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: VBD.set_device not
found
[2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: VBD.set_type not found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call:
session.get_all_records not found
[2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: event.get_record not
found
[2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: event.get_all not
found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VM.get_auto_power_on
not found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VM.set_auto_power_on
not found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.get_network not
found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_device not
found
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_MAC not found 
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_MTU not found 
[2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: debug.get_all not
found
[2009-04-12 11:28:47 7505] INFO (XMLRPCServer:156) Opening Unix domain socket
XML-RPC
server on /var/run/xend/xmlrpc.sock.  [2009-04-12 11:28:47 7505] INFO
(XMLRPCServer:156)
Opening Unix domain socket XML-RPCserver on /var/run/xend/xen-api.sock;
authentication has
been disabled for this server.

root@ubuntu:/var/log/xen#

I can''t see anything wrong (with XSM/ACM). I was wondering if someone
could point me where
to look next to solve my issue. 

Thanks,
Bruce

-- 
Bruce Linton
Argusology, LLC
925-935-6160 office
925-262-3664 mobile
bruce@argusology.com

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users