|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Loading ACM policy in XSM
I believe that your 'managed_policies' file is missing or empty. Please look at /etc/xen/acm-security/policies/managed_policies. If this is a new installation, I do not believe that ACM will create the 'managed_policies' file. George On Wed, 2007-08-29 at 13:26 +0900, Syunsuke HAYASHI wrote: > Hi,Stefan > Thank you for the help. > > I was not describing an ssidref=... in grub.conf. > I show grub.conf and dmesg when I execute "xm chgpolicy > example.client_v1" command and reboot. > > ----------------------------grub.conf-------------------------------------- > # grub.conf generated by anaconda > # > # Note that you do not have to rerun grub after making changes to this file > # NOTICE: You have a /boot partition. This means that > # all kernel and initrd paths are relative to /boot/, eg. > # root (hd0,0) > # kernel /vmlinuz-version ro root=/dev/sda3 > # initrd /initrd-version.img > #boot=/dev/sda > default=0 > timeout=5 > splashimage=(hd0,0)/grub/splash.xpm.gz > hiddenmenu > title xen-unstable0827 > root (hd0,0) > kernel /xen.gz dom0_mem=1024M > module /vmlinuz-2.6.18-xen ro root=LABEL=/ rhgb > module /initrd-2.6.18-xen.img > module /example.client_v1.bin > > > -----------------------------dmesg---------------------------------------- > __ __ _____ ___ _ _ _ > \ \/ /___ _ __ |___ / / _ \ _ _ _ __ ___| |_ __ _| |__ | | ___ > \ // _ \ '_ \ |_ \| | | |__| | | | '_ \/ __| __/ _` | '_ \| |/ _ \ > / \ __/ | | | ___) | |_| |__| |_| | | | \__ \ || (_| | |_) | | __/ > /_/\_\___|_| |_| |____(_)___/ \__,_|_| |_|___/\__\__,_|_.__/|_|\___| > > http://www.cl.cam.ac.uk/netos/xen > University of Cambridge Computer Laboratory > > Xen version 3.0-unstable (root@xxxxxxxxxxxxxxxxxxxx) (gcc version > 4.1.2 20070502 (Red Hat 4.1.2-12)) Sun Aug 26 06:00:02 JST 2007 > Latest ChangeSet: Thu Aug 16 13:27:59 2007 +0100 15730:256160ff19b7 > > (XEN) Command line: /xen.gz dom0_mem=1024M > (XEN) Video information: > (XEN) VGA is text mode 80x25, font 8x16 > (XEN) VBE/DDC methods: V2; EDID transfer time: 2 seconds > (XEN) Disc information: > (XEN) Found 1 MBR signatures > (XEN) Found 1 EDD information structures > (XEN) Xen-e820 RAM map: > (XEN) 0000000000000000 - 000000000009f000 (usable) > (XEN) 000000000009f000 - 00000000000a0000 (reserved) > (XEN) 00000000000d6000 - 00000000000d8000 (reserved) > (XEN) 00000000000e0000 - 0000000000100000 (reserved) > (XEN) 0000000000100000 - 000000007fff0000 (usable) > (XEN) 000000007fff0000 - 000000007ffff000 (ACPI data) > (XEN) 000000007ffff000 - 0000000080000000 (ACPI NVS) > (XEN) 00000000fec00000 - 00000000fec10000 (reserved) > (XEN) 00000000fee00000 - 00000000fee01000 (reserved) > (XEN) 00000000fff80000 - 0000000100000000 (reserved) > (XEN) System RAM: 2047MB (2096700kB) > (XEN) Xen heap: 9MB (10168kB) > (XEN) Domain heap initialised: DMA width 32 bits > (XEN) PAE enabled, limit: 16 GB > (XEN) Processor #0 15:2 APIC version 20 > (XEN) Processor #1 15:2 APIC version 20 > (XEN) Processor #6 15:2 APIC version 20 > (XEN) Processor #7 15:2 APIC version 20 > (XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-15 > (XEN) IOAPIC[1]: apic_id 3, version 17, address 0xfec01000, GSI 16-31 > (XEN) IOAPIC[2]: apic_id 4, version 17, address 0xfec02000, GSI 32-47 > (XEN) IOAPIC[3]: apic_id 5, version 17, address 0xfec03000, GSI 48-63 > (XEN) Enabling APIC mode: Flat. Using 4 I/O APICs > (XEN) Using scheduler: SMP Credit Scheduler (credit) > (XEN) Detected 3189.437 MHz processor. > (XEN) CPU0: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 1/1 eip 90000 > (XEN) CPU1: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 2/6 eip 90000 > (XEN) CPU2: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Booting processor 3/7 eip 90000 > (XEN) CPU3: Intel(R) Xeon(TM) CPU 3.20GHz stepping 05 > (XEN) Total of 4 processors activated. > (XEN) ENABLING IO-APIC IRQs > (XEN) -> Using new ACK method > (XEN) ..MP-BIOS bug: 8254 timer not connected to IO-APIC > (XEN) Platform timer overflows in 234 jiffies. > (XEN) Platform timer is 3.579MHz ACPI PM Timer > (XEN) Brought up 4 CPUs > (XEN) Policy len 0x168, start at 3ffff000 - module 2. > (XEN) acm_set_policy_reference: Activating policy example.client_v1 > (XEN) acm_init: Enforcing CHINESE WALL AND SIMPLE TYPE ENFORCEMENT boot > policy. > (XEN) *** LOADING DOMAIN 0 *** > (XEN) Xen kernel: 32-bit, PAE, lsb > (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0xc0100000 -> 0xc044fb7c > (XEN) PHYSICAL MEMORY ARRANGEMENT: > (XEN) Dom0 alloc.: 000000003e000000->000000003f000000 (258048 pages > to be allocated) > (XEN) VIRTUAL MEMORY ARRANGEMENT: > (XEN) Loaded kernel: c0100000->c044fb7c > (XEN) Init. ramdisk: c0450000->c0bba600 > (XEN) Phys-Mach map: c0bbb000->c0cbb000 > (XEN) Start info: c0cbb000->c0cbb46c > (XEN) Page tables: c0cbc000->c0cc9000 > (XEN) Boot stack: c0cc9000->c0cca000 > (XEN) TOTAL: c0000000->c1000000 > (XEN) ENTRY ADDRESS: c0100000 > (XEN) Dom0 has maximum 4 VCPUs > (XEN) Initrd len 0x76a600, start at 0xc0450000 > (XEN) Scrubbing Free RAM: .........done. > (XEN) Xen trace buffers: disabled > (XEN) Std. Loglevel: Errors and warnings > (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings) > (XEN) Xen is relinquishing VGA console. > (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch > input to Xen). > (XEN) Freed 88kB init memory. > (XEN) ioapic_guest_write: apic=0, pin=2, old_irq=-1, new_irq=0 > (XEN) ioapic_guest_write: old_entry=00010000, new_entry=000009f0 > (XEN) ioapic_guest_write: Attempt to add IO-APIC pin for in-use IRQ! > ------------------------------------------------------------------------- > Is it good in this ? > > Syunsuke HAYASHI > > > > xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 08/27/2007 04:00:14 AM: > > > > > Hi, > > > I have a problem about ACM module(hg.15730) > > > I want to label Domain-0. > > > I read xen user's manual v3.0 and "man xm" information. > > > ACM document mentions how to label Domain-0. > > > But I couldn't add the label when I tried the following steps. > > > > > > (test1) > > > #xm makepolicy example.client_v1 > > > #xm cfgbootpolicy example.client_v1 > > > #reboot > > > > > > (test2) > > > #xm setpolicy ACM example.client_v1 > > > #xm activatepolicy --boot > > > > > > (result) > > > [root@bx607 ~]# xm list --label > > > Name ID Mem VCPUs State Time(s) Label > > > Domain-0 0 1024 4 r----- 105.1 unlabeled > > > > > > So,I tried to use "xm addlabel" command. > > > > > > #xm makepolicy example.client_v1 > > > #xm addlabel dom_SystemManagement mgt Domain-0 example.client_v1 > > > > > > But I couldn't again. > > > > > > Is there any good idea ? > > > > Is there an ssidref=... in the 'kernel' line in the grub title you > are booting? Can you send this line and remove the ssidref=... and try > again? > > Otherwise if this is not the case, can you send the content of 'xm > dmesg'? > > > > Stefan > > > > > > Thanks, > > > > > > Syunsuke HAYASHI > > > > > > > > > > > > > > > _______________________________________________ > > > Xen-devel mailing list > > > Xen-devel@xxxxxxxxxxxxxxxxxxx > > > http://lists.xensource.com/xen-devel > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |