|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [XSM] Setting of ACM Policy
Dilshan, >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >> >>Suzaki, >> >>Kuniyasu Suzaki wrote: >>> # xm setpolicy ACM DEFAULT-UL >>> Successfully set the new policy. >>> Supported security subsystems : ACM >>> >>> Policy name : DEFAULT-UL >>> Policy type : ACM >>> Version of XML policy : 1.0 >>> Policy configuration : loaded, activated for boot >>> >>> # xm list --label >>> Name ID Mem VCPUs State >>> Time(s) Label >>> Domain-0 0 1887 2 r----- >>> 226.7 ACM:DEFAULT-UL:SystemManagement >>> # xm resetpolicy >>> Successfully reset the system's policy. >>> ============================================================= >>> >>> By the way I cannot make the "DEFAULT-UL.bin" file. >>> Can't I set the .bin file at GRUB Menu? >>> >>> >>It look like you already have DEFAULT-UL.bin file. Check /boot. >>You can manually set it in grub.conf as below: >>module /DEFAULT-UL.bin Thank you. I found a .bin file. The .bin file is also created at "/var/lib/xend/security/policies/" . I could set up it the GRUB Menu. Unforunately the setting is re-written by "DEFAULT policy" when xend is started. Can't we fix the policy at the boot time? ------ suzaki >> >>Cheers, >>Dilshan >> >>> ------ >>> suzaki >>> >>> >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx> >>> >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy >>> >> >>> >>Hi Suzaki, >>> >> >>> >>It looks like a faulty build. (I could be wrong) >>> >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you >>> >>must get ACM as the supported security subsystem when you run 'xm >>> >>getpolicy'. >>> >> >>> >>If you just run 'xm setpolicy', you should get error but it also tells >>> >>you the supported policy type >>> >>(...The only policytype that is currently supported is 'ACM'...) >>> >> >>> >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm >>> >>setpolicy...' to covert xml to binary format and to activate the policy. >>> >> >>> >>But if the XSM is not build properly, none of the above will work. >>> >> >>> >>Hope this helps. >>> >> >>> >>Cheers, >>> >>Dilshan >>> >> >>> >>Kuniyasu Suzaki wrote: >>> >>> Hello, >>> >>> >>> >>> Please tell me how to setup ACM of XSM. >>> >>> I could build a XSM but it doesn't work well. >>> >>> # xm getpolicy >>> >>> Supported security subsystems: None >>> >>> >>> >>> I guess it is caused by the lack of a policy file. >>> >>> I referred the following manual and tried to create poly file. >>> >>> http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf >>> >>> >>> >>> The manual tells that the following command create a policy file >>> >>> "mytest.bin". >>> >>> # xm setpolicy ACM mytest >>> >>> >>> >>> However the command doesn't work well. Please tell me create a policy >>> file. >>> >>> I tried on Xen 3.2.1. Is the step obsolete? >>> >>> >>> >>> ------ >>> >>> suzaki >>> >>> >>> >>> _______________________________________________ >>> >>> Xen-devel mailing list >>> >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> >>> http://lists.xensource.com/xen-devel >>> >>> >>> >>> _______________________________________________ >>> Xen-devel mailing list >>> Xen-devel@xxxxxxxxxxxxxxxxxxx >>> http://lists.xensource.com/xen-devel >>> >> >>_______________________________________________ >>Xen-devel mailing list >>Xen-devel@xxxxxxxxxxxxxxxxxxx >>http://lists.xensource.com/xen-devel >> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |