[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] BUG using xen-unstable with XSM + Flask


  • To: Thomas DuBuisson <thomas.dubuisson@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
  • Date: Fri, 10 Jul 2009 13:28:58 -0400
  • Cc:
  • Delivery-date: Fri, 10 Jul 2009 10:29:36 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: AcoBg+gcgyazGsp9MUW8tpKKa/6wcg==
  • Thread-topic: [Xen-devel] BUG using xen-unstable with XSM + Flask

Thomas,

Are you booting with the policy in enforcing or permissive mode?  We're
using the same configuration here but only in permissive mode.  I see some
policy violations in the xen dmesg.  (We're overdue for some updates to the
sample policy to include some organizational cleanups.)  I suspect you are
running in enforcing mode and simply need to update your policy.  The
iomem/ioports/irq_permit/deny_access have security checks in the
add/remove_rangeset codepaths.  These are the only xsm hooks relevant to
your report and flask will cause rc != 0 in enforcing mode.

Which changeset, HEAD is too relative.

George

On 7/7/09 11:28 PM, "Thomas DuBuisson" <thomas.dubuisson@xxxxxxxxx> wrote:

> While xen-unstable works OK for me normally, when I compile xen.gz
> with XSM and Flask I can't boot - instead I get a panic from
> domain_build.c line 1100.  That line is a "BUG_ON( rc != 0)" in the
> function construct_dom0().
> 
> My system:
> Thinkpad T61 (Intel core2 duo)
> 
> Software config:
> Fedora 11 i686 (gcc 4.4.0), using current HEAD from xen-unstable.
> 
> Let me know what other info would help if you're interested.
> 
> Thomas
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

-- 
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.