[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen (XSM policy) : Unload and analysis tool.



On 07/19/2013 02:33 AM, cooldharma06 wrote:
Hi all,

i want to know about the following things:

1.unloading XSM policy.

-xl loadpolicy xenpolicy.24

to load the policy. For unloading is there any command is available.?

No. Loading another policy will replace the existing one, so there is no
need to unload a policy. Disabling enforcing mode will prevent XSM from
denying any accesses, which has a similar effect to unloading the policy.

2. i want to know any analysis tool is available for XSM policy.

SELinux tools such as sesearch will work on XSM policy; you just need to
point them at the Xen policy explicitly. For some of the tools, you may
need to explicitly tell the tool that MLS is disabled.

3. Apart from wiki.org/XSM any other tutorial is available for developing
own XSM policy.?

The xen source has docs/misc/xsm-flask.txt; otherwise, any tutorial on writing
SELinux policy should apply (although the specific macros and access vectors
will be different). I am not aware of a xen-specific tutorial.

Thanks and regards,
cooldharma06.


--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.