[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] How to get XSM/Flask working

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: "Hayawardh V" <hayawardh@xxxxxxxxx>
Date: Wed, 21 May 2008 18:59:20 -0400
Delivery-date: Wed, 21 May 2008 15:59:55 -0700
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=oJ+NdWH3G5QlPyc9tLCyDLjX4xwosrHA9/5VA/ZjUOp9Z5JkIvl4LZt/wHkj0XVbRY4jxZzUmPCsMwt4/un1fkEnL+rDdTj3nUzE5vZz9Pwnd14MLGt3iQH6TdM5e07XoxjIc+RWjuuydCQUWX+ZZBJNrFJTt+JY6uzCSXXdUoM=
List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi all,

(I have also posted the same in the xense-devel mailing list, as I was not sure which one to use)

I compiled xen-3.2-testing with linux-2.6.18-xen after modifying Config.mk to enable XSM/Flask:

XSM_ENABLE ?= y
FLASK_ENABLE ?= y
ACM_SECURITY ?= n

I downloaded a test Flask policy from http://lists.xensource.com/archives/html/xense-devel/2007-03/msg00005.html
and ran 'make' on it.

I copied the policy.20 file to /boot and modified the grub entry as follows:

title Xen 3 with Fedora 8 2.6.18.8
       root (hd0,5)
       kernel /boot/xen-3.2.gz console=vga
       module /boot/vmlinuz-2.6.18.8-xen root=LABEL=/1 ro console=tty0
       module /boot/initrd-2.6.18.8-xen.img
       module /boot/policy.20

and booted into the same.

When I do an xm create of a domU, I get:

[root@XXX xenimg]# xm create -c fedora.fc8.xen3.cfg
Using config file "./fedora.fc8.xen3.cfg".
Error: 'module' object has no attribute 'get_active_policy_name'

(Note: The same domU boots as expected in a Xen without XSM/Flask enabled, on the same machine)

1. What causes the above problem? How do I get XSM/Flask to work?

2. Is the above policy the latest or is there a more recent version?

3. The above post says "This policy is incomplete and cannot be used with the Flask module in enforcing mode." How do I enable enforcing mode? Where are the equivalent SELinux tools like sestatus etc? Are they still under development?

Thanks,
Hayawardh

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

Prev by Date: RE: [Xen-users] Xen: The processor(s) in this machine do not supportfull virtualization.
Next by Date: Re: [Xen-users] Xen: The processor(s) in this machine do not supportfull virtualization.
Previous by thread: [Xen-users] Xen: The processor(s) in this machine do not support full virtualization.
Next by thread: [Xen-users] Compiling openiscsi for xen3.2-testing
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.