Xen project Mailing List

[Xen-users] acm_init: Loading default policy but not policy is installed.

From: Bruce Linton <bruce@xxxxxxxxxxxxxx>

Date: Sun, 12 Apr 2009 13:00:33 -0700

Delivery-date: Sun, 12 Apr 2009 13:01:37 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi all, I've successfully installed xen3.3.0 on Linux ubuntu 2.6.27.5 #1 SMP i686 GNU/Linux. I built xen with the requisite XSM_ENABLE=y, ACM_SECURITY=y and believe I have the correct config parameters in the 2.6.27.5 kernel. Boot goes smoothly, set to automatically create 2 domUs. All appears okay with XSM/ACM... root@ubuntu:~# xm dmesg | grep -i xsm (XEN) XSM Framework v1.0.0 initialized (XEN) ACM-XSM: Initializing. root@ubuntu:~# xm dmesg | grep -i acm (XEN) ACM-XSM: Initializing. (XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE ENFORCEMENT). > okay, but... root@ubuntu:~# xm getpolicy Supported security subsystems : None No policy is installed. (---------------------- ( - try: ( 1) reboot xen w/0 domUs and ck xm getpolicy: (---------------------- root@ubuntu:/home/bruce# xm list Name ID Mem VCPUs State Time(s) Domain-0 0 512 4 r----- 11.6 mail.argusology.com 1 1024 1 -b---- 23.1 www.argusology.com 2 1024 1 -b---- 23.7 root@ubuntu:/home/bruce# xm shutdown mail.argusology.com root@ubuntu:/home/bruce# xm shutdown webServer root@ubuntu:/home/bruce# xm list Name ID Mem VCPUs State Time(s) Domain-0 0 512 4 r----- 13.2 root@ubuntu:/home/bruce# /etc/init.d/xend stop root@ubuntu:/home/bruce# /etc/init.d/xend start root@ubuntu:/home/bruce# xm getpolicy Supported security subsystems : None No policy is installed. (---------------------- ( 2) check xm dmesg (---------------------- root@ubuntu:/home/bruce# xm dmesg | more __ __ _____ _____ ___ \ \/ /___ _ __ |___ / |___ / / _ \ \ // _ \ '_ \ |_ \ |_ \| | | | / \ __/ | | | ___) | ___) | |_| | /_/\_\___|_| |_| |____(_)____(_)___/ (XEN) Xen version 3.3.0 (root@LINTON) (gcc version 4.2.4 (Ubuntu 4.2.4-1ubuntu3) ) Tue Apr 7 10:31:02 PDT 2009 (XEN) Latest ChangeSet: unavailable (XEN) Command line: dom0_mem=512m (XEN) Video information: (XEN) VGA is text mode 80x25, font 8x16 (XEN) VBE/DDC methods: none; EDID transfer time: 2 seconds (XEN) EDID info not retrieved because no DDC retrieval method detected (XEN) Disc information: (XEN) Found 1 MBR signatures (XEN) Found 1 EDD information structures (XEN) Xen-e820 RAM map: (XEN) 0000000000000000 - 00000000000a0000 (usable) (XEN) 0000000000100000 - 00000000cfb50000 (usable) (XEN) 00000000cfb50000 - 00000000cfb66000 (reserved) (XEN) 00000000cfb66000 - 00000000cfb85c00 (ACPI data) (XEN) 00000000cfb85c00 - 00000000d0000000 (reserved) (XEN) 00000000e0000000 - 00000000f0000000 (reserved) (XEN) 00000000fe000000 - 0000000100000000 (reserved) (XEN) 0000000100000000 - 0000000130000000 (usable) (XEN) System RAM: 4090MB (4189120kB) (XEN) ACPI: RSDP 000F2160, 0024 (r2 DELL ) (XEN) ACPI: XSDT 000F21FC, 0084 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: FACP CFB83524, 00F4 (r3 DELL PE_SC3 1 DELL 1) (XEN) ACPI: DSDT CFB66000, 4996 (r1 DELL PE_SC3 1 INTL 20050624) (XEN) ACPI: FACS CFB85C00, 0040 (XEN) ACPI: APIC CFB83078, 0092 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: SPCR CFB83130, 0050 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: HPET CFB83184, 0038 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: MCFG CFB831C0, 003C (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: WD__ CFB83200, 0134 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: SLIC CFB83338, 0024 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: ERST CFB6AB18, 0210 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: HEST CFB6AD28, 027C (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: BERT CFB6A998, 0030 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: EINJ CFB6A9C8, 0150 (r1 DELL PE_SC3 1 DELL 1) (XEN) ACPI: TCPA CFB834BC, 0064 (r1 DELL PE_SC3 1 DELL 1) (XEN) Xen heap: 9MB (9660kB) (XEN) Domain heap initialised (XEN) Processor #0 7:7 APIC version 20 (XEN) Processor #2 7:7 APIC version 20 (XEN) Processor #1 7:7 APIC version 20 (XEN) Processor #3 7:7 APIC version 20 (XEN) IOAPIC[0]: apic_id 4, version 32, address 0xfec00000, GSI 0-23 (XEN) Enabling APIC mode: Flat. Using 1 I/O APICs (XEN) XSM Framework v1.0.0 initialized (XEN) ACM-XSM: Initializing. (XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE ENFORCEMENT). (XEN) Using scheduler: SMP Credit Scheduler (credit) (XEN) Detected 2327.595 MHz processor. (XEN) CPU0: VMX disabled by BIOS. (XEN) VMX: failed to initialise. (XEN) CPU0: Intel(R) Xeon(R) CPU L5410 @ 2.33GHz stepping 0a (XEN) Booting processor 1/2 eip 8c000 (XEN) CPU1: Intel(R) Xeon(R) CPU L5410 @ 2.33GHz stepping 0a (XEN) Booting processor 2/1 eip 8c000 (XEN) CPU2: Intel(R) Xeon(R) CPU L5410 @ 2.33GHz stepping 0a (XEN) Booting processor 3/3 eip 8c000 (XEN) CPU3: Intel(R) Xeon(R) CPU L5410 @ 2.33GHz stepping 0a (XEN) Total of 4 processors activated. (XEN) ENABLING IO-APIC IRQs (XEN) -> Using new ACK method (XEN) checking TSC synchronization across 4 CPUs: passed. (XEN) Platform timer is 14.318MHz HPET (XEN) Brought up 4 CPUs (XEN) I/O virtualisation disabled (XEN) *** LOADING DOMAIN 0 *** (XEN) Xen kernel: 32-bit, PAE, lsb (XEN) Dom0 kernel: 32-bit, PAE, lsb, paddr 0x100000 -> 0x602000 (XEN) PHYSICAL MEMORY ARRANGEMENT: (XEN) Dom0 alloc.: 000000003c000000->000000003e000000 (122880 pages to be all ocated) (XEN) VIRTUAL MEMORY ARRANGEMENT: (XEN) Loaded kernel: c0100000->c0602000 (XEN) Init. ramdisk: c0602000->c1ae0000 (XEN) Phys-Mach map: c1ae0000->c1b60000 (XEN) Start info: c1b60000->c1b60474 (XEN) Page tables: c1b61000->c1b74000 (XEN) Boot stack: c1b74000->c1b75000 (XEN) TOTAL: c0000000->c1c00000 (XEN) ENTRY ADDRESS: c0100000 (XEN) Dom0 has maximum 4 VCPUs (XEN) Scrubbing Free RAM: ....................................done. (XEN) Xen trace buffers: disabled (XEN) Std. Loglevel: Errors and warnings (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings) (XEN) Xen is relinquishing VGA console. (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch input to Xen ) (XEN) Freed 100kB init memory. (---------------------- ( 3) is the default policy really loaded? (i.e. is the config file ok?) (---------------------- root@ubuntu:/etc/xen/acm-security/policies# less security_policy.xsd - appears okay (----------------------------- ( 4) check logs (----------------------------- - the other xen logs show nothing. Below is xend.log from when I restarted xend. root@ubuntu:/var/log/xen# cat xend.log | grep 2009-04-12 [2009-04-12 11:28:43 6500] DEBUG (SrvServer:76) SrvServer.cleanup() [2009-04-12 11:28:43 6500] DEBUG (XMLRPCServer:235) XMLRPCServer.cleanup() [2009-04-12 11:28:43 6500] DEBUG (XMLRPCServer:235) XMLRPCServer.cleanup() [2009-04-12 11:28:43 6500] DEBUG (XendDomain:615) cleanup_domains [2009-04-12 11:28:43 6494] INFO (SrvDaemon:219) Xend exited with status 0. [2009-04-1211:28:46 7505] INFO (SrvDaemon:331) Xend Daemon started [2009-04-12 11:28:46 7505] INFO(SrvDaemon:335) Xend changeset: unavailable. [2009-04-12 11:28:47 7505] DEBUG(XendDomainInfo:137) XendDomainInfo.recreate({'max_vcpu_id': 3, 'cpu_time': 14236978880L, 'ssidref': 65537, 'hvm': 0, 'shutdown_reason': 0, 'dying': 0, 'online_vcpus': 4, 'domid': 0, 'paused': 0, 'crashed': 0, 'running': 1, 'maxmem_kb': 4294967292L, 'shutdown': 0, 'mem_kb': 524288L, 'handle': [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], 'blocked': 0, 'name': 'Domain-0'}) [2009-04-12 11:28:47 7505] INFO (XendDomainInfo:154) Recreating domain 0, UUID 00000000-0000-0000-0000-000000000000. at /local/domain/0 [2009-04-1211:28:47 7505] DEBUG (XendDomain:447) Adding Domain: 0 [2009-04-12 11:28:47 7505] DEBUG(XendDomain:383) number of vcpus to use is 0 [2009-04-12 11:28:47 7505] DEBUG(XendDomainInfo:1443) XendDomainInfo.handleShutdownWatch [2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: VBD.set_device not found [2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: VBD.set_type not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: session.get_all_records not found [2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: event.get_record not found [2009-04-12 11:28:47 7505]WARNING (XendAPI:684) API call: event.get_all not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VM.get_auto_power_on not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VM.set_auto_power_on not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.get_network not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_device not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_MAC not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: VIF.set_MTU not found [2009-04-12 11:28:47 7505] WARNING(XendAPI:684) API call: debug.get_all not found [2009-04-12 11:28:47 7505] INFO (XMLRPCServer:156) Opening Unix domain socket XML-RPC server on /var/run/xend/xmlrpc.sock. [2009-04-12 11:28:47 7505] INFO (XMLRPCServer:156) Opening Unix domain socket XML-RPCserver on /var/run/xend/xen-api.sock; authentication has been disabled for this server. root@ubuntu:/var/log/xen# I can't see anything wrong (with XSM/ACM). I was wondering if someone could point me where to look next to solve my issue. Thanks, Bruce -- Bruce Linton Argusology, LLC 925-935-6160 office 925-262-3664 mobile bruce@xxxxxxxxxxxxxx _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.