[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Having some doubt in XSM policies.

  • To: xen-users <xen-users@xxxxxxxxxxxxx>
  • From: cool dharma06 <cooldharma06@xxxxxxxxx>
  • Date: Mon, 7 Jul 2014 17:18:01 +0530
  • Delivery-date: Mon, 07 Jul 2014 20:53:48 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>
hi,

i am using xen-4.4 with XSM policies enabled.

i loaded the default policy of XEN to create VM. And it is in Enforcing mode.

I created VM (HVM) with isolated_domU_t and i am facing the following errors.


While creation:
xl create  /home/Documents/boss64_xen4.3.cfg
Parsing config from /home/Documents/boss64_xen4.3.cfg
WARNING: ignoring "kernel" directive for HVM guest. Use "firmware_override" instead if you really want a non-default firmware
WARNING: ignoring device_model directive.
WARNING: Use "device_model_override" instead if you really want a non-default device_model
libxl: error: libxl_device.c:934:device_backend_callback: unable to add device with path /local/domain/0/backend/vif/18/0
libxl: error: libxl_create.c:1226:domcreate_attach_vtpms: unable to add nic devices
libxl: error: libxl_device.c:934:device_backend_callback: unable to remove device with path /local/domain/0/backend/vif/18/0
libxl: error: libxl.c:1457:devices_destroy_cb: libxl__devices_destroy failed for 18


xl dmesg - log:
(XEN) avc:  denied  { settime } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2
(XEN) avc:  denied  { stat } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=mmu
(XEN) avc:  denied  { cacheflush } for domid=0 target=4 scontext=system_u:system_r:dom0_t tcontext=customer_1:vm_r:isolated_domU_t tclass=domain2


2. How to unload the xen policy which is loaded in XEN. Because i am restarting my whole machine to unload the XSM policy. Is any other ways to unload the XSM policy.?


kindly suggest some solution for the above things.


Thanks & Regards,
cooldharma06..:)
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.