This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] How to get XSM/Flask working

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] How to get XSM/Flask working
From: "Hayawardh V" <hayawardh@xxxxxxxxx>
Date: Wed, 21 May 2008 18:59:20 -0400
Delivery-date: Wed, 21 May 2008 15:59:55 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=CTVVhX2HL5begdWqOAeAMGMGkGFPRuqCJPJA2DBcma0=; b=pMvAajUckTZxIKyHYqHs1Cb6MoQb5BK2aSV8J3nJh0doSsM4yX7SUz/k5WF0l4ca3E8MIXRNOCwdxfH1/ngcXY8FAswD0WFxBLq65st+sN7Oc5RdtDRxSYWE5jdu844g4Enl0u2rtUAmEv+tLlD5PiVaiJhpFJskVdPKZjz/F/Q=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=oJ+NdWH3G5QlPyc9tLCyDLjX4xwosrHA9/5VA/ZjUOp9Z5JkIvl4LZt/wHkj0XVbRY4jxZzUmPCsMwt4/un1fkEnL+rDdTj3nUzE5vZz9Pwnd14MLGt3iQH6TdM5e07XoxjIc+RWjuuydCQUWX+ZZBJNrFJTt+JY6uzCSXXdUoM=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi all,

(I have also posted the same in the xense-devel mailing list, as I was not sure which one to use)

I compiled xen-3.2-testing with linux-2.6.18-xen after modifying Config.mk to enable XSM/Flask:


I downloaded a test Flask policy from http://lists.xensource.com/archives/html/xense-devel/2007-03/msg00005.html
and ran 'make' on it.

I copied the policy.20 file to /boot and modified the grub entry as follows:

title Xen 3 with Fedora 8
       root (hd0,5)
       kernel /boot/xen-3.2.gz console=vga
       module /boot/vmlinuz- root=LABEL=/1 ro console=tty0
       module /boot/initrd-
       module /boot/policy.20

and booted into the same.

When I do an xm create of a domU, I get:

[root@XXX xenimg]# xm create -c fedora.fc8.xen3.cfg
Using config file "./fedora.fc8.xen3.cfg".
Error: 'module' object has no attribute 'get_active_policy_name'

(Note: The same domU boots as expected in a Xen without XSM/Flask enabled, on the same machine)

1. What causes the above problem? How do I get XSM/Flask to work?

2. Is the above policy the latest or is there a more recent version?

3. The above post says "This policy is incomplete and cannot be used with the Flask module in enforcing mode." How do I enable enforcing mode? Where are the equivalent SELinux tools like sestatus etc? Are they still under development?


Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] How to get XSM/Flask working, Hayawardh V <=