WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xense-devel] Labeling in XSM/Flask

from [Hayawardh V] [Permanent Link][Original]
To: xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xense-devel] Labeling in XSM/Flask
From: "Hayawardh V" <hayawardh@xxxxxxxxx>
Date: Fri, 4 Jul 2008 17:11:25 -0400
Delivery-date: Fri, 04 Jul 2008 14:11:31 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=XmUkZ4XpeTRHtRQaxNx3sM+99WjWqrbEsBLiK9vDx/4=; b=KDGFrJB1raCMtfx2+ddGUk8y2bCrKX3WMdFinsku6xg8z1JSNLAIRpuidynmu5YTiV mZEiCjbsvuOibqkaQtV6AbQDZDwGq5ogapYdL7TmwF7h9eyTrUHS2oyXvIIF2VMeKYOf 0nCzIOZ9cCXfqgecfGEtTmVua5c9pLcR66uyw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=gYbpnNopLfVOlnI5KQfIxD/gN/CnMKjJ/hHfjvbZ7lOyDfTOIk1Afx1+q5oR+l2KbA IzkJpHVC2Cns9H4kI2qk3436eO0/ThXlBKf0qOZvN6ScFC2E9DLwo+BikuyabqkjQWMP BNAkS+pro7fxqyoYIIyCBp/48J93pZr3PkBSw=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi George,

I applied the patch update-xsm-061908-xen-17826.diff to Xen and specified
(xsm_module_name flask)

in xend-config.

I am now able to boot into dom0 in enforcing mode.

However, when I boot a domU, it has not been labeled, and does not create.

1. How do I add labels to objects in XSM/Flask? Where will the labels be stored (like SELinux stores them in extended attributes in the file system) ?

2. The avc denial when I try to boot a domU is:
(XEN) avc:  denied  { create } for domid=0
(XEN) scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:unlabeled_t
(XEN) tclass=domain

(It has type unlabeled_t).

3. Should the initial context have been system_u:system_r:xen_t? If yes, how did it transition to system_u:system_r:dom0_t?

4. When dom0 boots, there is a denial :
(XEN) avc:  denied  { firmware } for domid=0
(XEN) scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:xen_t
(XEN) tclass=xen

Thanks and regards,
Hayawardh

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Free ViagraCializ pills for any purcahse, Buy more FREE more! kuxfs rn95, Laurette Marylouise
Next by Date:  Attractive PRICE! Viagre $1.20, Cializ $2.05, Penisole $0.58, Brand Kamagra $4.50, Levitre $3.40, ViagraOralJelly $3.40 lqktmu b0, Renetta Shena
Previous by Thread:  Free ViagraCializ pills for any purcahse, Buy more FREE more! kuxfs rn95, Laurette Marylouise
Next by Thread:  Re: [Xense-devel] Labeling in XSM/Flask, George S. Coker, II
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy