[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [XSM] Setting of ACM Policy

Dilshan,

Thank you for your advice. I failed to build a xsm.
I rebuild and succeed.

=============================================================
# /etc/init.d/xend start
# xm getpolicy
Supported security subsystems   : ACM 

Policy name           : DEFAULT
Policy type           : ACM
Version of XML policy : 1.0
Policy configuration  : loaded, activated for boot
# xm list --label
Name                                        ID   Mem VCPUs      State   Time(s) 
Label     
Domain-0                                     0   464     1     r-----    244.2 
ACM:DEFAULT:SystemManagement
=============================================================

I tried the policy file 
"/etc/xen/acm-security/policies/DEFAULT-UL-security_policy.xml".
=============================================================
# xm setpolicy ACM DEFAULT-UL
Successfully set the new policy.
Supported security subsystems   : ACM

Policy name           : DEFAULT-UL
Policy type           : ACM
Version of XML policy : 1.0
Policy configuration  : loaded, activated for boot

# xm list --label
Name                                        ID   Mem VCPUs      State   Time(s) 
Label
Domain-0                                     0  1887     2     r-----    226.7 
ACM:DEFAULT-UL:SystemManagement
# xm resetpolicy
Successfully reset the system's policy.
=============================================================

By the way I cannot make the "DEFAULT-UL.bin" file.
Can't I set the .bin file at GRUB Menu?

------
suzaki

 >>From: Dilshan Jayarathna <dilshan.jayarathna@xxxxxxxxx>
 >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
 >>
 >>Hi Suzaki,
 >>
 >>It looks like a faulty build. (I could be wrong)
 >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you 
 >>must get ACM as the supported security subsystem when you run 'xm 
 >>getpolicy'.
 >>
 >>If you just run 'xm setpolicy', you should get error but it also tells 
 >>you the supported policy type
 >>(...The only policytype that is currently supported is 'ACM'...)
 >>
 >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm 
 >>setpolicy...' to covert xml to binary format and to activate the policy.
 >>
 >>But if the XSM is not build properly, none of the above will work.
 >>
 >>Hope this helps.
 >>
 >>Cheers,
 >>Dilshan
 >>
 >>Kuniyasu Suzaki wrote:
 >>> Hello,
 >>>
 >>> Please tell me how to setup ACM of XSM.
 >>> I could build a XSM but it doesn't work well.
 >>>   # xm getpolicy
 >>>   Supported security subsystems: None
 >>>
 >>> I guess it is caused by the lack of a policy file.
 >>> I referred the following manual and tried to create poly file. 
 >>>   http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
 >>>
 >>> The manual tells that the following command create a policy file
 >>> "mytest.bin".
 >>>   # xm setpolicy ACM mytest
 >>>
 >>> However the command doesn't work well. Please tell me create a policy 
 >>> file. 
 >>> I tried on Xen 3.2.1. Is the step obsolete?
 >>>
 >>> ------
 >>> suzaki
 >>>
 >>> _______________________________________________
 >>> Xen-devel mailing list
 >>> Xen-devel@xxxxxxxxxxxxxxxxxxx
 >>> http://lists.xensource.com/xen-devel
 >>>   

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.