[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH] [Flask] Fix to default policy to get simple VM running




"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008 03:57:54 PM:


> Subject

>
> Re: [PATCH] [Flask] Fix to default policy to get simple VM running

>
>
> Would you send me your config file for this guest?


Here it is:

kernel = "/boot/vmlinuz-2.6.18.8-xen"
ramdisk = "/xen/initrd_domU/U1_ramdisk.img"
memory = 256
name = "UserDomain0"
root = "/dev/ram0 xencons=tty ro"
vif = ['backend=0']
access_control = ['policy=,label=system_u:object_r:domU_t']

    Stefan



>
> On 10/7/08 3:33 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:

>
> "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 10/07/2008
> 03:28:05 PM:
> >
> > I've been looking into this issue as a result of your earlier post and I
> > have only been able to reproduce your error when manipulating the memory
> > reservations for a domU.  The sample flask policy is a basic policy that
> > only supports pv guests, so its not surprising that you've uncovered a
> > limitation of this policy.  Nonetheless, your patch should go in.
> >
> > It's a little unclear how many guests you are running or what resources are
> > committed against the domUs.  How many domUs are you trying to supporting?
> > Do you only get the error with more than a few domUs?
>
> Just starting a single domU required me to add this rule. 2 more
> rules are needed to start a domU with networking enabled - see 2nd patch.
>
>   Stefan
>
> >
> > On 10/7/08 3:03 PM, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:
> >
> > > This fix gets to the default Flask/XSM policy gets a simple guest VM
> > > (Ramdisk only, no VIF) running.
> > >
> > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
> > >
> >
> > --
> > George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
> >
> >

>
> --
> George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.