[Xen-devel] question about xm getpolicy with ACM/XSM enabled

[Yanjun Wu <yanjun.wu@xxxxxxxxx>]

I use xen-3.3.1 and 2.6.18 dom0, and enabled XSM/ACM by changing Config.mk as
XSM_ENABLE ?= y
FLASK_ENABLE ?= n
ACM_SECURITY ?= y

After "make dist clean", "make dist" and "make install", the system
boots with new xen-3.3.1.gz successfully.
I can see the following messages in "xm dmesg":
(XEN) XSM Framework v1.0.0 initialized
(XEN) ACM-XSM:  Initializing.
(XEN) acm_init: Loading default policy (CHINESE WALL AND SIMPLE TYPE
ENFORCEMENT).

And if I use "xensec_tool getpolicy", it outputs as follows:
<snip>
Policy dump:
============
POLICY REFERENCE = DEFAULT.
PolicyVer = 0.
XML Vers. = 0.0
Magic     = 1debc.
Len       = 9c.
Primary   = CHINESE WALL (c=1, off=4c).
Secondary = SIMPLE TYPE ENFORCEMENT (c=2, off=7c).


Chinese Wall policy:
====================
Policy version= 0.
Max Types     = 1.
Max Ssidrefs  = 2.
Max ConfSets  = 1.
Ssidrefs Off  = 24.
Conflicts Off = 28.
Runing T. Off = 2a.
C. Agg. Off   = 2c.

SSID To CHWALL-Type matrix:

   ssidref 0:  00
   ssidref 1:  00  <-- Domain-0

Confict Sets:

   c-set 0:    00

Running
Types:         00

Conflict
Aggregate Set: 00


Simple Type Enforcement policy:
===============================
Policy version= 0.
Max Types     = 2.
Max Ssidrefs  = 2.
Ssidrefs Off  = 14.

SSID To STE-Type matrix:

   ssidref 0: 00 01
   ssidref 1: 01 01  <-- Domain-0

</snip>

The question is, when I try "xm getpolicy", it always says:
Supported security subsystems   : None
No policy is installed.

and other commands like "xm setpolicy ACM example.test" cannot work as well.

any hint?  Thanks.

-- 
Yanjun Wu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel