From: Syunsuke HAYASHI <syunsuke@jp.fujitsu.com>
To: xen-devel@lists.xensource.com
Subject: Re: [XSM:ACM] When cw is used, dom0 reboots.
Date: Wed, 26 Sep 2007 11:12:41 +0900 [thread overview]
Message-ID: <46F9C019.8030003@jp.fujitsu.com> (raw)
In-Reply-To: <OF7F486963.45914431-ON85257362.00001746-85257362.00003F8D@us.ibm.com>
Hi, Stefan.
I am trying XSM/ACM on CS 15880.
It is big information that XSM/ACM works fine on CS15661.
Thank you.
Then, is my setting only bad?
Please teach your setting.
(Config.mk, xm-config.xml,xend-config.sxp,guest.conf,.....etc)
The setting to use XSM/ACM is as follows.
1:Config.mk(Setting when installing xen)
81 # Enable XSM security module. Enabling XSM requires selection of an
82 # XSM security module (FLASK_ENABLE or ACM_SECURITY).
83 XSM_ENABLE ?= y <---- I wrote like this.
~~~~
84 FLASK_ENABLE ?= n
85 ACM_SECURITY ?= y <---- I wrote like this.
~~~~
86
87 # Optional components
88 XENSTAT_XENTOP ?= y
89 VTPM_TOOLS ?= n
90 LIBXENAPI_BINDINGS ?= n
91 XENFB_TOOLS ?= n
92 PYTHON_TOOLS ?= y
2:xend-config-xenapi.sxp
54 # Default:
55 # (xen-api-server ((unix)))
56 (xen-api-server ((9363 none))) <---- I wrote like this.
3:xm-config.xml
43 <server type='Xen-API'
44 uri='http://localhost:9363/'
45 username='me'
46 password='mypassword' />
47
48
49
50 </xm>
Syunsuke HAYASHI.
>
> Hello!
>
> Which changeset of Xen are you trying this on? I just tried this on a
> version before XSM was added and it worked fine (CS 15661).
>
> Stefan
>
>
>
> xen-devel-bounces@lists.xensource.com wrote on 09/24/2007 11:02:11 PM:
>
> > Hi ,
> >
> > When cw is used, dom0 reboots.
> > Though I set quest memory size.
> >
> > I want to study into the cause.
> > Please teach how to examine it.
> >
> >
> >
> >
> > #xm create vm1.conf <-- OK
> > #xm create vm4.conf <-- NO
> > ................... <-- system boot
> >
> > #last
> > root pts/1 myPC Tue Sep 25 11:25 - crash (09:01)
> > reboot system boot 2.6.18-xen Tue Sep 25 20:06 (-8:-16)
> > ~~~~~~~~~~~
> >
> >
> > ---------------about my setting--------------------
> > Xen-api is effective.
> >
> >
> > #cat vm1.conf
> > kernel = "/boot/vmlinuz-2.6.18-xen"
> > ramdisk = "/boot/initrd-2.6.18-xenU.img"
> > memory = "128"
> > ~~~~
> > name = "vm1"
> > disk = [ 'file:/xen/vm1.img,sda1,w' ]
> > vif = [ '' ]
> > root = "/dev/sda1 ro"
> > on_xend_stop = "suspend"
> > extra = "3 xencons=tty"
> > access_control = ['policy=example.client_v1,label=dom_HomeBanking']
> >
> > #cat vm4.conf
> > kernel = "/boot/vmlinuz-2.6.18-xen"
> > ramdisk = "/boot/initrd-2.6.18-xenU.img"
> > memory = "128"
> > ~~~~~
> > name = "vm4"
> > disk = [ 'file:/xen/vm4.img,sda1,w']
> > vif = [ '' ]
> > root = "/dev/sda1 ro"
> > on_xend_stop = "suspend"
> > extra = "3"
> > access_control = ['policy=example.client_v1,label=dom_Fun']
> >
> >
> > #xm dumppolicy
> > Policy dump:
> > ============
> > POLICY REFERENCE = example.client_v1.
> > PolicyVer = 0.
> > XML Vers. = 1.0
> > Magic = 1debc.
> > Len = 198.
> > Primary = CHINESE WALL (c=1, off=40).
> > Secondary = SIMPLE TYPE ENFORCEMENT (c=2, off=b8).
> >
> >
> > Chinese Wall policy:
> > ====================
> > Policy version= 0.
> > Max Types = 4.
> > Max Ssidrefs = 7.
> > Max ConfSets = 1.
> > Ssidrefs Off = 24.
> > Conflicts Off = 5c.
> > Runing T. Off = 64.
> > C. Agg. Off = 6c.
> >
> > SSID To CHWALL-Type matrix:
> >
> > ssidref 0: 00 00 00 00
> > ssidref 1: 00 00 00 01 <-- Domain-0
> > ssidref 2: 00 01 00 00
> > ssidref 3: 01 00 00 00
> > ssidref 4: 00 00 01 00
> > ssidref 5: 00 00 00 01
> > ssidref 6: 00 00 00 01
> >
> > Confict Sets:
> >
> > c-set 0: 01 00 01 00
> >
> > Running
> > Types: 00 00 00 01
> >
> > Conflict
> > Aggregate Set: 00 00 00 00
> >
> >
> > Simple Type Enforcement policy:
> > ===============================
> > Policy version= 0.
> > Max Types = 6.
> > Max Ssidrefs = 11.
> > Ssidrefs Off = 14.
> >
> > SSID To STE-Type matrix:
> >
> > ssidref 0: 00 00 00 00 00 00
> > ssidref 1: 01 01 01 01 01 01 <-- Domain-0
> > ssidref 2: 01 00 00 00 00 00
> > ssidref 3: 00 01 00 00 00 00
> > ssidref 4: 00 00 00 00 01 00
> > ssidref 5: 01 01 01 00 01 00
> > ssidref 6: 00 01 00 01 01 00
> > ssidref 7: 00 00 01 00 00 00
> > ssidref 8: 00 00 00 00 00 01
> > ssidref 9: 00 00 00 01 00 00
> > ssidref a: 00 00 00 00 01 00
> > ssidref b: 00 01 00 00 00 00
> > ssidref c: 00 00 00 00 01 00
> > ssidref d: 00 00 00 00 01 00
> > ssidref e: 00 01 00 00 00 00
> > ssidref f: 00 00 00 00 00 01
> > ssidref10: 00 00 00 00 01 00
> >
> > Thanks,
> >
> > Syunsuke Hayashi.
> >
> >
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.xensource.com
> > http://lists.xensource.com/xen-devel
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2007-09-26 2:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-25 3:02 [XSM:ACM] When cw is used, dom0 reboots Syunsuke HAYASHI
2007-09-25 22:48 ` George S. Coker, II
2007-09-26 0:02 ` Stefan Berger
2007-09-26 2:12 ` Syunsuke HAYASHI [this message]
2007-09-27 16:44 ` George S. Coker, II
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46F9C019.8030003@jp.fujitsu.com \
--to=syunsuke@jp.fujitsu.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.