Re: [XSM] Setting of ACM Policy

[Dilshan Jayarathna <dilshan.jayarathna@mq.edu.au>]

Suzaki,

Kuniyasu Suzaki wrote:
> # xm setpolicy ACM DEFAULT-UL
> Successfully set the new policy.
> Supported security subsystems   : ACM
>
> Policy name           : DEFAULT-UL
> Policy type           : ACM
> Version of XML policy : 1.0
> Policy configuration  : loaded, activated for boot
>
> # xm list --label
> Name                                        ID   Mem VCPUs      State   Time(s) Label
> Domain-0                                     0  1887     2     r-----    226.7 ACM:DEFAULT-UL:SystemManagement
> # xm resetpolicy
> Successfully reset the system's policy.
> =============================================================
>
> By the way I cannot make the "DEFAULT-UL.bin" file.
> Can't I set the .bin file at GRUB Menu?
>
>   
It look like you already have DEFAULT-UL.bin file. Check /boot.
You can manually set it in grub.conf as below:
module /DEFAULT-UL.bin

Cheers,
Dilshan

> ------
> suzaki
>
>  >>From: Dilshan Jayarathna <dilshan.jayarathna@mq.edu.au>
>  >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy
>  >>
>  >>Hi Suzaki,
>  >>
>  >>It looks like a faulty build. (I could be wrong)
>  >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you 
>  >>must get ACM as the supported security subsystem when you run 'xm 
>  >>getpolicy'.
>  >>
>  >>If you just run 'xm setpolicy', you should get error but it also tells 
>  >>you the supported policy type
>  >>(...The only policytype that is currently supported is 'ACM'...)
>  >>
>  >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm 
>  >>setpolicy...' to covert xml to binary format and to activate the policy.
>  >>
>  >>But if the XSM is not build properly, none of the above will work.
>  >>
>  >>Hope this helps.
>  >>
>  >>Cheers,
>  >>Dilshan
>  >>
>  >>Kuniyasu Suzaki wrote:
>  >>> Hello,
>  >>>
>  >>> Please tell me how to setup ACM of XSM.
>  >>> I could build a XSM but it doesn't work well.
>  >>>   # xm getpolicy
>  >>>   Supported security subsystems: None
>  >>>
>  >>> I guess it is caused by the lack of a policy file.
>  >>> I referred the following manual and tried to create poly file. 
>  >>>   http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf
>  >>>
>  >>> The manual tells that the following command create a policy file
>  >>> "mytest.bin".
>  >>>   # xm setpolicy ACM mytest
>  >>>
>  >>> However the command doesn't work well. Please tell me create a policy file. 
>  >>> I tried on Xen 3.2.1. Is the step obsolete?
>  >>>
>  >>> ------
>  >>> suzaki
>  >>>
>  >>> _______________________________________________
>  >>> Xen-devel mailing list
>  >>> Xen-devel@lists.xensource.com
>  >>> http://lists.xensource.com/xen-devel
>  >>>   
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>