From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dilshan Jayarathna Subject: Re: [XSM] Setting of ACM Policy Date: Wed, 27 Aug 2008 09:32:08 +1000 Message-ID: <48B49278.6010205@mq.edu.au> References: <20080822.002323.189707358.k.suzaki@aist.go.jp> <48ADFE0E.6010000@mq.edu.au> <20080826.174604.226774505.k.suzaki@aist.go.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20080826.174604.226774505.k.suzaki@aist.go.jp> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Suzaki, Kuniyasu Suzaki wrote: > # xm setpolicy ACM DEFAULT-UL > Successfully set the new policy. > Supported security subsystems : ACM > > Policy name : DEFAULT-UL > Policy type : ACM > Version of XML policy : 1.0 > Policy configuration : loaded, activated for boot > > # xm list --label > Name ID Mem VCPUs State Time(s) Label > Domain-0 0 1887 2 r----- 226.7 ACM:DEFAULT-UL:SystemManagement > # xm resetpolicy > Successfully reset the system's policy. > ============================================================= > > By the way I cannot make the "DEFAULT-UL.bin" file. > Can't I set the .bin file at GRUB Menu? > > It look like you already have DEFAULT-UL.bin file. Check /boot. You can manually set it in grub.conf as below: module /DEFAULT-UL.bin Cheers, Dilshan > ------ > suzaki > > >>From: Dilshan Jayarathna > >>Subject: Re: [Xen-devel] [XSM] Setting of ACM Policy > >> > >>Hi Suzaki, > >> > >>It looks like a faulty build. (I could be wrong) > >>If you've set ACM_SECURITY ?= y in Config.mk when you building xen, you > >>must get ACM as the supported security subsystem when you run 'xm > >>getpolicy'. > >> > >>If you just run 'xm setpolicy', you should get error but it also tells > >>you the supported policy type > >>(...The only policytype that is currently supported is 'ACM'...) > >> > >>You can use xensec_ezpolicy to create a policy in xml format. Then 'xm > >>setpolicy...' to covert xml to binary format and to activate the policy. > >> > >>But if the XSM is not build properly, none of the above will work. > >> > >>Hope this helps. > >> > >>Cheers, > >>Dilshan > >> > >>Kuniyasu Suzaki wrote: > >>> Hello, > >>> > >>> Please tell me how to setup ACM of XSM. > >>> I could build a XSM but it doesn't work well. > >>> # xm getpolicy > >>> Supported security subsystems: None > >>> > >>> I guess it is caused by the lack of a policy file. > >>> I referred the following manual and tried to create poly file. > >>> http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user.pdf > >>> > >>> The manual tells that the following command create a policy file > >>> "mytest.bin". > >>> # xm setpolicy ACM mytest > >>> > >>> However the command doesn't work well. Please tell me create a policy file. > >>> I tried on Xen 3.2.1. Is the step obsolete? > >>> > >>> ------ > >>> suzaki > >>> > >>> _______________________________________________ > >>> Xen-devel mailing list > >>> Xen-devel@lists.xensource.com > >>> http://lists.xensource.com/xen-devel > >>> > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel >