xen (XSM policy) : Unload and analysis tool.

xen (XSM policy) : Unload and analysis tool.

[cooldharma06]

[-- Attachment #1.1: Type: text/plain, Size: 370 bytes --]

Hi all,

i want to know about the following things:

1.unloading XSM policy.

-xl loadpolicy xenpolicy.24

to load the policy. For unloading is there any command is available.?

2. i want to know any analysis tool is available for XSM policy.

3. Apart from wiki.org/XSM any other tutorial is available for developing
own XSM policy.?

Thanks and regards,
cooldharma06.

[-- Attachment #1.2: Type: text/html, Size: 670 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: xen (XSM policy) : Unload and analysis tool.

[Daniel De Graaf]

On 07/19/2013 02:33 AM, cooldharma06 wrote:
> Hi all,
>
> i want to know about the following things:
>
> 1.unloading XSM policy.
>
> -xl loadpolicy xenpolicy.24
>
> to load the policy. For unloading is there any command is available.?

No. Loading another policy will replace the existing one, so there is no
need to unload a policy. Disabling enforcing mode will prevent XSM from
denying any accesses, which has a similar effect to unloading the policy.

> 2. i want to know any analysis tool is available for XSM policy.

SELinux tools such as sesearch will work on XSM policy; you just need to
point them at the Xen policy explicitly. For some of the tools, you may
need to explicitly tell the tool that MLS is disabled.

> 3. Apart from wiki.org/XSM any other tutorial is available for developing
> own XSM policy.?

The xen source has docs/misc/xsm-flask.txt; otherwise, any tutorial on writing
SELinux policy should apply (although the specific macros and access vectors
will be different). I am not aware of a xen-specific tutorial.

> Thanks and regards,
> cooldharma06.
>

-- 
Daniel De Graaf
National Security Agency