 Home |
About Xen.org |
Xen |
Xen Summit |
Wiki |
Mailing List |
Bug Tracker |
Xen Downloads |
xense-devel
[Xense-devel] Labeling in XSM/Flask
| To: | xense-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xense-devel] Labeling in XSM/Flask |
| From: | "Hayawardh V" <hayawardh@xxxxxxxxx> |
| Date: | Fri, 4 Jul 2008 17:11:25 -0400 |
| Delivery-date: | Fri, 04 Jul 2008 14:11:31 -0700 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=XmUkZ4XpeTRHtRQaxNx3sM+99WjWqrbEsBLiK9vDx/4=; b=KDGFrJB1raCMtfx2+ddGUk8y2bCrKX3WMdFinsku6xg8z1JSNLAIRpuidynmu5YTiV mZEiCjbsvuOibqkaQtV6AbQDZDwGq5ogapYdL7TmwF7h9eyTrUHS2oyXvIIF2VMeKYOf 0nCzIOZ9cCXfqgecfGEtTmVua5c9pLcR66uyw= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=gYbpnNopLfVOlnI5KQfIxD/gN/CnMKjJ/hHfjvbZ7lOyDfTOIk1Afx1+q5oR+l2KbA IzkJpHVC2Cns9H4kI2qk3436eO0/ThXlBKf0qOZvN6ScFC2E9DLwo+BikuyabqkjQWMP BNAkS+pro7fxqyoYIIyCBp/48J93pZr3PkBSw= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xense-devel-request@lists.xensource.com?subject=help> |
| List-id: | "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com> |
| List-post: | <mailto:xense-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xense-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Hi George, I applied the patch update-xsm-061908-xen-17826.diff to Xen and specified (xsm_module_name flask) in xend-config. I am now able to boot into dom0 in enforcing mode. However, when I boot a domU, it has not been labeled, and does not create. 1. How do I add labels to objects in XSM/Flask? Where will the labels be stored (like SELinux stores them in extended attributes in the file system) ? 2. The avc denial when I try to boot a domU is: (XEN) avc: denied { create } for domid=0 (XEN) scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:unlabeled_t (XEN) tclass=domain (It has type unlabeled_t). 3. Should the initial context have been system_u:system_r:xen_t? If yes, how did it transition to system_u:system_r:dom0_t? 4. When dom0 boots, there is a denial : (XEN) avc: denied { firmware } for domid=0 (XEN) scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:xen_t (XEN) tclass=xen Thanks and regards, Hayawardh _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Free ViagraCializ pills for any purcahse, Buy more FREE more! kuxfs rn95, Laurette Marylouise |
|---|---|
| Next by Date: | Attractive PRICE! Viagre $1.20, Cializ $2.05, Penisole $0.58, Brand Kamagra $4.50, Levitre $3.40, ViagraOralJelly $3.40 lqktmu b0, Renetta Shena |
| Previous by Thread: | Free ViagraCializ pills for any purcahse, Buy more FREE more! kuxfs rn95, Laurette Marylouise |
| Next by Thread: | Re: [Xense-devel] Labeling in XSM/Flask, George S. Coker, II |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
xen.org, 