On Fri, 2006-10-13 at 17:25 +0100, Robin Bowes wrote:
Stephen Smalley wrote:
On Fri, 2006-10-13 at 17:12 +0100, Robin Bowes wrote:
Stephen Smalley wrote:
The assertion is to prevent accidental granting of read
access to
a raw disk device. Is that truly required here?
Probably - the root disk of the guest O/S instance is an lvm partition, e.g. /dev/vg01/lv_guest
To allow it, you need to use the interface for it, e.g. storage_raw_read_fixed_disk(xm_t) That interface is defined in kernel/storage.if. In addition to allowing the
permission, it adds
a type attribute to the type that excludes from the assertion.
It seems like you'd want to consider a specific xen label for your guest partitions. You probably don't want to give xm_t access to all of the disks/partitions. Generally when you violate assertions you're probably allowing access you don't want (or should at least think hard about). Of course that will be a little more involved and it's probably better to get things working first with the storage_raw_read_fixed_disk() interface.
I've had no luck with getting xen even to boot correctly (using the same versions you listed on FC5). It always hangs when it checks the hardware on boot and if I skip that step with an interactive boot my system gets corrupted. I'm using a vanilla Dell hardware base (works fine with the standard FC5 kernel install). Did you have any problems getting the initial system set up? I have tried installing and booting in permissive mode with the same results.
David -- __________________________________
David Caplan dac@tresys.com Tresys Technology, LLC