ia64/xen-unstable

view tools/security/install.txt @ 6812:26cf3cfd3bed

Switch vcpu hotplugging to use xstransact.
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
author cl349@firebug.cl.cam.ac.uk
date Tue Sep 13 17:31:13 2005 +0000 (2005-09-13)
parents dd668f7527cb
children b2f4823b6ff0 b35215021b32 9af349b055e5 3233e7ecfa9f
line source
1 ##
2 # install.txt <description to the xen access control architecture>
3 #
4 # Author:
5 # Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
6 #
7 #
8 # This file shows how to activate and install the access control
9 # framework.
10 ##
13 INSTALLING A SECURITY POLICY IN XEN
14 ===================================
16 By default, the access control architecture is disabled in Xen. To
17 enable the access control architecture in Xen follow the steps below.
18 This description assumes that you want to install the Chinese Wall and
19 Simple Type Enforcement policy. Some file names need to be replaced
20 below to activate the Chinese Wall OR the Type Enforcement policy
21 exclusively (chwall_ste --> {chwall, ste}).
23 1. enable access control in Xen
24 # cd "xen_root"
25 # edit/xemacs/vi Config.mk
27 change the line:
28 ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
30 to:
31 ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
33 # make all
34 # ./install.sh
36 2. compile the policy from xml to a binary format that can be loaded
37 into the hypervisor for enforcement
38 # cd tools/security
39 # make
41 manual steps (alternative to make boot_install):
42 #./secpol_xml2bin chwall_ste
43 #cp policies/chwall_ste/chwall_ste.bin /boot
44 #edit /boot/grub/grub.conf
45 add the follwoing line to your xen boot entry:
46 "module chwall_ste.bin"
48 alternatively, you can try our automatic translation and
49 installation of the policy:
50 # make boot_install
52 [we try hard to do the right thing to the right boot entry but
53 please verify boot entry in /boot/grub/grub.conf afterwards;
54 your xen boot entry should have an additional module line
55 specifying a chwall_ste.bin file with the correct directory
56 (e.g. "/" or "/boot").]
59 3. reboot into the newly compiled hypervisor
61 after boot
62 #xm dmesg should show an entry about the policy being loaded
63 during the boot process
65 #tools/security/secpol_tool getpolicy
66 should print the new chwall_ste binary policy representation