ia64/xen-unstable

view tools/security/install.txt @ 7238:971e7c7411b3

Raise an exception if an error appears on the pipes to our children, and make
sure that the child's pipes are closed even under that exception. Move the
handling of POLLHUP to the end of the loop, so that we guarantee to read any
remaining data from the child if POLLHUP and POLLIN appear at the same time.

Signed-off-by: Ewan Mellor <ewan@xensource.com>
author emellor@ewan
date Thu Oct 06 10:13:11 2005 +0100 (2005-10-06)
parents 06d84bf87159
children cc1d77bba4b0
line source
1 ##
2 # install.txt <description to the xen access control architecture>
3 #
4 # Author:
5 # Reiner Sailer 08/15/2005 <sailer@watson.ibm.com>
6 #
7 #
8 # This file shows how to activate and install the access control
9 # framework.
10 ##
13 INSTALLING A SECURITY POLICY IN XEN
14 ===================================
16 By default, the access control architecture is disabled in Xen. To
17 enable the access control architecture in Xen follow the steps below.
18 This description assumes that you want to install the Chinese Wall and
19 Simple Type Enforcement policy. Some file names need to be replaced
20 below to activate the Chinese Wall OR the Type Enforcement policy
21 exclusively (chwall_ste --> {chwall, ste}).
23 1. enable access control in Xen
24 # cd "xen_root"
25 # edit/xemacs/vi Config.mk
27 change the line:
28 ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY
30 to:
31 ACM_USE_SECURITY_POLICY ?= ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY
33 # make all
34 # ./install.sh
36 2. compile the policy from xml to a binary format that can be loaded
37 into the hypervisor for enforcement
38 # cd tools/security
39 # make
41 manual steps (alternative to make boot_install):
42 #./secpol_xml2bin chwall_ste
43 #cp policies/chwall_ste/chwall_ste.bin /boot
44 #edit /boot/grub/grub.conf
45 add the follwoing line to your xen boot entry:
46 "module chwall_ste.bin"
48 alternatively, you can try our automatic translation and
49 installation of the policy:
50 # make boot_install
52 [we try hard to do the right thing to the right boot entry but
53 please verify boot entry in /boot/grub/grub.conf afterwards;
54 your xen boot entry should have an additional module line
55 specifying a chwall_ste.bin file with the correct directory
56 (e.g. "/" or "/boot").]
59 3. reboot into the newly compiled hypervisor
61 after boot
62 #xm dmesg should show an entry about the policy being loaded
63 during the boot process
65 #tools/security/secpol_tool getpolicy
66 should print the new chwall_ste binary policy representation