HaLVM icon indicating copy to clipboard operation
HaLVM copied to clipboard

Published 20 hours ago verified publisher icon GaloisInc

XSM permissions error

Open izgzhen opened this issue 10 years ago • 2 comments

The information is like below, a lot other can run, but not this.

sudo xl create DomainInfo.config -c
Parsing config from DomainInfo.config
XSM Disabled: seclabel not supported
Daemon running with PID 2339
libxl: error: libxl_dom.c:35:libxl__domain_type: unable to get domain type for domid=3
Unable to attach console
libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: console child [0] exited with error status 1

izgzhen avatar May 02 '15 00:05 izgzhen

Looks like this example is crashing with an XSM permissions error. Running this with Xen debugging enabled, it looks like an EINVAL exception gets thrown and crashes the domain before XL can attach.

(XEN) grant_table.c:1249:d3 Expanding dom (3) grant table from (4) to (32) frames.
(d3) I am dom3
(d3) HaLVM: EINVAL
(d3) Exit called with 1

thumphries avatar May 02 '15 01:05 thumphries

OK, XSM/FLASK seems to have changed a lot over the last few versions of Xen. Someone who knows how it works needs to write a new rule for this example. See the last line of DomainInfo.config.

The function causing the permissions error is Hypervisor.DomainInfo.domainInfo, which requires the calling domain to be privileged.

thumphries avatar May 02 '15 02:05 thumphries