XSM permissions error - Githubissues

GaloisInc / HaLVM

The Haskell Lightweight Virtual Machine (HaLVM): GHC running on Xen

BSD 3-Clause "New" or "Revised" License

1.05k stars 88 forks source link

XSM permissions error #47

Open izgzhen opened 9 years ago

izgzhen commented 9 years ago

The information is like below, a lot other can run, but not this.

sudo xl create DomainInfo.config -c
Parsing config from DomainInfo.config
XSM Disabled: seclabel not supported
Daemon running with PID 2339
libxl: error: libxl_dom.c:35:libxl__domain_type: unable to get domain type for domid=3
Unable to attach console
libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: console child [0] exited with error status 1

thumphries commented 9 years ago

Looks like this example is crashing with an XSM permissions error. Running this with Xen debugging enabled, it looks like an EINVAL exception gets thrown and crashes the domain before XL can attach.

(XEN) grant_table.c:1249:d3 Expanding dom (3) grant table from (4) to (32) frames.
(d3) I am dom3
(d3) HaLVM: EINVAL
(d3) Exit called with 1

thumphries commented 9 years ago

OK, XSM/FLASK seems to have changed a lot over the last few versions of Xen. Someone who knows how it works needs to write a new rule for this example. See the last line of DomainInfo.config.

The function causing the permissions error is Hypervisor.DomainInfo.domainInfo, which requires the calling domain to be privileged.