A Hands-on Guide to the Art of Virtualization

Changes & Additions

With a technology like Xen, there are inevitable changes that will lead to changes in the text. Here we describe some of the changes that don’t fall under errata, but that you are likely to see in future editions of the book.


This patch gets rid of the xensec_xml2bin binary and replaces with xm setpolicy command


from xm manpage:

setpolicy ACM policy
Makes the given ACM policy available to xend as a xend-managed policy. The policy is compiled and a
mapping (.map) as well as a binary (.bin) version of the policy is created. The policy is loaded and
the system’s bootloader is prepared to boot the system with this policy the next time it is started.

policy is a dot-separated list of names. The last part is the file name pre-fix for the policy XML
file. The preceding name parts are translated into the local path pointing to the policy XML file
relative to the global policy root directory (/etc/xen/acm-security/policies). For example, exam‐
ple.chwall_ste.client_v1 denotes the policy file example/chwall_ste/client_v1-security_policy.xml
relative to the global policy root directory.

Reset the system’s policy to the default state where the DEFAULT policy is loaded and enforced. This
operation may fail if for example guest VMs are running and and one of them uses a different label
than what Domain-0 does. It is best to make sure that no guests are running before issuing this com‐

getpolicy [--dumpxml]
Displays information about the current xend-managed policy, such as name and type of the policy, the
uuid xend has assigned to it on the local system, the version of the XML representation and the sta‐
tus of the policy, such as whether it is currently loaded into Xen or whether the policy is automat‐
ically loaded during system boot. With the –dumpxml option, the XML representation of the policy is

Prints the current security policy state information of Xen.

*Xen network as of Xen 3.2 bridges are ethX devices

On the resources page, we track “Resources Since First Edition”. In some cases we would like to give more of a description and preview into the additions that we anticipate for future editions of the book.


Solaris Xen Section

Oracle VM Section

NetBSD section?
FreeBSD?, Plan9?

DRDB Live Migration section

PV Drivers
*Red Hat
Halsign TurboGate Tools


Chapter 5, pg 314, disk image section, add a note about lomount… not even built by default anymore***

Chapter 4, pg 77, add section on check for VT/AMD-V support. Note enable in bios for Intel.
“Make sure you’re using the latest bios. Even if the option is in your
current bios, it might not be fully implemented.” – xen mailing list

“The kernel has to be compiled with CONFIG_IP_PNP to enable the automatic network settings.

Then IP, Netmask, Gateway, … will set from config-file (as long, there is no extra setting in domU’s /etc/network/interfaces for eth0)

“grep IP_PNP /boot/config-2.6.-xen” shows you if it is set.” – xen mailing list

**check resources since first edition for ideas