* Protect Xen Virtualization via SElinux.
[not found] <785947670.864078.1466342123305.JavaMail.yahoo.ref@mail.yahoo.com>
@ 2016-06-19 13:15 ` Jason Long
2016-06-20 12:44 ` Stephen Smalley
0 siblings, 1 reply; 8+ messages in thread
From: Jason Long @ 2016-06-19 13:15 UTC (permalink / raw)
To: selinux@tycho.nsa.gov
Hello.
How can I protect my Xen VM via SElinux? Can you show me some useful examples?
Thnak you.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-19 13:15 ` Protect Xen Virtualization via SElinux Jason Long
@ 2016-06-20 12:44 ` Stephen Smalley
2016-06-20 15:06 ` Jason Long
0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2016-06-20 12:44 UTC (permalink / raw)
To: Jason Long, selinux@tycho.nsa.gov
On 06/19/2016 09:15 AM, Jason Long wrote:
> Hello.
> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
I'm not entirely sure what you are asking, but possible answers:
1. If you want to apply SELinux-like controls over Xen virtual machines
(domains), then you can use Xen Security Modules and the Flask security
module (commonly abbreviated XSM/Flask) to define and enforce a policy
over the hypervisor objects and operations.
2. If you want to use SELinux to harden the Xen domain-0 or specific
domUs, you can just enable it in those domains and configure your policy
accordingly.
If you want a worked example of applying both XSM/Flask and SELinux,
have a look at OpenXT,
http://openxt.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-20 12:44 ` Stephen Smalley
@ 2016-06-20 15:06 ` Jason Long
2016-06-20 15:15 ` Stephen Smalley
0 siblings, 1 reply; 8+ messages in thread
From: Jason Long @ 2016-06-20 15:06 UTC (permalink / raw)
To: Stephen Smalley, selinux@tycho.nsa.gov
Can you show me some examples for both ?
On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
On 06/19/2016 09:15 AM, Jason Long wrote:
> Hello.
> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
I'm not entirely sure what you are asking, but possible answers:
1. If you want to apply SELinux-like controls over Xen virtual machines
(domains), then you can use Xen Security Modules and the Flask security
module (commonly abbreviated XSM/Flask) to define and enforce a policy
over the hypervisor objects and operations.
2. If you want to use SELinux to harden the Xen domain-0 or specific
domUs, you can just enable it in those domains and configure your policy
accordingly.
If you want a worked example of applying both XSM/Flask and SELinux,
have a look at OpenXT,
http://openxt.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-20 15:06 ` Jason Long
@ 2016-06-20 15:15 ` Stephen Smalley
2016-06-21 9:26 ` Jason Long
0 siblings, 1 reply; 8+ messages in thread
From: Stephen Smalley @ 2016-06-20 15:15 UTC (permalink / raw)
To: Jason Long, selinux@tycho.nsa.gov
On 06/20/2016 11:06 AM, Jason Long wrote:
> Can you show me some examples for both ?
I already pointed you to OpenXT; it is a worked example of both.
> On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 06/19/2016 09:15 AM, Jason Long wrote:
>
>> Hello.
>> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
>
> I'm not entirely sure what you are asking, but possible answers:
>
> 1. If you want to apply SELinux-like controls over Xen virtual machines
> (domains), then you can use Xen Security Modules and the Flask security
> module (commonly abbreviated XSM/Flask) to define and enforce a policy
> over the hypervisor objects and operations.
>
> 2. If you want to use SELinux to harden the Xen domain-0 or specific
> domUs, you can just enable it in those domains and configure your policy
> accordingly.
>
> If you want a worked example of applying both XSM/Flask and SELinux,
> have a look at OpenXT,
> http://openxt.org/
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-20 15:15 ` Stephen Smalley
@ 2016-06-21 9:26 ` Jason Long
2016-06-21 9:57 ` Patrick K., ITF
0 siblings, 1 reply; 8+ messages in thread
From: Jason Long @ 2016-06-21 9:26 UTC (permalink / raw)
To: Stephen Smalley, selinux@tycho.nsa.gov
I can't find any example :( Can you show me some urls?
On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
On 06/20/2016 11:06 AM, Jason Long wrote:
> Can you show me some examples for both ?
I already pointed you to OpenXT; it is a worked example of both.
> On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 06/19/2016 09:15 AM, Jason Long wrote:
>
>> Hello.
>> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
>
> I'm not entirely sure what you are asking, but possible answers:
>
> 1. If you want to apply SELinux-like controls over Xen virtual machines
> (domains), then you can use Xen Security Modules and the Flask security
> module (commonly abbreviated XSM/Flask) to define and enforce a policy
> over the hypervisor objects and operations.
>
> 2. If you want to use SELinux to harden the Xen domain-0 or specific
> domUs, you can just enable it in those domains and configure your policy
> accordingly.
>
> If you want a worked example of applying both XSM/Flask and SELinux,
> have a look at OpenXT,
> http://openxt.org/
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-21 9:26 ` Jason Long
@ 2016-06-21 9:57 ` Patrick K., ITF
2016-06-21 10:45 ` Jason Long
0 siblings, 1 reply; 8+ messages in thread
From: Patrick K., ITF @ 2016-06-21 9:57 UTC (permalink / raw)
To: Jason Long, Stephen Smalley, selinux@tycho.nsa.gov
[-- Attachment #1: Type: text/plain, Size: 1826 bytes --]
Jason,
The files are on Github here: https://github.com/OpenXT/openxt
and here: *https://github.com/OpenXT/*
Best Regards,
--
Patrick
--
On 6/21/2016 5:26 AM, Jason Long wrote:
> I can't find any example :( Can you show me some urls?
>
>
>
> On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
> On 06/20/2016 11:06 AM, Jason Long wrote:
>> Can you show me some examples for both ?
> I already pointed you to OpenXT; it is a worked example of both.
>
>
>> On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
>> On 06/19/2016 09:15 AM, Jason Long wrote:
>>
>>> Hello.
>>> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
>> I'm not entirely sure what you are asking, but possible answers:
>>
>> 1. If you want to apply SELinux-like controls over Xen virtual machines
>> (domains), then you can use Xen Security Modules and the Flask security
>> module (commonly abbreviated XSM/Flask) to define and enforce a policy
>> over the hypervisor objects and operations.
>>
>> 2. If you want to use SELinux to harden the Xen domain-0 or specific
>> domUs, you can just enable it in those domains and configure your policy
>> accordingly.
>>
>> If you want a worked example of applying both XSM/Flask and SELinux,
>> have a look at OpenXT,
>> http://openxt.org/
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov
>> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
>> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
[-- Attachment #2: Type: text/html, Size: 3597 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-21 9:57 ` Patrick K., ITF
@ 2016-06-21 10:45 ` Jason Long
2016-06-21 10:52 ` Patrick K., ITF
0 siblings, 1 reply; 8+ messages in thread
From: Jason Long @ 2016-06-21 10:45 UTC (permalink / raw)
To: Patrick K., ITF, Stephen Smalley, selinux@tycho.nsa.gov
[-- Attachment #1: Type: text/plain, Size: 1954 bytes --]
No, I mean is how to drive it.
On Tuesday, June 21, 2016 2:28 PM, "Patrick K., ITF" <cto@itechfrontiers.com> wrote:
Jason,
The files are on Github here: https://github.com/OpenXT/openxt and here: https://github.com/OpenXT/ Best Regards,
--
Patrick
-- On 6/21/2016 5:26 AM, Jason Long wrote:
I can't find any example :( Can you show me some urls?
On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
On 06/20/2016 11:06 AM, Jason Long wrote:
Can you show me some examples for both ?
I already pointed you to OpenXT; it is a worked example of both.
On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote:
On 06/19/2016 09:15 AM, Jason Long wrote:
Hello.
How can I protect my Xen VM via SElinux? Can you show me some useful examples?
I'm not entirely sure what you are asking, but possible answers:
1. If you want to apply SELinux-like controls over Xen virtual machines
(domains), then you can use Xen Security Modules and the Flask security
module (commonly abbreviated XSM/Flask) to define and enforce a policy
over the hypervisor objects and operations.
2. If you want to use SELinux to harden the Xen domain-0 or specific
domUs, you can just enable it in those domains and configure your policy
accordingly.
If you want a worked example of applying both XSM/Flask and SELinux,
have a look at OpenXT,
http://openxt.org/
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
[-- Attachment #2: Type: text/html, Size: 5209 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux.
2016-06-21 10:45 ` Jason Long
@ 2016-06-21 10:52 ` Patrick K., ITF
0 siblings, 0 replies; 8+ messages in thread
From: Patrick K., ITF @ 2016-06-21 10:52 UTC (permalink / raw)
To: Jason Long, Stephen Smalley, selinux@tycho.nsa.gov
[-- Attachment #1: Type: text/plain, Size: 2518 bytes --]
Jason,
Please read it here:
https://openxt.atlassian.net/wiki/pages/viewpage.action?pageId=10747915
https://openxt.atlassian.net/wiki/display/OD/Getting+Started
Best Regards,
--
Patrick
--
On 6/21/2016 6:45 AM, Jason Long wrote:
> No, I mean is how to drive it.
>
>
> On Tuesday, June 21, 2016 2:28 PM, "Patrick K., ITF"
> <cto@itechfrontiers.com> wrote:
>
>
> Jason,
>
> The files are on Github here: https://github.com/OpenXT/openxt
> and here: *https://github.com/OpenXT/*
> Best Regards,
> --
> Patrick
> --
> On 6/21/2016 5:26 AM, Jason Long wrote:
>> I can't find any example :( Can you show me some urls?
>>
>>
>>
>> On Monday, June 20, 2016 7:45 PM, Stephen Smalley<sds@tycho.nsa.gov> <mailto:sds@tycho.nsa.gov> wrote:
>> On 06/20/2016 11:06 AM, Jason Long wrote:
>>> Can you show me some examples for both ?
>> I already pointed you to OpenXT; it is a worked example of both.
>>
>>
>>> On Monday, June 20, 2016 5:13 PM, Stephen Smalley<sds@tycho.nsa.gov> <mailto:sds@tycho.nsa.gov> wrote:
>>> On 06/19/2016 09:15 AM, Jason Long wrote:
>>>
>>>> Hello.
>>>> How can I protect my Xen VM via SElinux? Can you show me some useful examples?
>>> I'm not entirely sure what you are asking, but possible answers:
>>>
>>> 1. If you want to apply SELinux-like controls over Xen virtual machines
>>> (domains), then you can use Xen Security Modules and the Flask security
>>> module (commonly abbreviated XSM/Flask) to define and enforce a policy
>>> over the hypervisor objects and operations.
>>>
>>> 2. If you want to use SELinux to harden the Xen domain-0 or specific
>>> domUs, you can just enable it in those domains and configure your policy
>>> accordingly.
>>>
>>> If you want a worked example of applying both XSM/Flask and SELinux,
>>> have a look at OpenXT,
>>> http://openxt.org/
>>> _______________________________________________
>>> Selinux mailing list
>>> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov>
>>> To unsubscribe, send email toSelinux-leave@tycho.nsa.gov <mailto:Selinux-leave@tycho.nsa.gov>.
>>> To get help, send an email containing "help" toSelinux-request@tycho.nsa.gov <mailto:Selinux-request@tycho.nsa.gov>.
>> _______________________________________________
>> Selinux mailing list
>> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov>
>> To unsubscribe, send email toSelinux-leave@tycho.nsa.gov <mailto:Selinux-leave@tycho.nsa.gov>.
>> To get help, send an email containing "help" toSelinux-request@tycho.nsa.gov <mailto:Selinux-request@tycho.nsa.gov>.
>
>
>
[-- Attachment #2: Type: text/html, Size: 7789 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-06-21 10:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <785947670.864078.1466342123305.JavaMail.yahoo.ref@mail.yahoo.com>
2016-06-19 13:15 ` Protect Xen Virtualization via SElinux Jason Long
2016-06-20 12:44 ` Stephen Smalley
2016-06-20 15:06 ` Jason Long
2016-06-20 15:15 ` Stephen Smalley
2016-06-21 9:26 ` Jason Long
2016-06-21 9:57 ` Patrick K., ITF
2016-06-21 10:45 ` Jason Long
2016-06-21 10:52 ` Patrick K., ITF
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.