* Protect Xen Virtualization via SElinux. [not found] <785947670.864078.1466342123305.JavaMail.yahoo.ref@mail.yahoo.com> @ 2016-06-19 13:15 ` Jason Long 2016-06-20 12:44 ` Stephen Smalley 0 siblings, 1 reply; 8+ messages in thread From: Jason Long @ 2016-06-19 13:15 UTC (permalink / raw) To: selinux@tycho.nsa.gov Hello. How can I protect my Xen VM via SElinux? Can you show me some useful examples? Thnak you. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-19 13:15 ` Protect Xen Virtualization via SElinux Jason Long @ 2016-06-20 12:44 ` Stephen Smalley 2016-06-20 15:06 ` Jason Long 0 siblings, 1 reply; 8+ messages in thread From: Stephen Smalley @ 2016-06-20 12:44 UTC (permalink / raw) To: Jason Long, selinux@tycho.nsa.gov On 06/19/2016 09:15 AM, Jason Long wrote: > Hello. > How can I protect my Xen VM via SElinux? Can you show me some useful examples? I'm not entirely sure what you are asking, but possible answers: 1. If you want to apply SELinux-like controls over Xen virtual machines (domains), then you can use Xen Security Modules and the Flask security module (commonly abbreviated XSM/Flask) to define and enforce a policy over the hypervisor objects and operations. 2. If you want to use SELinux to harden the Xen domain-0 or specific domUs, you can just enable it in those domains and configure your policy accordingly. If you want a worked example of applying both XSM/Flask and SELinux, have a look at OpenXT, http://openxt.org/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-20 12:44 ` Stephen Smalley @ 2016-06-20 15:06 ` Jason Long 2016-06-20 15:15 ` Stephen Smalley 0 siblings, 1 reply; 8+ messages in thread From: Jason Long @ 2016-06-20 15:06 UTC (permalink / raw) To: Stephen Smalley, selinux@tycho.nsa.gov Can you show me some examples for both ? On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: On 06/19/2016 09:15 AM, Jason Long wrote: > Hello. > How can I protect my Xen VM via SElinux? Can you show me some useful examples? I'm not entirely sure what you are asking, but possible answers: 1. If you want to apply SELinux-like controls over Xen virtual machines (domains), then you can use Xen Security Modules and the Flask security module (commonly abbreviated XSM/Flask) to define and enforce a policy over the hypervisor objects and operations. 2. If you want to use SELinux to harden the Xen domain-0 or specific domUs, you can just enable it in those domains and configure your policy accordingly. If you want a worked example of applying both XSM/Flask and SELinux, have a look at OpenXT, http://openxt.org/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-20 15:06 ` Jason Long @ 2016-06-20 15:15 ` Stephen Smalley 2016-06-21 9:26 ` Jason Long 0 siblings, 1 reply; 8+ messages in thread From: Stephen Smalley @ 2016-06-20 15:15 UTC (permalink / raw) To: Jason Long, selinux@tycho.nsa.gov On 06/20/2016 11:06 AM, Jason Long wrote: > Can you show me some examples for both ? I already pointed you to OpenXT; it is a worked example of both. > On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 06/19/2016 09:15 AM, Jason Long wrote: > >> Hello. >> How can I protect my Xen VM via SElinux? Can you show me some useful examples? > > I'm not entirely sure what you are asking, but possible answers: > > 1. If you want to apply SELinux-like controls over Xen virtual machines > (domains), then you can use Xen Security Modules and the Flask security > module (commonly abbreviated XSM/Flask) to define and enforce a policy > over the hypervisor objects and operations. > > 2. If you want to use SELinux to harden the Xen domain-0 or specific > domUs, you can just enable it in those domains and configure your policy > accordingly. > > If you want a worked example of applying both XSM/Flask and SELinux, > have a look at OpenXT, > http://openxt.org/ > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-20 15:15 ` Stephen Smalley @ 2016-06-21 9:26 ` Jason Long 2016-06-21 9:57 ` Patrick K., ITF 0 siblings, 1 reply; 8+ messages in thread From: Jason Long @ 2016-06-21 9:26 UTC (permalink / raw) To: Stephen Smalley, selinux@tycho.nsa.gov I can't find any example :( Can you show me some urls? On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: On 06/20/2016 11:06 AM, Jason Long wrote: > Can you show me some examples for both ? I already pointed you to OpenXT; it is a worked example of both. > On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 06/19/2016 09:15 AM, Jason Long wrote: > >> Hello. >> How can I protect my Xen VM via SElinux? Can you show me some useful examples? > > I'm not entirely sure what you are asking, but possible answers: > > 1. If you want to apply SELinux-like controls over Xen virtual machines > (domains), then you can use Xen Security Modules and the Flask security > module (commonly abbreviated XSM/Flask) to define and enforce a policy > over the hypervisor objects and operations. > > 2. If you want to use SELinux to harden the Xen domain-0 or specific > domUs, you can just enable it in those domains and configure your policy > accordingly. > > If you want a worked example of applying both XSM/Flask and SELinux, > have a look at OpenXT, > http://openxt.org/ > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-21 9:26 ` Jason Long @ 2016-06-21 9:57 ` Patrick K., ITF 2016-06-21 10:45 ` Jason Long 0 siblings, 1 reply; 8+ messages in thread From: Patrick K., ITF @ 2016-06-21 9:57 UTC (permalink / raw) To: Jason Long, Stephen Smalley, selinux@tycho.nsa.gov [-- Attachment #1: Type: text/plain, Size: 1826 bytes --] Jason, The files are on Github here: https://github.com/OpenXT/openxt and here: *https://github.com/OpenXT/* Best Regards, -- Patrick -- On 6/21/2016 5:26 AM, Jason Long wrote: > I can't find any example :( Can you show me some urls? > > > > On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 06/20/2016 11:06 AM, Jason Long wrote: >> Can you show me some examples for both ? > I already pointed you to OpenXT; it is a worked example of both. > > >> On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> On 06/19/2016 09:15 AM, Jason Long wrote: >> >>> Hello. >>> How can I protect my Xen VM via SElinux? Can you show me some useful examples? >> I'm not entirely sure what you are asking, but possible answers: >> >> 1. If you want to apply SELinux-like controls over Xen virtual machines >> (domains), then you can use Xen Security Modules and the Flask security >> module (commonly abbreviated XSM/Flask) to define and enforce a policy >> over the hypervisor objects and operations. >> >> 2. If you want to use SELinux to harden the Xen domain-0 or specific >> domUs, you can just enable it in those domains and configure your policy >> accordingly. >> >> If you want a worked example of applying both XSM/Flask and SELinux, >> have a look at OpenXT, >> http://openxt.org/ >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. [-- Attachment #2: Type: text/html, Size: 3597 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-21 9:57 ` Patrick K., ITF @ 2016-06-21 10:45 ` Jason Long 2016-06-21 10:52 ` Patrick K., ITF 0 siblings, 1 reply; 8+ messages in thread From: Jason Long @ 2016-06-21 10:45 UTC (permalink / raw) To: Patrick K., ITF, Stephen Smalley, selinux@tycho.nsa.gov [-- Attachment #1: Type: text/plain, Size: 1954 bytes --] No, I mean is how to drive it. On Tuesday, June 21, 2016 2:28 PM, "Patrick K., ITF" <cto@itechfrontiers.com> wrote: Jason, The files are on Github here: https://github.com/OpenXT/openxt and here: https://github.com/OpenXT/ Best Regards, -- Patrick -- On 6/21/2016 5:26 AM, Jason Long wrote: I can't find any example :( Can you show me some urls? On Monday, June 20, 2016 7:45 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: On 06/20/2016 11:06 AM, Jason Long wrote: Can you show me some examples for both ? I already pointed you to OpenXT; it is a worked example of both. On Monday, June 20, 2016 5:13 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: On 06/19/2016 09:15 AM, Jason Long wrote: Hello. How can I protect my Xen VM via SElinux? Can you show me some useful examples? I'm not entirely sure what you are asking, but possible answers: 1. If you want to apply SELinux-like controls over Xen virtual machines (domains), then you can use Xen Security Modules and the Flask security module (commonly abbreviated XSM/Flask) to define and enforce a policy over the hypervisor objects and operations. 2. If you want to use SELinux to harden the Xen domain-0 or specific domUs, you can just enable it in those domains and configure your policy accordingly. If you want a worked example of applying both XSM/Flask and SELinux, have a look at OpenXT, http://openxt.org/ _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. [-- Attachment #2: Type: text/html, Size: 5209 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Protect Xen Virtualization via SElinux. 2016-06-21 10:45 ` Jason Long @ 2016-06-21 10:52 ` Patrick K., ITF 0 siblings, 0 replies; 8+ messages in thread From: Patrick K., ITF @ 2016-06-21 10:52 UTC (permalink / raw) To: Jason Long, Stephen Smalley, selinux@tycho.nsa.gov [-- Attachment #1: Type: text/plain, Size: 2518 bytes --] Jason, Please read it here: https://openxt.atlassian.net/wiki/pages/viewpage.action?pageId=10747915 https://openxt.atlassian.net/wiki/display/OD/Getting+Started Best Regards, -- Patrick -- On 6/21/2016 6:45 AM, Jason Long wrote: > No, I mean is how to drive it. > > > On Tuesday, June 21, 2016 2:28 PM, "Patrick K., ITF" > <cto@itechfrontiers.com> wrote: > > > Jason, > > The files are on Github here: https://github.com/OpenXT/openxt > and here: *https://github.com/OpenXT/* > Best Regards, > -- > Patrick > -- > On 6/21/2016 5:26 AM, Jason Long wrote: >> I can't find any example :( Can you show me some urls? >> >> >> >> On Monday, June 20, 2016 7:45 PM, Stephen Smalley<sds@tycho.nsa.gov> <mailto:sds@tycho.nsa.gov> wrote: >> On 06/20/2016 11:06 AM, Jason Long wrote: >>> Can you show me some examples for both ? >> I already pointed you to OpenXT; it is a worked example of both. >> >> >>> On Monday, June 20, 2016 5:13 PM, Stephen Smalley<sds@tycho.nsa.gov> <mailto:sds@tycho.nsa.gov> wrote: >>> On 06/19/2016 09:15 AM, Jason Long wrote: >>> >>>> Hello. >>>> How can I protect my Xen VM via SElinux? Can you show me some useful examples? >>> I'm not entirely sure what you are asking, but possible answers: >>> >>> 1. If you want to apply SELinux-like controls over Xen virtual machines >>> (domains), then you can use Xen Security Modules and the Flask security >>> module (commonly abbreviated XSM/Flask) to define and enforce a policy >>> over the hypervisor objects and operations. >>> >>> 2. If you want to use SELinux to harden the Xen domain-0 or specific >>> domUs, you can just enable it in those domains and configure your policy >>> accordingly. >>> >>> If you want a worked example of applying both XSM/Flask and SELinux, >>> have a look at OpenXT, >>> http://openxt.org/ >>> _______________________________________________ >>> Selinux mailing list >>> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov> >>> To unsubscribe, send email toSelinux-leave@tycho.nsa.gov <mailto:Selinux-leave@tycho.nsa.gov>. >>> To get help, send an email containing "help" toSelinux-request@tycho.nsa.gov <mailto:Selinux-request@tycho.nsa.gov>. >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov> >> To unsubscribe, send email toSelinux-leave@tycho.nsa.gov <mailto:Selinux-leave@tycho.nsa.gov>. >> To get help, send an email containing "help" toSelinux-request@tycho.nsa.gov <mailto:Selinux-request@tycho.nsa.gov>. > > > [-- Attachment #2: Type: text/html, Size: 7789 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-06-21 10:52 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <785947670.864078.1466342123305.JavaMail.yahoo.ref@mail.yahoo.com>
2016-06-19 13:15 ` Protect Xen Virtualization via SElinux Jason Long
2016-06-20 12:44 ` Stephen Smalley
2016-06-20 15:06 ` Jason Long
2016-06-20 15:15 ` Stephen Smalley
2016-06-21 9:26 ` Jason Long
2016-06-21 9:57 ` Patrick K., ITF
2016-06-21 10:45 ` Jason Long
2016-06-21 10:52 ` Patrick K., ITF
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.