INFO for the subsequent Xen access control patches [1-8][ACM]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Reiner Sailer <sailer@us.ibm.com>
To: xen-devel@lists.xensource.com
Cc: sailer@us.ibm.com
Subject: INFO for the subsequent Xen access control patches [1-8][ACM]
Date: Tue, 11 Apr 2006 22:25:06 -0400	[thread overview]
Message-ID: <443C6502.8090001@us.ibm.com> (raw)

The [ACM] patches in the subsequent e-mails enhance / improve the Xen 
access control framework along the lines described in an earlier preview
posting (see message: 
http://lists.xensource.com/archives/html/xen-devel/2006-02/msg00885.html). 
  They provide:

* Labeling support for resume/migration/live-migration by introducing an 
access control parameter (consisting of a policy name and a label name)
into the domain configuration. Policy and label name are valid across
resume / migrate and are checked against the currently enforced policy
at resume or migration time. If they do not match, then resume/migration
fails.

* Integration of the Xen access control framework into Xen management
by moving from shell-based to Python-based tools and by integrating them
into the 'xm' command.

* Simplified policy management by moving from 2 files (policy
definition, label definition) to 1 file containing both policy and label
definitions.

* Introduction of a unique policy name for each policy/label definition.
This name must change if the content of the policy changes. The policy
name is used to ensure that the 'xm' tools and the hypervisor work on
the same policy, i.e., interpret the security information for domains
consistently.

If you would like to explore the new commands and  learn about required
configuration steps, then the new 'Access Control Subcommands' section
of the 'xm' man page is a good place to start.

Comments and suggestions welcome.

Thanks
Reiner

                 reply	other threads:[~2006-04-12  2:25 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=443C6502.8090001@us.ibm.com \
    --to=sailer@us.ibm.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.