I'm not clear why the getssid() needs to be introduced. Isn't the
problem better solved by introducing new object
managers? With the getssid(), the code must know about the
specific policy, making the policy less amenable to adjustment as
problems are discovered. Wouldn't it be better for the
domains to provide object managers? This would allow the STE
policy to
make statements about those new objects. The code can be policy
neutral by strictly following the decisions of the security
server. Wouldn't this make it easier to revoke policies and
update them without having to change the code and patch?
Dave
On 8/18/05, Reiner Sailer <sailer@us.ibm.com> wrote:
This patch:
* adds a C-based security policy translation
tool to Xen (secpol_xml2bin) and removes the current Java
security policy translator (Java dependencies).
The C-based tool integrates into the Xen source tree build
and install (using gnome libxml2 for
XML parsing). See install.txt.
* introduces security labels and related
tools. Users can now use semantic-rich label names to put security-tags
on domains. See example.txt, policy.txt.
* moves the security configuration (currently
ACM_USE_SECURITY_POLICY) from xen/Rules.mk
into a separate top-level Security.mk
file (it is needed by the tools/security and xen/acm).
Both xen/acm and tools/security are
built during the Xen build process only if ACM_USE_SECURITY_POLICY
is not ACM_NULL_POLICY (which is the
default setting).
Comments welcome!
Note: We are currently preparing a patch
that introduces a new ACM command (getssid) to retrieve the security types
of a running domain. This command is
enables domain-internal enforcement functions based on the ACM security
policy.
Thanks
Reiner
Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>
Signed-off by Ray Valdez <rvaldez@us.ibm.com>
_______________________________________________
Xense-devel mailing list
Xense-devel@lists.xensource.com
http://lists.xensource.com/xense-devel