From: aq <aquynh@gmail.com>
To: Reiner Sailer <sailer@watson.ibm.com>
Cc: leendert@us.ibm.com, ronpz@us.ibm.com, rvaldez@us.ibm.com,
sailer@us.ibm.com, xen-devel@lists.xensource.com,
xense-devel@lists.xensource.com, stefanb@us.ibm.com,
steven.hand@cl.cam.ac.uk
Subject: Re: [PATCH] sHype access control architecture for Xen
Date: Tue, 21 Jun 2005 14:47:59 +0900 [thread overview]
Message-ID: <9cde8bff05062022475468b1c9@mail.gmail.com> (raw)
In-Reply-To: <1119288179.17919.31.camel@secureip.watson.ibm.com>
On 6/21/05, Reiner Sailer <sailer@watson.ibm.com> wrote:
> This E-mail contains the sHype access control architecture
> for inclusion into the Xen hypervisor (xeno-unstable.bk).
> This is a follow-up on earlier postings:
> http://lists.xensource.com/archives/html/xen-devel/2005-04/msg00864.html
>
> The *_xen.diff patch includes the core sHype access control
> architecture. Default is the NULL-policy.
>
> The *_tools.diff patch includes the necessary additions to the
> tools directory:
> a) adding support for an additional VM configuration paramter
> b) adding basic policy management support into tools/policy
>
> The default setting is the NULL policy. After patching in the diff-
> files, you should see no change in behavior. Please refer to the
> attached shype4xen_readme.txt file for instructions on how to
> activate and experiment with sHype.
>
> While we have added support for saving and restoring security
> information when saving and restoring domains, the architecture
> currently supports save/restore only on the same hypervisor system
> running the same sHype policy. Future versions will include more
> flexible support for save/restore/migration.
>
> Our group will submit a java-based policy translation tool for sHype to
> this mailing list today as well. This tool takes as input an XML-based
> descriptions of user-defined sHype policies and translates them into a
> binary policy format that can be loaded into sHype.
any plan to write the tool in other language, not Java? i guess not
many people (include me) are willing to install Java on their system.
since python is used in xen, i think it is a good candidate.
i will play with the code and give some feedbacks.
regards,
aq
next prev parent reply other threads:[~2005-06-21 5:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-20 17:22 [PATCH] sHype access control architecture for Xen Reiner Sailer
2005-06-21 5:47 ` aq [this message]
2005-06-21 6:26 ` Tupshin Harper
2005-06-21 7:35 ` aq
2005-06-21 10:56 ` Tupshin Harper
2005-06-21 11:26 ` Mark Williamson
2005-06-21 12:11 ` Grzegorz Milos
2005-06-21 13:49 ` Ray Valdez
2005-06-21 14:48 ` aq
2005-06-21 12:32 ` Scott Parish
2005-06-21 13:25 ` Alvin Starr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9cde8bff05062022475468b1c9@mail.gmail.com \
--to=aquynh@gmail.com \
--cc=leendert@us.ibm.com \
--cc=ronpz@us.ibm.com \
--cc=rvaldez@us.ibm.com \
--cc=sailer@us.ibm.com \
--cc=sailer@watson.ibm.com \
--cc=stefanb@us.ibm.com \
--cc=steven.hand@cl.cam.ac.uk \
--cc=xen-devel@lists.xensource.com \
--cc=xense-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.