From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: About XSM and svirt.
Date: Wed, 24 Jul 2013 09:55:03 -0400
Message-ID: <51EFDCB7.4040909@tycho.nsa.gov>
References: <CAJ4UyV0TYGfVCLdXSa1ZmPb9j_hiQ2FnsjmEb=eNcRSUV8PG3w@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAJ4UyV0TYGfVCLdXSa1ZmPb9j_hiQ2FnsjmEb=eNcRSUV8PG3w@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: cooldharma06 <cooldharma06@gmail.com>
Cc: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 07/24/2013 05:35 AM, cooldharma06 wrote:
> Hi all,
>
> xsm policy which is used for controlling the hypercall(communication)
> between vm's.
>
> and i also i find that there is 'svirt' which is used for isolating vm's.
> I want to know that is svirt will work in xen.??  because i find svirt is
> for KVM.
>
> Anybody clear me these things.
>
>
> Regards,
> cooldharma06.
>

The XSM policy in 4.3 has a type for isolating VMs called isolated_domU_t
which prevents a domain from directly communicating with other domains.
However, indirect communication in Xen can be done using Xenstore, so
a pair of cooperating VMs can still communicate. This may or may not be an
issue for you, depending on what you want from svirt.

-- 
Daniel De Graaf
National Security Agency