Xen project Mailing List

[Xen-changelog] [xen-unstable] docs: xl.pod.1: introduction to FLASK

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Thu, 19 Jan 2012 21:55:15 +0000

Delivery-date: Thu, 19 Jan 2012 21:55:22 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> # Date 1326211986 0 # Node ID 3a79842d4845f55214042edc4885519258fdb335 # Parent ef99b8571a6fe4e53fb9df4da2833f8f5a5b4ec7 docs: xl.pod.1: introduction to FLASK Add a simple introduction to FLASK to the xl man page, at the beginning of the FLASK chapter. Link to the xsm-flask.txt document. Currently FLASK, TMEM and PCI PASS-THROUGH are defined as =head2 so they look like sub-chapters of VIRTUAL DEVICE COMMANDS. Make them =head1. Based on a text written by Daniel De Graaf. Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- diff -r ef99b8571a6f -r 3a79842d4845 docs/man/xl.pod.1 --- a/docs/man/xl.pod.1 Thu Jan 05 19:40:40 2012 +0100 +++ b/docs/man/xl.pod.1 Tue Jan 10 16:13:06 2012 +0000 @@ -906,7 +906,7 @@ =back -=head2 PCI PASS-THROUGH +=head1 PCI PASS-THROUGH =over 4 @@ -929,7 +929,7 @@ =back -=head2 TMEM +=head1 TMEM =over 4 @@ -995,7 +995,20 @@ =back -=head2 FLASK +=head1 FLASK + +B<FLASK> is a security framework that defines a mandatory access control policy +providing fine-grained controls over Xen domains, allowing the policy writer +to define what interactions between domains, devices, and the hypervisor are +permitted. Some example of what you can do using XSM/FLASK: + - Prevent two domains from communicating via event channels or grants + - Control which domains can use device passthrough (and which devices) + - Restrict or audit operations performed by privileged domains + - Prevent a privileged domain from arbitrarily mapping pages from other + domains. + +You can find more details on how to use FLASK and an example security +policy here: L<http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt> =over 4 @@ -1039,6 +1052,7 @@ L<http://xenbits.xen.org/docs/unstable/misc/xl-network-configuration.html> L<http://xenbits.xen.org/docs/unstable/misc/xl-disk-configuration.txt> +L<http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt> =head1 BUGS _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.