[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] docs: xl.pod.1: introduction to FLASK

# HG changeset patch
# User Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
# Date 1326211986 0
# Node ID 3a79842d4845f55214042edc4885519258fdb335
# Parent  ef99b8571a6fe4e53fb9df4da2833f8f5a5b4ec7
docs: xl.pod.1: introduction to FLASK

Add a simple introduction to FLASK to the xl man page, at the beginning
of the FLASK chapter. Link to the xsm-flask.txt document.
Currently FLASK, TMEM and PCI PASS-THROUGH are defined as =head2 so they
look like sub-chapters of VIRTUAL DEVICE COMMANDS. Make them =head1.

Based on a text written by Daniel De Graaf.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

diff -r ef99b8571a6f -r 3a79842d4845 docs/man/xl.pod.1
--- a/docs/man/xl.pod.1 Thu Jan 05 19:40:40 2012 +0100
+++ b/docs/man/xl.pod.1 Tue Jan 10 16:13:06 2012 +0000
@@ -906,7 +906,7 @@
 =over 4
@@ -929,7 +929,7 @@
-=head2 TMEM
+=head1 TMEM
 =over 4
@@ -995,7 +995,20 @@
-=head2 FLASK
+=head1 FLASK
+B<FLASK> is a security framework that defines a mandatory access control policy
+providing fine-grained controls over Xen domains, allowing the policy writer
+to define what interactions between domains, devices, and the hypervisor are
+permitted. Some example of what you can do using XSM/FLASK:
+ - Prevent two domains from communicating via event channels or grants
+ - Control which domains can use device passthrough (and which devices)
+ - Restrict or audit operations performed by privileged domains
+ - Prevent a privileged domain from arbitrarily mapping pages from other
+   domains.
+You can find more details on how to use FLASK and an example security
+policy here: L<http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt>
 =over 4
@@ -1039,6 +1052,7 @@
 =head1 BUGS

Xen-changelog mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.