[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] protecting xen startup



On Tue, Nov 23, 2004 at 06:07:28PM +0000, Mike Wray wrote:

> You should be able to use selinux rules to specify what gets to talk to 
> xend at port 8000. You'd need to enable LSM and selinux in the domain-0 
> kernel, but
> otherwise all you should need to do is configure selinux appropriately.

 yes it does: i was however thinking along the lines of creating
 selinux security IDs, one for each type of xen command (create,
 list, shutdown, start, stop etc.)

 and then writing an selinux policy granting xm the right to
 perform those commands.

 ... if the xm and xend programs cannot be merged for some reason,
 there isn't any point in taking that approach.

 l.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.