|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] protecting xen startup
On Tue, Nov 23, 2004 at 06:07:28PM +0000, Mike Wray wrote: > You should be able to use selinux rules to specify what gets to talk to > xend at port 8000. You'd need to enable LSM and selinux in the domain-0 > kernel, but > otherwise all you should need to do is configure selinux appropriately. yes it does: i was however thinking along the lines of creating selinux security IDs, one for each type of xen command (create, list, shutdown, start, stop etc.) and then writing an selinux policy granting xm the right to perform those commands. ... if the xm and xend programs cannot be merged for some reason, there isn't any point in taking that approach. l. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |