[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: Xen-devel Digest, Vol 1, Issue 18


Hi,

you are looking at the code for the "extremely draft" policy tool.

The numbers you are seeing are used to compile the
example policy for Chinese Wall and Simple Type Enforcement.

The get.opts will try to read ssidref from the domain configuration
and sets it to a default if there is no such definition. The "5" in
the get.opts will change to a global default "no-ssid" for legacy
domains that are unaware of the security. You can ignore this one
for now.

In the near future, the policy tool will read policy configuration files
and compile the binary policy from there.

** More about the ssidref will follow in the readme I will post today. **

Greetings
Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sailer@xxxxxxxxxx  
http://www.research.ibm.com/people/s/sailer/


xen-devel-request@xxxxxxxxxxxxxxxxxxx
Sent by: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

03/31/2005 03:51 PM

Please respond to
xen-devel
To
xen-devel@xxxxxxxxxxxxxxxxxxx
cc
Subject
Xen-devel Digest, Vol 1, Issue 18






Message: 6
Date: Thu, 31 Mar 2005 18:36:46 +0100
From: David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [patches] shype for xen / patches
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Message-ID: <424C352E.5010604@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Reiner Sailer wrote:
> Comments/feedback related to these patches are very welcome.

+++ xeno-unstable.bk/tools/policy/policy_tool.c                 2005-03-29 ...
+int acm_domain_set_chwallpolicy(void *bufstart, int buflen) {
+#define CWALL_MAX_SSIDREFS                       5
+#define CWALL_MAX_TYPES                                    10
+#define CWALL_MAX_CONFLICTSETS                                  2

+int acm_domain_set_stepolicy(void *bufstart, int buflen) {
+#define STE_MAX_SSIDREFS                       5
+#define STE_MAX_TYPES                   5

+++ xeno-unstable.bk/tools/python/xen/lowlevel/xc/xc.c                 2005-03-29 ...
+    u32                                   ssidref=5;

+++ xeno-unstable.bk/tools/python/xen/xm/create.py                 2005-03-29 ...
+gopts.var('ssidref', val='SSIDREF',
+          fn=set_int, default=05,
+          use="Security Identifier.")

What are all these magic numbers (5, 10, etc.)?

--
David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx>




End of Xen-devel Digest, Vol 1, Issue 18
****************************************
 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.