|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains
This patch: * adds a C-based security policy translation tool to Xen (secpol_xml2bin) and removes the current Java security policy translator (Java dependencies). The C-based tool integrates into the Xen source tree build and install (using gnome libxml2 for XML parsing). See install.txt. * introduces security labels and related tools. Users can now use semantic-rich label names to put security-tags on domains. See example.txt, policy.txt. * moves the security configuration (currently ACM_USE_SECURITY_POLICY) from xen/Rules.mk into a separate top-level Security.mk file (it is needed by the tools/security and xen/acm). Both xen/acm and tools/security are built during the Xen build process only if ACM_USE_SECURITY_POLICY is not ACM_NULL_POLICY (which is the default setting). Comments welcome! Note: We are currently preparing a patch that introduces a new ACM command (getssid) to retrieve the security types of a running domain. This command is enables domain-internal enforcement functions based on the ACM security policy. Thanks Reiner Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx> Signed-off by Stefan Berger <stefanb@xxxxxxxxxx> Signed-off by Ray Valdez <rvaldez@xxxxxxxxxx> Attachment:
secpol_xml2bin.diff _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |