[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on running system



This is a revised version of the previously posted patch that adds
functionality to allow a policy to be updated on a running system and
domains to be relabeled. The updating of a policy is happening in
several steps: relabeling the domains, testing whether the system would
be in a valid state after the relabeling, committing the changes if
state is determined to be valid.

To avoid a domain from being created while the policy is updated, the
read-lock to the ACM policy must be held during all operations that
evaluate against the current policy. In this patch I implement a
function pair acm_rlock_policy()/acm_runlock_policy() that grab the
read-lock in do_domctl() only when the operation is
XEN_DOMCTL_createdomain. The operations are void if ACM is not compiled
into Xen. The 2nd part of the patch restructures the code so that the
pair of locking functions need not take the operation as parameter
anymore.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xen_acm_policy_update.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.