[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 05/11/2007 11:10:08 AM: > On Fri, 2007-05-11 at 14:32 +0100, Derek Murray wrote: > > On 9 May 2007, at 18:04, George S. Coker, II wrote: [...] > Currently the existing ACM module is implemented as a single XSM module > which stacks (internally) the Chinese Wall and Simple Type Enforcement > functionality. (This is the preferred approach for stacking.) ACM-XSM > is one module with the flexibility to enforce STE and/or CW policy. > > The existing ACM was designed to be complementary to Xen's IS_PRIV(). > Moving IS_PRIV() to the default/dummy XSM module does not alter this > relationship as the hooks used by ACM are orthogonal to the IS_PRIV() > hooks. On init of the XSM (because ACM-XSM does not define replacements > for these IS_PRIV() hooks), the hooks from the dummy/default module are > integrated (or "shimmed") in to the ACM-XSM module. So I think XSM can If ACM-XSM does not define replacements for the IS_PRIV() hooks, how are you going to integrate them into ACM-XSM? If so, based on what information from the current ACM policy would ACM-XSM enforce the IS_PRIV() check? What if ACM is not active, what enforces IS_PRIV() then? Stefan > do what you and Keir are suggesting. > > > Thanks for your input on this, and if I can be of any more help, > > please let me know. > > > > Regards, > > > > Derek Murray. > -- > George S. Coker, II <gscoker@xxxxxxxxxxxxxx> 443-479-6944 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |