|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] [xend / libxen] Add support for labeling of virtual network interfaces
This patch adds labeling of virtual network interfaces to xend and makes this manageable through the Xen-API. It's a feature that is only usable if ACM is enabled in Xen and xend is used through the xen-api. A labeled virtual network interface will be plugged into a bridge where other domains with the same-labeled network interface are connected to, so that only same-colored domains can communicate with each other. The bridge should be connected to the outside world using VLAN for isolation, extending the isolation beyond the local machine. If a virtual machine is labeled with a VM label that only has one Simple Type Enforcement Type then it is not necessary to label the virtual network interface, but the color of the network interface is determined from the VM's label. If, however, a virtual machine is labeled with a VM label that has multiple Simple Type Enforcement Types, then the explicit labeling of each virtual network interface is required. To specify the label of a network interface, the vif line in the VM's configuration file has been extended with parameters similar use for specifying the label of the VM: vif = ['policy=<policy name>,label=<resource label>'] This labels the VIF of the virtual machine for usage under the policy 'policy name' and labels it with the label 'resource label'. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> Attachment:
xend-xspolicy-xapi-viflabeling.diff _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |