[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Mon, 6 Oct 2008 12:21:01 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 06 Oct 2008 09:21:45 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

George,

is XSM/Flask known to work with a domU with an attached VIF? I find that this patch here seems necessary, but want to confirm...

diff -r 782599274bf9 tools/python/xen/util/xsm/flask/flask.py --- a/tools/python/xen/util/xsm/flask/flask.py Tue Sep 30 10:14:54 2008 +0100 +++ b/tools/python/xen/util/xsm/flask/flask.py Mon Oct 06 12:10:31 2008 -0400 @@ -35,7 +35,10 @@ return ssidref def set_security_label(policy, label): - return label + if label: + return label + else: + return "" def ssidref2security_label(ssidref): label = ssidref2label(ssidref)
Is the default policy you have provided allowing a DomU in the cases with a VIF or without a VIF to start?

Also, is the following line from the VM configuration file correct to start a VM while the default policy is enforced?

access_control=['policy=,label=system_u:object_r:domU_t']

Thanks.
Stefan

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/12/2008 04:48:58 PM: > "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
> Sent by: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx >
> 09/12/2008 04:48 PM
> > To
> > xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
> > cc
> > Subject
> > [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module - > implement missing stub
> > > - This minor patch implements the missing stub function > security_label_to_details in the dummy module. This stub function is > necessary to create domains with network interfaces for modules that do not > implement the security_label_to_details function. > > Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx> > > [attachment "xsm-tools-dummy-update-091208.diff" deleted by Stefan > Berger/Watson/IBM] _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxxxxxxxx >http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub
  - From: George S. Coker, II

Prev by Date: [Xen-devel] [PATCH] qemu-xen: Fix open_disk for blktap disks
Next by Date: [Xen-devel] live migration can fail due to XENMEM_maximum_gpfn
Previous by thread: [Xen-devel] [PATCH] qemu-xen: Fix open_disk for blktap disks
Next by thread: Re: [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.