[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub




George,

  is XSM/Flask known to work with a domU with an attached VIF? I find that this patch here seems necessary, but want to confirm...

diff -r 782599274bf9 tools/python/xen/util/xsm/flask/flask.py
--- a/tools/python/xen/util/xsm/flask/flask.py                 Tue Sep 30 10:14:54 2008 +0100
+++ b/tools/python/xen/util/xsm/flask/flask.py                 Mon Oct 06 12:10:31 2008 -0400
@@ -35,7 +35,10 @@
    return ssidref

def set_security_label(policy, label):
-    return label
+    if label:
+        return label
+    else:
+        return ""

def ssidref2security_label(ssidref):
    label = ssidref2label(ssidref)

Is the default policy you have provided allowing a DomU in the cases with a VIF or without a VIF to start?

Also, is the following line from the VM configuration file correct to start a VM while the default policy is enforced?

access_control=['policy=,label=system_u:object_r:domU_t']

Thanks.
   Stefan



xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 09/12/2008 04:48:58 PM:

> "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>

> Sent by: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>

> 09/12/2008 04:48 PM
>
> To

>
> xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>

>
> cc

>
> Subject

>
> [Xen-devel][XSM][Patch] Minor XSM tools patch to dummy module -
> implement missing stub

>
>
> - This minor patch implements the missing stub function
> security_label_to_details in the dummy module.  This stub function is
> necessary to create domains with network interfaces for modules that do not
> implement the security_label_to_details function.
>
> Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
>
> [attachment "xsm-tools-dummy-update-091208.diff" deleted by Stefan
> Berger/Watson/IBM] _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
>
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.