|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] some problems about addlabel
Hello,I am a student, and did only know little about xen. These days I was learning something about ACM module. When I do a experiment,I come across a problem. In the experiment, I have three security labels A-Bank, B-Bank and __UNLABELED__.At first, I only create an unlabeled domianU, so it have the default security label——__UNLABELED__. Then I want to add A-Bank to it, but at that time I have the error "VM's access to block device 'file:/home/qiu/...'denied" . Later,I found the domainU that labeled with A-Bank cannot access the resources labeled with __UNLABELED__, because the domainU labeled with A-Bank only have a A-Bank type of STE, so when I relabeled the domainU to A-Bank, the hypervisor find that if the aciton success, the domainU cannot access the resources (these labeled by __UNLABELED__)that it can before, so it denied such operations. Now,I want to know that if I want to success relabeling the unlabeled domainU to A-Bank, should I add a STE type ——__UNLABELED__, to the STE type of the A-Bank workload. If so, the domainU labeled with A-Bank can access any resources labeled with __UNLABELED__, and I don't think that was security. what do you think about the question? Thank you! 网易邮箱用户购物独享现金返还 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |