Xen project Mailing List

[Xen-devel] [PATCH 8/8] xl.pod.1: improve documentation of FLASK commands

To: xen-devel@xxxxxxxxxxxxxxxxxxx, Keir Fraser <keir@xxxxxxx>

From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Date: Tue, 13 Dec 2011 15:38:57 -0500

Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Tue, 13 Dec 2011 20:39:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> --- docs/man/xl.pod.1 | 38 ++++++++++++++++++++++---------------- 1 files changed, 22 insertions(+), 16 deletions(-) diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1 index 5a39ae5..72196ee 100644 --- a/docs/man/xl.pod.1 +++ b/docs/man/xl.pod.1 @@ -197,10 +197,6 @@ I<filename> specified, without pausing the domain. The dump file will be written to a distribution specific directory for dump files. Such as: /var/lib/xen/dump or /var/xen/dump. -=item B<getenforce> - -Returns the current enforcing mode of the Flask Xen security module. - =item B<help> [I<--long>] Displays the short help message (i.e. common commands). @@ -303,10 +299,6 @@ less utilized than a high CPU workload. Consider yourself warned. =back -=item B<loadpolicy> I<policyfile> - -Loads a new policy int the Flask Xen security module. - =item B<mem-max> I<domain-id> I<mem> Specify the maximum amount of memory the domain is able to use, appending 't' @@ -397,10 +389,6 @@ Enable debug messages. =back -=item B<setenforce> I<1|0|Enforcing|Permissive> - -Sets the current enforcing mode of the Flask Xen security module - =item B<save> [I<OPTIONS>] I<domain-id> I<CheckpointFile> [I<ConfigFile>] Saves a running domain to a state file so that it can be restored @@ -997,6 +985,28 @@ Get information about how much freeable memory (MB) is in-use by tmem. =back +=head2 FLASK + +=over 4 + +=item B<getenforce> + +Determine if the FLASK security module is loaded and enforcing its policy. + +=item B<setenforce> I<1|0|Enforcing|Permissive> + +Enable or disable enforcing of the FLASK access controls. The default is +permissive and can be changed using the flask_enforcing option on the +hypervisor's command line. + +=item B<loadpolicy> I<policy-file> + +Load FLASK policy from the given policy file. The initial policy is provided to +the hypervisor as a multiboot module; this command allows runtime updates to the +policy. Loading new security policy will reset runtime changes to device labels. + +=back + =head1 TO BE DOCUMENTED We need better documentation for: @@ -1007,10 +1017,6 @@ We need better documentation for: Trascendent Memory. -=item B<Flask> - -Xen Flask security module. - =back =head1 SEE ALSO -- 1.7.7.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.