[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on



Hi Anshul

Your email subject line seems to be incomplete.

Wei.

On Tue, Jul 19, 2016 at 08:33:01AM +0100, Anshul Makkar wrote:
> Signed-off-by: Anshul Makkar <anshul.makkar@xxxxxxxxxx>
> ---
>  docs/misc/xsm-flask.txt | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
> index 62f15dd..bf8bb6e 100644
> --- a/docs/misc/xsm-flask.txt
> +++ b/docs/misc/xsm-flask.txt
> @@ -9,8 +9,8 @@ controls over Xen domains, allowing the policy writer to 
> define what
>  interactions between domains, devices, and the hypervisor are permitted.
>  
>  Some examples of what FLASK can do:
> - - Prevent two domains from communicating via event channels or grants
> - - Control which domains can use device passthrough (and which devices)
> + - Prevent two domains types from communicating via event channels or grants
> + - Control which type of domains can use device passthrough (and which 
> devices)
>   - Restrict or audit operations performed by privileged domains
>   - Prevent a privileged domain from arbitrarily mapping pages from other 
> domains
>  
> @@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy".
>  The example policy included with Xen demonstrates most of the features of 
> FLASK
>  that can be used without dom0 disaggregation. The main types for domUs are:
>  
> - - domU_t is a domain that can communicate with any other domU_t
> + - domU_t is a domain type that can communicate with any other domU_t types.
>   - isolated_domU_t can only communicate with dom0
>   - prot_domU_t is a domain type whose creation can be disabled with a boolean
> - - nomigrate_t is a domain that must be created via the nomigrate_t_building
> + - nomigrate_t is a domain type that must be created via the 
> nomigrate_t_building
>     type, and whose memory cannot be read by dom0 once created
>  
>  HVM domains with stubdomain device models also need a type for the stub 
> domain.
> -- 
> 1.9.1
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> https://lists.xen.org/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.