Re: [Xen-devel] [PATCH 12/16] SUPPORT.md: Add Security-releated features

[Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>]

On Mon, Nov 13, 2017 at 03:41:22PM +0000, George Dunlap wrote:
> With the exception of driver domains, which depend on PCI passthrough,
> and will be introduced later.
> 
> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
> ---
> CC: Ian Jackson <ian.jackson@xxxxxxxxxx>
> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> CC: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> CC: Jan Beulich <jbeulich@xxxxxxxx>
> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> CC: Konrad Wilk <konrad.wilk@xxxxxxxxxx>

Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
[the livepatching part]

> CC: Tim Deegan <tim@xxxxxxx>
> CC: Tamas K Lengyel <tamas.lengyel@xxxxxxxxxxxx>
> CC: Rich Persaud <persaur@xxxxxxxxx>
> ---
>  SUPPORT.md | 34 ++++++++++++++++++++++++++++++++++
>  1 file changed, 34 insertions(+)
> 
> diff --git a/SUPPORT.md b/SUPPORT.md
> index 722a29fec5..0f7426593e 100644
> --- a/SUPPORT.md
> +++ b/SUPPORT.md
> @@ -421,6 +421,40 @@ there is currently no xl support.
>  
>      Status: Supported
>  
> +## Security
> +
> +### Device Model Stub Domains
> +
> +    Status: Supported
> +
> +### KCONFIG Expert
> +
> +    Status: Experimental
> +
> +### Live Patching
> +
> +    Status, x86: Supported
> +    Status, ARM: Experimental
> +
> +Compile time disabled for ARM
> +
> +### Virtual Machine Introspection
> +
> +    Status, x86: Supported, not security supported
> +
> +### XSM & FLASK
> +
> +    Status: Experimental
> +
> +Compile time disabled
> +
> +### FLASK default policy
> +
> +    Status: Experimental
> +    
> +The default policy includes FLASK labels and roles for a "typical" Xen-based 
> system
> +with dom0, driver domains, stub domains, domUs, and so on.
> +
>  ## Virtual Hardware, Hypervisor
>  
>  ### x86/Nested PV
> -- 
> 2.15.0
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel