This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] protecting xen startup

To: Mike Wray <mike.wray@xxxxxxxxxx>
Subject: Re: [Xen-devel] protecting xen startup
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Tue, 23 Nov 2004 21:03:19 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 20:53:55 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <41A37C60.7000507@xxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123170546.GB6250@xxxxxxxx> <41A37C60.7000507@xxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/
On Tue, Nov 23, 2004 at 06:07:28PM +0000, Mike Wray wrote:

> You should be able to use selinux rules to specify what gets to talk to 
> xend at port 8000. You'd need to enable LSM and selinux in the domain-0 
> kernel, but
> otherwise all you should need to do is configure selinux appropriately.

 yes it does: i was however thinking along the lines of creating
 selinux security IDs, one for each type of xen command (create,
 list, shutdown, start, stop etc.)

 and then writing an selinux policy granting xm the right to
 perform those commands.

 ... if the xm and xend programs cannot be merged for some reason,
 there isn't any point in taking that approach.


SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>