This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [Xense-devel][RFC][PATCH][1/4] Xen Security Modules: XSM
From: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Date: Fri, 01 Sep 2006 12:58:27 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 01 Sep 2006 09:57:55 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
The attached patch implements the Xen Security Modules (XSM) framework.
This patch should apply cleanly to changeset 9694:d82a4c4d04d4 Xen

The framework is configured as default-enable in this patch set.
Configuration of XSM is made in Config.mk.  The only configuration
option is XSM_ENABLE = y/n.  XSM_ENABLE must be y to compile an XSM

XSM provides a generalized hook infrastructure allowing third-party
security modules to interpose on the Xen code path.  A default or dummy
module provides basic call/return functionality for hooks not
implemented by a given module.  During module initialization, a module
registers its security hooks and the equivalent dummy hooks are
unregistered.  If a module does not implement a hook, the equivalent
dummy hook remains in place.  Modules also may define and register at
boot time a module specific hypercall through the XSM hook

Modules may also define at Xen compile time a magic number XSM_MAGIC to
indicate that a policy should be discovered from the images loaded at
boot.  The policy file should then be listed in grub as one of the
multi-boot modules after the dom0 kernel.

Attachment: xsm-xen-3.0.2-3.diff
Description: Text Data

Xen-devel mailing list