WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on runni

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on running system
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Sat, 21 Apr 2007 19:02:11 -0400
Cc: Keir Fraser <keir@xxxxxxxxxxxxx>
Delivery-date: Sat, 21 Apr 2007 15:20:56 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
This is a revised version of the previously posted patch that adds
functionality to allow a policy to be updated on a running system and
domains to be relabeled. The updating of a policy is happening in
several steps: relabeling the domains, testing whether the system would
be in a valid state after the relabeling, committing the changes if
state is determined to be valid.

To avoid a domain from being created while the policy is updated, the
read-lock to the ACM policy must be held during all operations that
evaluate against the current policy. In this patch I implement a
function pair acm_rlock_policy()/acm_runlock_policy() that grab the
read-lock in do_domctl() only when the operation is
XEN_DOMCTL_createdomain. The operations are void if ACM is not compiled
into Xen. The 2nd part of the patch restructures the code so that the
pair of locking functions need not take the operation as parameter
anymore.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xen_acm_policy_update.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on running system, Stefan Berger <=