This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [SPAM] [PATCH] tools/flask/policy: Updates to policy and pol

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [SPAM] [PATCH] tools/flask/policy: Updates to policy and policy build infrastructure
From: "David P. Quigley" <dpquigl@xxxxxxxxxxxxx>
Date: Thu, 20 Aug 2009 15:02:03 -0400
Delivery-date: Thu, 20 Aug 2009 12:03:29 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Low
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: National Security Agency
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
The original xen policy infrastructure was based off of an early version of
refpolicy. Because of this there was a lot of cruft that does not apply
to building a policy for xen. This patch does several things. First it
cleans up the makefile as to remove many unnecessary build targets. Second
it fixes an issue that the policy build process wasn't handling interface
files properly. Third it pulls in the MLS suppport functions from current
ref policy and makes use of them. Finally it updates the xen policy with
new rules to address changes in xen since the policy was last worked on, 
and provides several new abstractions for creating domains.

 tools/flask/policy/Makefile                       |  245 ++++++++--------
 tools/flask/policy/Rules.modular                  |  166 -----------
 tools/flask/policy/Rules.monolithic               |  196 -------------
 tools/flask/policy/policy/mcs                     |  324 ---------------------
 tools/flask/policy/policy/mls                     |  325 +---------------------
 tools/flask/policy/policy/modules.conf            |   12 
 tools/flask/policy/policy/modules/xen/xen.if      |   61 ++++
 tools/flask/policy/policy/modules/xen/xen.te      |   76 +----
 tools/flask/policy/policy/support/misc_macros.spt |   42 ++
 tools/flask/policy/policy/support/mls_macros.spt  |   55 +++
 tools/flask/policy/policy/systemuser              |   19 -
 tools/flask/policy/policy/users                   |   36 --

Signed-off-by: David P. Quigley <dpquigl@xxxxxxxxxxxxx>

Attachment: xen-policy.diff
Description: Text Data

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>