WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] Add support for Xen device policies

from [Paul Nuzzi] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] Add support for Xen device policies
From: Paul Nuzzi <pjnuzzi@xxxxxxxxxxxxxx>
Date: Mon, 26 Oct 2009 11:23:23 -0400
Cc: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Delivery-date: Mon, 26 Oct 2009 10:02:46 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Add support for Xen ocontext records to enable device polices.  The
default policy will not be changed and instructions have been added to
enable the new functionality.  Examples on how to use the new policy
language have been added but commented out.  The newest version of
checkpolicy (>= 2.0.20) and libsepol (>= 2.0.39) is needed in order to
compile it.  Devices can be labeled and enforced using the following new
commands; pirqcon, iomemcon, ioportcon and pcidevicecon.  

Signed-off-by : George Coker <gscoker@xxxxxxxxxxxxxx>

Signed-off-by : Paul Nuzzi <pjnuzzi@xxxxxxxxxxxxxx>

---

 docs/misc/xsm-flask.txt                      |   64
++++++++++++++++++++++++
 tools/flask/policy/Makefile                  |   20 ++++++-
 tools/flask/policy/policy/modules/xen/xen.if |   31 +++++++++++
 tools/flask/policy/policy/modules/xen/xen.te |   35 +++++++++++++
 xen/xsm/flask/avc.c                          |    2
 xen/xsm/flask/hooks.c                        |   31 ++++++++---
 xen/xsm/flask/include/avc.h                  |    6 --
 xen/xsm/flask/ss/policydb.c                  |   71
+++++++++++++++++++++++++--
 xen/xsm/flask/ss/policydb.h                  |   23 ++++++--
 xen/xsm/flask/ss/services.c                  |    9 +--
 10 files changed, 263 insertions(+), 29 deletions(-)

Attachment: device_ocontexts.patch
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] Add support for Xen device policies, Paul Nuzzi <=
Previous by Date:  [Xen-devel] [PATCH] Add keymap to vfb config for hvm guests, Jim Fehlig
Next by Date:  [Xen-devel] xen pv and cpuid, Dan Magenheimer
Previous by Thread:  [Xen-devel] [PATCH] Add keymap to vfb config for hvm guests, Jim Fehlig
Next by Thread:  [Xen-devel] xen pv and cpuid, Dan Magenheimer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy