WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xense-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xense-devel] Labeling resources

from [David Palmer] [Permanent Link][Original]
To: Reiner Sailer <sailer@xxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xense-devel] Labeling resources
From: David Palmer <dwpalmer.xense@xxxxxxxxx>
Date: Thu, 1 Sep 2005 20:09:19 -0700
Delivery-date: Fri, 02 Sep 2005 03:07:38 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=NWZtc8RTA3WqptY//1l+5WlU9sydWNMK/ypTVhc5GPchDA/n4Vtv8rSNGqp3vlMQ1/mWMSdOZmalHQ/dIRPob5Dd0uGb36Yd4+2HAIaCFAy3g1HUZc8UvzO3cnVDeGEFvPdIZNt9UmRhXl0xX5pvK+uOJNkqZzzM1u214pxR/qA=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Reiner,

Thanks for taking the time to reply to my questions.  I'm very curious about where you're going with ACM and want to contribute code if I can get the powers that be to cooperate.

I spent a little time reviewing the chwall_ste policy to understand where you are headed. 

I was initially thrown off by the use of ste_PersonalFinances with multiple domains.  This included dom_HomeBanking, dom_Network, and dom_LogicalDiskPartition1.  This allows dom_Network to directly access dom_LogicalDiskPartition1 and vise versa.  Expect that this was not intended.  To be specific about the allowed interactions, I replaced the ste_PersonalFinances type with ste_PersonalFincancesNetwork and ste_PersonalFinancesPartition.  I did the same with ste_InternetInsecure.  This ensures that dom_Network and dom_StorageDomain never directly talk to each other.

I did this to help see what would happen with resources as this relates to the limitations I'm encountering trying to use sHype .  There is still some abiguity with a few of the labels, but I'm more concerned about the following questions.

How does the hypervisor know that these labels actually identify a specific hardware device?  I expect that the hypervisor wouldn't want to know anything more than the IRQ and address ranges for each device.  How do you intend to handle the association so that the ACM can make access decisions when resources are allocated to domains?

The other issue has to do with the res_LogicalDiskPartition1 and 2.  Clearly this is not a resource the hypervisor knows anything about and is the responsiblity of dom_StorageDomain.  I expect that dom_StorageDomain will make calls into the hypervisor for the ACM to make access decisions.  There needs to be some way for dom_Storage domain to identify a resource label with the physical resource.   Doesn't this need to be explicit in the label template?  What plans do you have for handling this?  For example, the entry for the dom_Storage label could list the resources that are available from that domain with a <Resource> tag.  Within the <Resource> entry. there could be an <id> tag providing a numerical identifier that the dom_StorageDomain interprets to be a partition number. 

Thanks,
Dave

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: [Xense-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains, Reiner Sailer
Next by Date:  [Xen-devel] [PATCH] ACM: adding get_ssid command and cleanup, Reiner Sailer
Previous by Thread:  [Xen-devel] Re: [Xense-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains, Reiner Sailer
Next by Thread:  Re: [Xense-devel] Labeling resources, Reiner Sailer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy