WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] protecting xen startup

from [Luke Kenneth Casson Leighton] [Permanent Link][Original]
To: Mike Wray <mike.wray@xxxxxxxxxx>
Subject: Re: [Xen-devel] protecting xen startup
From: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date: Tue, 23 Nov 2004 21:03:19 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 23 Nov 2004 20:53:55 +0000
Envelope-to: xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to: <41A37C60.7000507@xxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <20041123170546.GB6250@xxxxxxxx> <41A37C60.7000507@xxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.5.1+cvs20040105i 
On Tue, Nov 23, 2004 at 06:07:28PM +0000, Mike Wray wrote:

> You should be able to use selinux rules to specify what gets to talk to 
> xend at port 8000. You'd need to enable LSM and selinux in the domain-0 
> kernel, but
> otherwise all you should need to do is configure selinux appropriately.

 yes it does: i was however thinking along the lines of creating
 selinux security IDs, one for each type of xen command (create,
 list, shutdown, start, stop etc.)

 and then writing an selinux policy granting xm the right to
 perform those commands.

 ... if the xm and xend programs cannot be merged for some reason,
 there isn't any point in taking that approach.

 l.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] domain0 initrd vs grub, Ian Pratt
Next by Date:  Re: [Xen-devel] double or triple access to ext2, ext3 or other partitions, Luke Kenneth Casson Leighton
Previous by Thread:  Re: [Xen-devel] protecting xen startup, Mike Wray
Next by Thread:  Re: [Xen-devel] protecting xen startup, Mark Williamson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy