 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] Re: Xen-devel Digest, Vol 1, Issue 18
| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] Re: Xen-devel Digest, Vol 1, Issue 18 |
| From: | Reiner Sailer <sailer@xxxxxxxxxx> |
| Date: | Thu, 31 Mar 2005 16:07:07 -0500 |
| Delivery-date: | Thu, 31 Mar 2005 21:07:18 +0000 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <E1DH3t3-0002M4-FE@host-192-168-0-1-bcn-london> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
|
Hi, you are looking at the code for the "extremely draft" policy tool. The numbers you are seeing are used to compile the example policy for Chinese Wall and Simple Type Enforcement. The get.opts will try to read ssidref from the domain configuration and sets it to a default if there is no such definition. The "5" in the get.opts will change to a global default "no-ssid" for legacy domains that are unaware of the security. You can ignore this one for now. In the near future, the policy tool will read policy configuration files and compile the binary policy from there. ** More about the ssidref will follow in the readme I will post today. ** Greetings Reiner __________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@xxxxxxxxxx http://www.research.ibm.com/people/s/sailer/
Message: 6 Date: Thu, 31 Mar 2005 18:36:46 +0100 From: David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx> Subject: Re: [Xen-devel] [patches] shype for xen / patches To: xen-devel@xxxxxxxxxxxxxxxxxxx Message-ID: <424C352E.5010604@xxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Reiner Sailer wrote: > Comments/feedback related to these patches are very welcome. +++ xeno-unstable.bk/tools/policy/policy_tool.c 2005-03-29 ... +int acm_domain_set_chwallpolicy(void *bufstart, int buflen) { +#define CWALL_MAX_SSIDREFS 5 +#define CWALL_MAX_TYPES 10 +#define CWALL_MAX_CONFLICTSETS 2 +int acm_domain_set_stepolicy(void *bufstart, int buflen) { +#define STE_MAX_SSIDREFS 5 +#define STE_MAX_TYPES 5 +++ xeno-unstable.bk/tools/python/xen/lowlevel/xc/xc.c 2005-03-29 ... + u32 ssidref=5; +++ xeno-unstable.bk/tools/python/xen/xm/create.py 2005-03-29 ... +gopts.var('ssidref', val='SSIDREF', + fn=set_int, default=05, + use="Security Identifier.") What are all these magic numbers (5, 10, etc.)? -- David Hopwood <david.nospam.hopwood@xxxxxxxxxxxxxxxx> End of Xen-devel Digest, Vol 1, Issue 18 **************************************** _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] poor domU VBD performance., Andrew Theurer |
|---|---|
| Next by Date: | Re: [Xen-devel] poor domU VBD performance., Keir Fraser |
| Previous by Thread: | [Xen-devel] Xen summit ?, jean-paul . pigache |
| Next by Thread: | [Xen-devel] [patch] non-SMP build fix, Hollis Blanchard |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
