 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] [PATCH] shype for xen / patches version 1.0
| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] [PATCH] shype for xen / patches version 1.0 |
| From: | Reiner Sailer <sailer@xxxxxxxxxx> |
| Date: | Tue, 26 Apr 2005 11:00:15 -0400 |
| Delivery-date: | Tue, 26 Apr 2005 15:00:38 +0000 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| Sensitivity: |
|
Hi all, this is a follow-up on our earlier posting: http://lists.xensource.com/archives/html/xen-devel/2005-03/msg01406.html. Please refer to this posting for background information and links to technical reports describing the architecture. This new sHype patch supports grant tables. I've also worked in comments that I received on the earlier post (e.g., global default ssids). Please note that the default policy under these patches is a "NULL" policy. This means that, even after the patches are applied, there will be *no* change to the user or administrator experience until a security policy is explicitly enabled. The sHype port consists of three patches (tested on the xeno-unstable.bk 04/26/05): 1. shype_4_xeno-unstable.bk_v1.0_xen.diff patch that includes the security enforcement hooks and the access control module 2. shype_4_xeno-unstable.bk_v1.0_sparse.diff kernel patch that adds a /proc/xen/policycmd interface using a new policy hypercall to communicate policies between xen and the policy management tool; 3. shype_4_xeno-unstable.bk_v1.0_tools.diff tools patch that adds support for a new parameter security subject identifier reference (ssidref) in the domain configuration, as well as a v-e-r-y simple policy tool to set binary policies in xen and to retrieve and dump enforced policies from xen (tools/policytool); in a future version, this tool will read user-defined policies and compile them into the binary policies to be downloaded into xen. Please refer to shype_4_xen.readme.gz for more information about installing sHype into the bitkeeper version of xeno-unstable and about experimenting with it. Feedback welcome. Kindest Regards Reiner Signed-off-by: Reiner Sailer ___________________________________________________________ Reiner Sailer, Research Staff Member, Secure Systems Department IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@xxxxxxxxxx http://www.research.ibm.com/people/s/sailer/
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] [BUG] X86-64 dom0 oops if dom0_mem not specified, Jerone Young |
|---|---|
| Next by Date: | Re: [Xen-devel] s/w raid5, Matt Ayres |
| Previous by Thread: | [Xen-devel] [BUG] X86-64 dom0 oops if dom0_mem not specified, Jerone Young |
| Next by Thread: | [Xen-devel] Poor network performance in domU in unstable, Jacob Gorm Hansen |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
