WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] ACM: adding C-support for policy translation and lab

from [Reiner Sailer] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains
From: Reiner Sailer <sailer@xxxxxxxxxx>
Date: Thu, 18 Aug 2005 17:02:33 -0400
Cc: Stefan Berger <stefanb@xxxxxxxxxx>, Ray Valdez <rvaldez@xxxxxxxxxx>, Steven Hand <Steven.Hand@xxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 19 Aug 2005 08:31:56 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Sensitivity:

This patch:

* adds a C-based security policy translation tool to Xen (secpol_xml2bin) and removes the current Java
security policy translator (Java dependencies).  The C-based tool integrates into the Xen source tree build
and install (using gnome libxml2 for XML parsing). See install.txt.

* introduces security labels and related tools. Users can now use semantic-rich label names to put security-tags
on domains. See example.txt, policy.txt.

* moves the security configuration (currently ACM_USE_SECURITY_POLICY) from xen/Rules.mk
into a separate top-level Security.mk file  (it is needed by the tools/security and xen/acm).

Both xen/acm and tools/security are built during the Xen build process only if ACM_USE_SECURITY_POLICY
is not ACM_NULL_POLICY (which is the default setting).

Comments welcome!

Note: We are currently preparing a patch that introduces a new ACM command (getssid) to retrieve the security types
of a running domain. This command is enables domain-internal enforcement functions based on the ACM security policy.

Thanks
Reiner

Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off by Stefan Berger <stefanb@xxxxxxxxxx>
Signed-off by Ray Valdez <rvaldez@xxxxxxxxxx>

Attachment: secpol_xml2bin.diff
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Status of sedf?, Andy Lee
Next by Date:  [Xen-devel] Yet another Xen performance monitoring tool, Rob Gardner
Previous by Thread:  [Xen-devel] xen microbenchmarks ...., Himanshu Raj
Next by Thread:  Re: [Xense-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains, David Palmer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy