WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-devel

[Top] [All Lists]

Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkb

from [Keir Fraser]

[Permanent Link][Original]

To:	"Bryan D. Payne" <bdpayne@xxxxxxxxxx>
Subject:	Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
From:	Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date:	Mon, 24 Jul 2006 18:28:28 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx, sailer@xxxxxxxxxx
Delivery-date:	Mon, 24 Jul 2006 10:36:15 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<44C4F403.6090601@xxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<44C4F403.6090601@xxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx


On 24 Jul 2006, at 17:23, Bryan D. Payne wrote:

This patch modifies the blkback driver to perform a security check(via an ACM get_decision hypercall) before connecting a vbd to adomain. While the security checks performed in the xm tools areconvenient for the users, the check added here is intended tostrengthen the security guarantees.
Note that the security check in blkback is only enabled whenACM_SECURITY=y in Config.mk.
Signed-off-by: Bryan D. Payne <bdpayne@xxxxxxxxxx>
Signed-off-by: Reiner Sailer <sailer@xxxxxxxxxx>

Wouldn't this be better checked in the tool stack, rather than theparticular block device driver (which is as likely to be blktap asblkback in future -- control tools would provide a point of commoninfrastructure to make this check, regardless of choice of actualbackend driver)?


 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D. Payne Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Keir Fraser <= Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D Payne Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Reiner Sailer Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Keir Fraser Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D Payne Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Steven Hand Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Mike D. Day Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Keir Fraser Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Reiner Sailer Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Mike D. Day Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Keir Fraser

Previous by Date:	Re: [Xen-devel] Fwd: compile error : make: * i386-dm: No such file or directory.*, Wayne Pascoe*
Next by Date:	[Xen-devel] X11 on domU, Julian Davison
Previous by Thread:	[Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D. Payne
Next by Thread:	Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Bryan D Payne
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix