WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH 0/8] Domain Groups: Introduction

from [Keir Fraser] [Permanent Link][Original]
To: Chris <hap10@xxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH 0/8] Domain Groups: Introduction
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Thu, 22 Feb 2007 21:01:40 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Delivery-date: Thu, 22 Feb 2007 13:00:54 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <45DDFF88.4050203@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcdWxKXi5IbMl8K3Edu04gAWy6hiGQ==
Thread-topic: [Xen-devel] [PATCH 0/8] Domain Groups: Introduction
User-agent: Microsoft-Entourage/11.3.3.061214 
On 22/2/07 20:39, "Chris" <hap10@xxxxxxxxxxxxxx> wrote:

> One of our future developments will be VMM access control frameworks
> like XSM that have the ability to specify access control policy for
> groups of domains instead of just on individual domains.  For us, this
> greatly simplifies both policy development and analysis.

There's nothing preventing you from individually and separately applying
group rules to all domains of a group. There's no reason that a single rule
at the policy-language level cannot correspond to multiple rules within the
hypervisor. From this point of view Domain Groups are potentially an
optimisation that may be worthwhile if observed usage of XSM indicates that
creating extra rules inside Xen is measurably costly in time or space.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: Improving hvm IO performance by using self IO emulator (YA io-emu?), tgingold
Next by Date:  Re: [Xen-devel] Live migration fails under heavy network use, John Levon
Previous by Thread:  Re: [Xen-devel] [PATCH 0/8] Domain Groups: Introduction, Chris
Next by Thread:  [Xen-devel] [PATCH 1/8] [xm] Domain Groups: xm group commands, Chris
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy