|
|
|
|
|
|
|
|
|
|
xen-devel
[Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on runni
This is a revised version of the previously posted patch that adds
functionality to allow a policy to be updated on a running system and
domains to be relabeled. The updating of a policy is happening in
several steps: relabeling the domains, testing whether the system would
be in a valid state after the relabeling, committing the changes if
state is determined to be valid.
To avoid a domain from being created while the policy is updated, the
read-lock to the ACM policy must be held during all operations that
evaluate against the current policy. In this patch I implement a
function pair acm_rlock_policy()/acm_runlock_policy() that grab the
read-lock in do_domctl() only when the operation is
XEN_DOMCTL_createdomain. The operations are void if ACM is not compiled
into Xen. The 2nd part of the patch restructures the code so that the
pair of locking functions need not take the operation as parameter
anymore.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
xen_acm_policy_update.diff
Description: Text Data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on running system,
Stefan Berger <=
|
|
|
|
|