WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] [xend / libxen] Add support for labeling of virtual

from [Stefan Berger] [Permanent Link][Original]
To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] [xend / libxen] Add support for labeling of virtual network interfaces
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Thu, 19 Jul 2007 11:57:28 -0400
Cc: Keir Fraser <keir@xxxxxxxxxxxxx>, sailer@xxxxxxxxxx
Delivery-date: Thu, 19 Jul 2007 08:50:07 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
This patch adds labeling of virtual network interfaces to xend and makes
this manageable through the Xen-API.  It's a feature that is only usable
if ACM is enabled in Xen and xend is used through the xen-api.
A labeled virtual network interface will be plugged into a bridge where
other domains with the same-labeled network interface are connected to,
so that only same-colored domains can communicate with each other. The
bridge should be connected to the outside world using VLAN for
isolation, extending the isolation beyond the local machine.
If a virtual machine is labeled with a VM label that only has one Simple
Type Enforcement Type then it is not necessary to label the virtual
network interface, but the color of the network interface is determined
from the VM's label. If, however, a virtual machine is labeled with a VM
label that has multiple Simple Type Enforcement Types, then the explicit
labeling of each virtual network interface is required.
To specify the label of a network interface, the vif line in the VM's
configuration file has been extended with parameters similar use for
specifying the label of the VM:

vif = ['policy=<policy name>,label=<resource label>']

This labels the VIF of the virtual machine for usage under the policy
'policy name' and labels it with the label 'resource label'.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xend-xspolicy-xapi-viflabeling.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] [xend / libxen] Add support for labeling of virtual network interfaces, Stefan Berger <=
Previous by Date:  Re: [Xen-devel] [PATCH] xen frontend driver module autoloading, Jeremy Fitzhardinge
Next by Date:  Re: [Xen-devel] Xen 3.1 - Can't run Fedora Core 1 PV, Nick Craig-Wood
Previous by Thread:  [Xen-devel] [PATCH] Give back memory to dom0 after a failed balloon attempt, john . levon
Next by Thread:  [Xen-devel] PATCH: Enable QEMU booting of blktap disks, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy