|
|
|
|
|
|
|
|
|
|
xen-devel
[Xen-devel][FLASK][PATCH] sample flask policy
- The patch includes a policy for xen that can be booted into enforcing mode
and supports creation and management of paravirtualized guests. The policy
follows the dom0/domU usage model, extension to other models or the addition
of management or IO permissions should be much more straightforward now.
The option flask_enforcing=1 can be passed on the xen line in grub to boot
into enforcing mode.
- The policy provides a basic policy for booting the platform and creating a
domU with the label system_u:object_r:domU_t. The policy can be easily
extended to support new types by modifying the xen.te source file.
- The policy includes some basic macros which may be helpful in extending
the policy.
- The policy is compatible with and requires the most recent XSM patch,
xsm-flask-io-sysctl-hooks-090308.diff.
- The policy is not built as part of the make all as it requires the SELinux
policy compiler which may/may not be installed on all systems. Users must
go into the tools/flask/policy directory and explicitly compile the policy.
Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
flask-policy-090308.diff
Description: Binary data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-devel][FLASK][PATCH] sample flask policy,
George S. Coker, II <=
|
|
|
|
|