[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel][FLASK][PATCH] sample flask policy
- The patch includes a policy for xen that can be booted into enforcing mode and supports creation and management of paravirtualized guests. The policy follows the dom0/domU usage model, extension to other models or the addition of management or IO permissions should be much more straightforward now. The option flask_enforcing=1 can be passed on the xen line in grub to boot into enforcing mode. - The policy provides a basic policy for booting the platform and creating a domU with the label system_u:object_r:domU_t. The policy can be easily extended to support new types by modifying the xen.te source file. - The policy includes some basic macros which may be helpful in extending the policy. - The policy is compatible with and requires the most recent XSM patch, xsm-flask-io-sysctl-hooks-090308.diff. - The policy is not built as part of the make all as it requires the SELinux policy compiler which may/may not be installed on all systems. Users must go into the tools/flask/policy directory and explicitly compile the policy. Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx> Attachment:
flask-policy-090308.diff _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |