[Xen-changelog] [xen master] SUPPORT.md: Add Security-releated features

[patchbot@xxxxxxx]

commit 6a14f082c46250977c926cee56dd2f1ba6cf72ae
Author:     George Dunlap <george.dunlap@xxxxxxxxxx>
AuthorDate: Wed Nov 22 19:19:03 2017 +0000
Commit:     George Dunlap <george.dunlap@xxxxxxxxxx>
CommitDate: Mon Nov 27 16:48:43 2017 +0000

    SUPPORT.md: Add Security-releated features
    
    With the exception of driver domains, which depend on PCI passthrough,
    and will be introduced later.
    
    Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
    Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
 SUPPORT.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/SUPPORT.md b/SUPPORT.md
index 09cd9c3..d748fff 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -448,6 +448,46 @@ but has no xl support.
 
     Status: Supported
 
+## Security
+
+### Device Model Stub Domains
+
+    Status: Supported
+
+### KCONFIG Expert
+
+    Status: Experimental
+
+### Live Patching
+
+    Status, x86: Supported
+    Status, ARM: Experimental
+
+Compile time disabled for ARM by default.
+
+### Virtual Machine Introspection
+
+    Status, x86: Supported, not security supported
+
+### XSM & FLASK
+
+    Status: Experimental
+
+Compile time disabled by default.
+
+Also note that using XSM
+to delegate various domain control hypercalls
+to particular other domains, rather than only permitting use by dom0,
+is also specifically excluded from security support for many hypercalls.
+Please see XSA-77 for more details.
+
+### FLASK default policy
+
+    Status: Experimental
+
+The default policy includes FLASK labels and roles for a "typical" Xen-based 
system
+with dom0, driver domains, stub domains, domUs, and so on.
+
 ## Virtual Hardware, Hypervisor
 
 ### x86/Nested PV
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog