[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 01/19] libxl: introduce XSM relabel on build
On Fri, 2012-11-16 at 18:28 +0000, Daniel De Graaf wrote: > Allow a domain to be built under one security label and run using a > different label. This can be used to prevent the domain builder or > control domain from having the ability to access a guest domain's memory > via map_foreign_range except during the build process where this is > required. > > Note: this does not provide complete protection from a malicious dom0; > mappings created during the build process may persist after the relabel, > and could be used to indirectly access the guest's memory. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> > Cc: Ian Campbell <ian.campbell@xxxxxxxxxx> > --- > tools/libxc/xc_flask.c | 10 ++++++++++ > tools/libxc/xenctrl.h | 1 + > tools/libxl/libxl_create.c | 4 ++++ > tools/libxl/libxl_types.idl | 1 + > tools/libxl/xl_cmdimpl.c | 20 +++++++++++++++++++- docs/man... please > diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl > index 7eac4a8..93524f0 100644 > --- a/tools/libxl/libxl_types.idl > +++ b/tools/libxl/libxl_types.idl > @@ -268,6 +268,7 @@ libxl_domain_build_info = Struct("domain_build_info",[ > ("video_memkb", MemKB), > ("shadow_memkb", MemKB), > ("rtc_timeoffset", uint32), > + ("exec_ssidref", uint32), What is the significance of the "exec_" bit of the name? > ("localtime", libxl_defbool), > ("disable_migrate", libxl_defbool), > ("cpuid", libxl_cpuid_policy_list), Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |