|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v7] libxl: introduce XSM relabel on build
On Wed, 2012-12-12 at 20:17 +0000, Daniel De Graaf wrote: > In response to a suggestion from Jan, I am splitting out independent > patches from the larger XSM series that I have been posting. This is > the only patch from that series that touches the toolstack; it is > independent of the rest of the series as the hypervisor component has > already been committed. > > ---------------------8<------------------------------------------------- > > Allow a domain to be built under one security label and run using a > different label. This can be used to prevent the domain builder or > control domain from having the ability to access a guest domain's memory > via map_foreign_range except during the build process where this is > required. > > Example domain configuration snippet: > seclabel='customer_1:vm_r:nomigrate_t' > init_seclabel='customer_1:vm_r:nomigrate_t_building' > > Note: this does not provide complete protection from a malicious dom0; > mappings created during the build process may persist after the relabel, > and could be used to indirectly access the guest's memory. However, if > dom0 correctly unmaps the domain upon building, a the domU is protected > against dom0 becoming malicious in the future. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> > Cc: Ian Campbell <ian.campbell@xxxxxxxxxx> Acked + applied, thanks. I'm in two minds about whether we should add a LIBXL_HAVE_<foo> #define. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |