[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XEN : XSM policy and want some clarification for understanding.


i searched for enabling "libvchan" library. And to achieve the communication between domU's. 
i am unable to find the proper guide or document for this.

can u send me the guide or document for this.


On Fri, Aug 2, 2013 at 7:08 PM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
On 08/02/2013 07:30 AM, cooldharma06 wrote:

i am trying to create new policy between dom's.

By the XSM Flask document

-domU_t is a domain that can communicate with any other domU_t
- isolated_domU_t can only communicate with dom0

i analysed the policy..

by -domain_self_comms(domU_t)
      - domain_comms(dom0_t, isolated_domU_t)

above things are achieved.

From dom0 by making hypercall we call check that policy is working.
but from domU how we can check this..?

Do you mean just checking if XSM is enabled? The XSM hypercall to get
enforcing mode will also work from domUs, if you really need to check
it directly. But most of the time, a domU will only need to notice
when it tries to do something not allowed by the policy.

Ideally the only domains that would care if XSM was enabled or not
would be toolstack domains that need to do things like set labels,
or domains that enforce their own security policy using XSM labels.

And also "how i can find that communication between these doms are

Is there any tool or userspace program is available for that.??

One easy way to test this is to use the libvchan client to communicate
between domains that are allowed (domU_t to domU_t) and then notice
that it gives an error when used between domU_t and isolated_domU_t.

Clarify me because i cant able to move further by this one.


Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.