- The patch includes a policy for xen that can be booted into enforcing mode and supports creation and management of paravirtualized guests. The policy follows the dom0/domU usage model, extension to other models or the addition of management or IO permissions should be much more straightforward now. The option flask_enforcing=1 can be passed on the xen line in grub to boot into enforcing mode. - The policy provides a basic policy for booting the platform and creating a domU with the label system_u:object_r:domU_t. The policy can be easily extended to support new types by modifying the xen.te source file. - The policy includes some basic macros which may be helpful in extending the policy. - The policy is compatible with and requires the most recent XSM patch, xsm-flask-io-sysctl-hooks-090308.diff. - The policy is not built as part of the make all as it requires the SELinux policy compiler which may/may not be installed on all systems. Users must go into the tools/flask/policy directory and explicitly compile the policy. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel