search for: domu_t

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

...o refactors the ACM toolchain so that a common security API (based on the existing ACM toolchain) is exported to xm and xend. To create a domain with the Flask module, add the following (for example) to a domain''s configuration file access_control = ["policy=,label=system_u:object_r:domU_t"] This will cause a domain to be created with the label "system_u:object_r:domU_t". Flask does not use the policy value in the access_control structure. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing l...

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What are the procedures(syntax and tag...

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

...updating the corresponding policy configuration or the other related table. The end result is that we can get uninterpretable AVC messages like this: # xl dmesg | grep avc (XEN) avc: denied { 0x4000000 } for domid=0 scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain Fix this by updating the flask config and regenerating the headers from it. In the future, this can be further improved by integrating the automatic generation of the headers into the build process as is presently done in SELinux. Signed-off-by: Step...

...aring event channels - dummy XSM module restricts getdomaininfo similar to no-XSM case - formatting/type fixups - partial ioctl compatibility with legacy IOCTL_XENBUS_ALLOC To start xenstored, run: tools/xenstore/init-xenstore-domain stubdom/mini-os-x86_64-xenstore/mini-os 20 system_u:system_r:domU_t This will populate the xenstore domid key /tool/xenstore/domid Other notes: The console for xenstored is not currently set up by init-xenstore-domain. If the hypervisor is compiled with VERBOSE or debug=y, output from xenstored will be visible on the hypervisor serial console (or ring buffer if...