search for: domu_t

Displaying 6 results from an estimated 6 matches for "domu_t".

Did you mean: domu_i
2008 Sep 12
3
[XSM][Patch] Minor XSM tools patch to dummy module - implement missing stub
- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list
2006 Dec 20
0
[Xense-devel] [PATCH] [3/4] Flask XSM tools
...o refactors the ACM toolchain so that a common security API (based on the existing ACM toolchain) is exported to xm and xend. To create a domain with the Flask module, add the following (for example) to a domain''s configuration file access_control = ["policy=,label=system_u:object_r:domU_t"] This will cause a domain to be created with the label "system_u:object_r:domU_t". Flask does not use the policy value in the access_control structure. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing l...
2013 Aug 06
1
LIbvirt seclabel.
hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What are the procedures(syntax and tag...
2012 Jan 31
26
[PATCH 00/10] FLASK updates: MSI interrupts, cleanups
This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:
2011 Feb 07
0
[xen-unstable test] 5665: regressions - FAIL
...updating the corresponding policy configuration or the other related table. The end result is that we can get uninterpretable AVC messages like this: # xl dmesg | grep avc (XEN) avc: denied { 0x4000000 } for domid=0 scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain Fix this by updating the flask config and regenerating the headers from it. In the future, this can be further improved by integrating the automatic generation of the headers into the build process as is presently done in SELinux. Signed-off-by: Step...
2012 Jan 25
26
[PATCH v4 00/23] Xenstore stub domain
...aring event channels - dummy XSM module restricts getdomaininfo similar to no-XSM case - formatting/type fixups - partial ioctl compatibility with legacy IOCTL_XENBUS_ALLOC To start xenstored, run: tools/xenstore/init-xenstore-domain stubdom/mini-os-x86_64-xenstore/mini-os 20 system_u:system_r:domU_t This will populate the xenstore domid key /tool/xenstore/domid Other notes: The console for xenstored is not currently set up by init-xenstore-domain. If the hypervisor is compiled with VERBOSE or debug=y, output from xenstored will be visible on the hypervisor serial console (or ring buffer if...