Reiner Sailer
2006-Apr-12 02:25 UTC
[Xen-devel] INFO for the subsequent Xen access control patches [1-8][ACM]
The [ACM] patches in the subsequent e-mails enhance / improve the Xen access control framework along the lines described in an earlier preview posting (see message: http://lists.xensource.com/archives/html/xen-devel/2006-02/msg00885.html). They provide: * Labeling support for resume/migration/live-migration by introducing an access control parameter (consisting of a policy name and a label name) into the domain configuration. Policy and label name are valid across resume / migrate and are checked against the currently enforced policy at resume or migration time. If they do not match, then resume/migration fails. * Integration of the Xen access control framework into Xen management by moving from shell-based to Python-based tools and by integrating them into the ''xm'' command. * Simplified policy management by moving from 2 files (policy definition, label definition) to 1 file containing both policy and label definitions. * Introduction of a unique policy name for each policy/label definition. This name must change if the content of the policy changes. The policy name is used to ensure that the ''xm'' tools and the hypervisor work on the same policy, i.e., interpret the security information for domains consistently. If you would like to explore the new commands and learn about required configuration steps, then the new ''Access Control Subcommands'' section of the ''xm'' man page is a good place to start. Comments and suggestions welcome. Thanks Reiner _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel