Added the ability to add and delete ocontexts dynamically on a running system. Two new commands have been added to the xsm hypercall, add and delete ocontext. Twelve new library functions have been implemented that use the hypercall commands to label and unlabel pirqs, PCI devices, I/O ports and memory. The base policy has been updated so dom0 has the ability to use the hypercall commands by default. Items added to the list will not be present next time the system reloads. They will need to be added to the static policy. Signed-off-by : George Coker <gscoker@alpha.ncsc.mil> Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> --- tools/flask/libflask/flask_op.c | 233 +++++++++++++++++++++ tools/flask/libflask/include/flask.h | 19 + tools/flask/policy/policy/flask/access_vectors | 2 tools/flask/policy/policy/modules/xen/xen.te | 2 xen/include/public/xsm/flask_op.h | 4 xen/xsm/flask/flask_op.c | 103 +++++++++ xen/xsm/flask/include/av_perm_to_string.h | 2 xen/xsm/flask/include/av_permissions.h | 2 xen/xsm/flask/include/security.h | 4 xen/xsm/flask/ss/services.c | 274 +++++++++++++++++++++++++ 10 files changed, 642 insertions(+), 3 deletions(-) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Paul Nuzzi
2009-Nov-20 15:42 UTC
[Xen-devel] Re: [Patch] Dynamic update to device ocontexts
Changed format strings from signed to unsigned to reflect the variables being passed in. Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> --- tools/flask/libflask/flask_op.c | 12 ++++++------ xen/xsm/flask/flask_op.c | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) On Fri, 2009-11-13 at 15:32 -0500, Paul Nuzzi wrote:> Added the ability to add and delete ocontexts dynamically on a running > system. Two new commands have been added to the xsm hypercall, add and > delete ocontext. Twelve new library functions have been implemented > that use the hypercall commands to label and unlabel pirqs, PCI devices, > I/O ports and memory. The base policy has been updated so dom0 has the > ability to use the hypercall commands by default. Items added to the > list will not be present next time the system reloads. They will need > to be added to the static policy. > > Signed-off-by : George Coker <gscoker@alpha.ncsc.mil> > > Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> > > --- > > tools/flask/libflask/flask_op.c | 233 > +++++++++++++++++++++ > tools/flask/libflask/include/flask.h | 19 + > tools/flask/policy/policy/flask/access_vectors | 2 > tools/flask/policy/policy/modules/xen/xen.te | 2 > xen/include/public/xsm/flask_op.h | 4 > xen/xsm/flask/flask_op.c | 103 +++++++++ > xen/xsm/flask/include/av_perm_to_string.h | 2 > xen/xsm/flask/include/av_permissions.h | 2 > xen/xsm/flask/include/security.h | 4 > xen/xsm/flask/ss/services.c | 274 > +++++++++++++++++++++++++ > 10 files changed, 642 insertions(+), 3 deletions(-) >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel