xen-devel

[Top] [All Lists]

Re: [Xen-devel] protecting xen startup

from [Luke Kenneth Casson Leighton]

[Permanent Link][Original]

To:	"Neugebauer, Rolf" <rolf.neugebauer@xxxxxxxxx>, Mark Williamson <maw48@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx, SE-Linux <selinux@xxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] protecting xen startup
From:	Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Date:	Wed, 24 Nov 2004 20:24:12 +0000
Delivery-date:	Wed, 24 Nov 2004 22:15:03 +0000
Envelope-to:	xen+James.Bulpin@xxxxxxxxxxxx
In-reply-to:	<20041124152402.GQ5146@xxxxxxxx>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help:	<mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id:	List for Xen developers <xen-devel.lists.sourceforge.net>
List-post:	<mailto:xen-devel@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Mail-followup-to:	"Neugebauer, Rolf" <rolf.neugebauer@xxxxxxxxx>, Mark Williamson <maw48@xxxxxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx, SE-Linux <selinux@xxxxxxxxxxxxx>
References:	<39CC97884CA19A4D8D6296FE94357BCBF5CCD7@swsmsx404> <20041124152402.GQ5146@xxxxxxxx>
Sender:	xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.5.1+cvs20040105i

On Wed, Nov 24, 2004 at 03:24:02PM +0000, Luke Kenneth Casson Leighton wrote:

>  where xen->sid contains "xen_vm_0_t", "xen_vm_1_t" etc.
>  and tsec->sid contains "xen_xm_bin_t" - representing the xen control
>  binary /usr/bin/xm.
> 
>  the question i can't answer (the bit that i don't quite grok) is
>  how do you get hold of the right xen_info struct and how do you blat
>  the sid into it?

 sorry to be replying to my own message with another question,
 but would it be reasonable to have a function which adds
 some state info into the VM?

 what i mean by that is, would it be reasonable to add some functions
 xen_get_selinux_sid and xen_set_selinux_sid which are
 effectively the same as ext2/3 get and set xattrs "security.selinux"?

 such that it would be possible, on creation of a new xen guest session,
 to associate a SID with that session (e.g. "xen_vm_0_t") and then to be
 able to retrieve it again in the ioctls?

 l.

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Xen-devel] protecting xen startup, (continued) Re: [Xen-devel] protecting xen startup, Mark Williamson Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton Re: [Xen-devel] protecting xen startup, Mark Williamson Re: [Xen-devel] protecting xen startup, Charles Coffing Re: [Xen-devel] protecting xen startup, Mike Wray RE: [Xen-devel] protecting xen startup, Neugebauer, Rolf Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton Re: [Xen-devel] protecting xen startup, Mark Williamson RE: [Xen-devel] protecting xen startup, Neugebauer, Rolf Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton <=

Previous by Date:	[Xen-devel] Re: Xen with grsec?, Milan Holzäpfel
Next by Date:	Re: [Xen-devel] Compiling a xen patched 2.4.27 kernel, Hugo Delchini
Previous by Thread:	Re: [Xen-devel] protecting xen startup, Luke Kenneth Casson Leighton
Next by Thread:	[Xen-devel] double or triple access to ext2, ext3 or other partitions, Luke Kenneth Casson Leighton
Indexes:	[Date] [Thread] [Top] [All Lists]