WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Int

from [Chris Wright] [Permanent Link][Original]
To: Jun Koi <junkoi2004@xxxxxxxxx>
Subject: Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro
From: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Fri, 1 Sep 2006 10:58:32 -0700
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 01 Sep 2006 10:59:02 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <fdaac4d50609011036j116cc28cv9a39476702b23585@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1157129851.22006.187.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <fdaac4d50609011036j116cc28cv9a39476702b23585@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i 
* Jun Koi (junkoi2004@xxxxxxxxx) wrote:
> - So we can use XMS instead of ACM, thus we can remove ACM in the
> future? (same as LSM, which seems to monopoly the security policy of
> Linux? )

The question is whether you can implement ACM policy in the flask
policy language.  My understanding it yes, it's possible, however it's
not obvious if it is a win.  I believe the resulting memory footprints
would not compare well.  Of course, Reiner and George will have a much
better idea than I ;-)  In general, the advatage of XSM is choice.

> - LSM has a problem of not supporting stacking module, and that is
> really paint in the arse. How about XSM? Do you try to fix that
> problem?

I don't see anything in XSM that changes that limitation to LSM.  In fact,
it appears to not even support the very weak stacking via chaining
mechanism (which is a good plan in this case).  And it's questionable
at best.  Arbitrary security policies simply do not compose.

thanks,
-chris

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] [PATCH] Optimizing x86-64 xenlinux using global pages for user mode (take 2), Nakajima, Jun
Next by Date:  [Xen-devel] Daily Xen Builds, David F Barrera
Previous by Thread:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, Jun Koi
Next by Thread:  Re: [Xen-devel] [Xense-devel][RFC][PATCH][0/4] Xen Security Modules: Intro, Robert Watson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy