|  |  | 
  
    |  |  | 
 
  |   |  | 
  
    |  |  | 
  
    |  |  | 
  
    |   xen-devel
[Xen-devel] [PATCH] [xend / libxen] Add support for labeling of	virtual  
| This patch adds labeling of virtual network interfaces to xend and makes
this manageable through the Xen-API.  It's a feature that is only usable
if ACM is enabled in Xen and xend is used through the xen-api.
A labeled virtual network interface will be plugged into a bridge where
other domains with the same-labeled network interface are connected to,
so that only same-colored domains can communicate with each other. The
bridge should be connected to the outside world using VLAN for
isolation, extending the isolation beyond the local machine.
If a virtual machine is labeled with a VM label that only has one Simple
Type Enforcement Type then it is not necessary to label the virtual
network interface, but the color of the network interface is determined
from the VM's label. If, however, a virtual machine is labeled with a VM
label that has multiple Simple Type Enforcement Types, then the explicit
labeling of each virtual network interface is required.
To specify the label of a network interface, the vif line in the VM's
configuration file has been extended with parameters similar use for
specifying the label of the VM:
vif = ['policy=<policy name>,label=<resource label>']
This labels the VIF of the virtual machine for usage under the policy
'policy name' and labels it with the label 'resource label'.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
  xend-xspolicy-xapi-viflabeling.diff Description: Text Data
 _______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
 | 
 
| <Prev in Thread] | Current Thread | [Next in Thread> |  | 
[Xen-devel] [PATCH] [xend / libxen] Add support for labeling of	virtual network interfaces,
Stefan Berger <=
 |  |  | 
  
    |  |  |