|
|
|
|
|
|
|
|
|
|
xense-devel
Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkb
>
> So basically, the xenstore++ is in a stripped down secured domain
and
> someone with role-based access privileges communicates with xenstore++
> to connect a resource to a domain. Xenstore++ checks the permissions
> and sets up the connection where the protocol description to use is
an
> attribute of the resource class. The protocol is policed and
if it's
> violated then either the resource provider (BE) or consumer (FE) or
both
> get blown away.
>
> There can be generic mechanisms in xenstore++ for colouring resources
> and grouping roles etc to do fancy MAC stuff.
>
>
> ...or something like that.
>
> Harry.
>
Hmm... this is not how I see xenstore today. Did you
discuss what it takes to implement the "++"?
(especially the part where you suggest moving xenstore
in its on secured domain sounds very interesting)
Would this be a non-intrusive change to Xen?
Reiner
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|