xense-devel

[Top] [All Lists]

Re: [Xense-devel] How to block ping?

from [Reiner Sailer]

[Permanent Link][Original]

To:	"MANU SHANTHARAM" <mxs793@xxxxxxx>
Subject:	Re: [Xense-devel] How to block ping?
From:	Reiner Sailer <sailer@xxxxxxxxxx>
Date:	Sat, 25 Nov 2006 21:04:01 -0500
Cc:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Sat, 25 Nov 2006 18:04:07 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<1164336654l.1454290l.0l@xxxxxxx>
List-help:	<mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id:	"A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post:	<mailto:xense-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

Hi,

I submitted an RFC patch to Xense-devel some time ago. It sets all the filter rules in Domain0 so that only domains can exchange network traffic (including ping) if they share a common type.

This patch is not integrated into the main stream so you need to patch it in manually (see current limitations section in Xen User Guide Chapter 10). It worked when it was submitted.
http://lists.xensource.com/archives/html/xense-devel/2006-08/msg00003.html

Reiner
__________________________________________________________
Reiner Sailer, Research Staff Member, Secure Systems Department
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sailer@xxxxxxxxxx
http://www.research.ibm.com/people/s/sailer/

"MANU SHANTHARAM" <mxs793@xxxxxxx>
Sent by: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx

11/23/2006 09:50 PM

To	xense-devel@xxxxxxxxxxxxxxxxxxx
cc
Subject	[Xense-devel] How to block ping?

Hi,

I have setup Xen(3.0) ACM ON. There are two guest domains with labels (PepsiCo & Hertz, following user manual). Ping from one guest domain to another should fail as they have different labels, but I am able to ping. Have I missed any configuration? Or is it normal behavior?

Thanks,
Manu_______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xense-devel] How to block ping?, MANU SHANTHARAM Re: [Xense-devel] How to block ping?, Reiner Sailer <=

Previous by Date:	Re: [Xense-devel] sHype supprot for Solaris, Stefan Berger
Next by Date:	[Xense-devel] Howto enable sHype/ACM security for Xen with FC6 Xen sources and FC6 kernels, Reiner Sailer
Previous by Thread:	[Xense-devel] How to block ping?, MANU SHANTHARAM
Next by Thread:	[Xense-devel] sHype supprot for Solaris, bavelski
Indexes:	[Date] [Thread] [Top] [All Lists]