This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [RFC] [PATCH] [XEN] [ACM] Enable updating policy on running

To: xen-devel@xxxxxxxxxxxxxxxxxxx, keir@xxxxxxxxxxxxx
Subject: [Xen-devel] [RFC] [PATCH] [XEN] [ACM] Enable updating policy on running system
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Fri, 20 Apr 2007 11:58:18 -0400
Delivery-date: Fri, 20 Apr 2007 08:16:59 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

  as part of the effort to make ACM functionality available via the
Xen-API, we are adding further functionality to the ACM module in the
hypervisor. One of these functions is to be able to update a running
system with a modified policy. The update is happening in several steps:
relabeling of the domains, testing against the current state of the
system, committing the changes. During that time it is necessary that no
other domain be created. I am currently using the domlist_update_lock
(see DOM_CREATE_LOCK define in the patch) to prevent other domains from
being added to the system while the update is happening. This is not the
correct lock to use, though, and I'd rather like to use domctl_lock in
do_domctl, because that will prevent a domain from being 'created' and
not just 'added to the list'. So would it be possible to make this lock
globally available since it is currently a local lock only accessible
from within do_domctl or are there other ways to achieve this?


Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xen_acm_policy_update.diff
Description: Text Data

Xen-devel mailing list