This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [RFC] [PATCH] [XEN] [ACM] Enable updating policy on runn

To: Stefan Berger <stefanb@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [RFC] [PATCH] [XEN] [ACM] Enable updating policy on running system
From: Keir Fraser <keir@xxxxxxxxxxxxx>
Date: Fri, 20 Apr 2007 16:28:26 +0100
Delivery-date: Fri, 20 Apr 2007 08:27:18 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1177084698.10994.12.camel@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AceDYIoTyIZTX+9TEduiOwAX8io7RQ==
Thread-topic: [Xen-devel] [RFC] [PATCH] [XEN] [ACM] Enable updating policy on running system
User-agent: Microsoft-Entourage/
Is there now some consensus on how to add security features to XenAPI that
does not cause conflict between XSM and ACM?

Anyway, in response to your main question, I wonder what you actually need
to serialise against? Is it sufficient to just sync against domain creation
-- what if event channels or grant mappings are also occurring during the
policy change? Is there some specific part of domain creation you need to
serialise against?

 -- Keir

On 20/4/07 16:58, "Stefan Berger" <stefanb@xxxxxxxxxx> wrote:

> Keir,
>   as part of the effort to make ACM functionality available via the
> Xen-API, we are adding further functionality to the ACM module in the
> hypervisor. One of these functions is to be able to update a running
> system with a modified policy. The update is happening in several steps:
> relabeling of the domains, testing against the current state of the
> system, committing the changes. During that time it is necessary that no
> other domain be created. I am currently using the domlist_update_lock
> (see DOM_CREATE_LOCK define in the patch) to prevent other domains from
> being added to the system while the update is happening. This is not the
> correct lock to use, though, and I'd rather like to use domctl_lock in
> do_domctl, because that will prevent a domain from being 'created' and
> not just 'added to the list'. So would it be possible to make this lock
> globally available since it is currently a local lock only accessible
> from within do_domctl or are there other ways to achieve this?
>  Thanks.
>     Stefan
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

Xen-devel mailing list