This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [PATCH] [Xen] [ACM] (revised) Updating a policy on a running

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] [Xen] [ACM] (revised) Updating a policy on a running system
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Tue, 24 Apr 2007 23:53:37 -0400
Cc: Keir Fraser <keir@xxxxxxxxxxxxx>
Delivery-date: Tue, 24 Apr 2007 20:11:52 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
This is a revised version of the previously posted patch that adds
functionality to allow a policy to be updated on a running system and
domains to be relabeled. The updating of a policy is happening in
several steps: relabeling the domains, testing whether the system would
be in a valid state after the relabeling (according to the policy),
committing the changes if state is determined to be valid.

I have followed Keir's suggestion of building a 2nd linked list parallel
to the domain list. That 2nd list holds security information related to
the running domains. Each entry is pointed to by its domain structure.
The list is protected by its own read/write-lock. I have moved nearly
all ACM-related code that was traversing the domain list previously to
traverse this list instead and not hold onto the domain list lock.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xen_acm_policy_update.diff
Description: Text Data

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] [Xen] [ACM] (revised) Updating a policy on a running system, Stefan Berger <=