Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 05/11/2007
> On Fri, 2007-05-11 at 14:32 +0100, Derek Murray wrote:
> > On 9 May 2007, at 18:04, George S. Coker, II wrote:
> Currently the existing ACM module is implemented as a single XSM module
> which stacks (internally) the Chinese Wall and Simple Type Enforcement
> functionality. (This is the preferred approach for stacking.)
> is one module with the flexibility to enforce STE and/or CW policy.
> The existing ACM was designed to be complementary to Xen's IS_PRIV().
> Moving IS_PRIV() to the default/dummy XSM module does not alter this
> relationship as the hooks used by ACM are orthogonal to the IS_PRIV()
> hooks. On init of the XSM (because ACM-XSM does not define replacements
> for these IS_PRIV() hooks), the hooks from the dummy/default module
> integrated (or "shimmed") in to the ACM-XSM module. So
I think XSM can
If ACM-XSM does not define replacements for the IS_PRIV()
hooks, how are you going to integrate them into ACM-XSM? If so, based on
what information from the current ACM policy would ACM-XSM enforce the
IS_PRIV() check? What if ACM is not active, what enforces IS_PRIV() then?
> do what you and Keir are suggesting.
> > Thanks for your input on this, and if I can be of any more help,
> > please let me know.
> > Regards,
> > Derek Murray.
> George S. Coker, II <gscoker@xxxxxxxxxxxxxx> 443-479-6944
> Xen-devel mailing list
Xen-devel mailing list