 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] [PATCH] [ACM] Check a domain's authorization to run
| To: | xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | [Xen-devel] [PATCH] [ACM] Check a domain's authorization to run |
| From: | Stefan Berger <stefanb@xxxxxxxxxx> |
| Date: | Wed, 25 Jul 2007 09:57:40 -0400 |
| Cc: | Keir Fraser <keir@xxxxxxxxxxxxx>, sailer@xxxxxxxxxx |
| Delivery-date: | Wed, 25 Jul 2007 06:48:06 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
A domain is only authorized to run if it has a superset of Simple Type Enforcement Types in its VM label compared to that of Domain-0, which itself may not have all STEs available in a policy. This patch adds a check for this into Xend and the necessary code support into Xen. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Many same managed domain, Daniel P. Berrange |
|---|---|
| Next by Date: | [Xen-devel] Grant Table problem mapping dom0 mem to domU, Carlos Perez |
| Previous by Thread: | [Xen-devel] XEN ports to ARM architectures, ROSSIER Daniel |
| Next by Thread: | [Xen-devel] Grant Table problem mapping dom0 mem to domU, Carlos Perez |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
