[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] INFO for the subsequent Xen access control patches [1-8][ACM]



The [ACM] patches in the subsequent e-mails enhance / improve the Xen access control framework along the lines described in an earlier preview posting (see message: http://lists.xensource.com/archives/html/xen-devel/2006-02/msg00885.html). They provide:

* Labeling support for resume/migration/live-migration by introducing an access control parameter (consisting of a policy name and a label name)
into the domain configuration. Policy and label name are valid across
resume / migrate and are checked against the currently enforced policy
at resume or migration time. If they do not match, then resume/migration
fails.

* Integration of the Xen access control framework into Xen management
by moving from shell-based to Python-based tools and by integrating them
into the 'xm' command.

* Simplified policy management by moving from 2 files (policy
definition, label definition) to 1 file containing both policy and label
definitions.

* Introduction of a unique policy name for each policy/label definition.
This name must change if the content of the policy changes. The policy
name is used to ensure that the 'xm' tools and the hypervisor work on
the same policy, i.e., interpret the security information for domains
consistently.

If you would like to explore the new commands and  learn about required
configuration steps, then the new 'Access Control Subcommands' section
of the 'xm' man page is a good place to start.

Comments and suggestions welcome.

Thanks
Reiner




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.