|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver
> > So basically, the xenstore++ is in a stripped down secured domain and > someone with role-based access privileges communicates with xenstore++ > to connect a resource to a domain. Xenstore++ checks the permissions > and sets up the connection where the protocol description to use is an > attribute of the resource class. The protocol is policed and if it's > violated then either the resource provider (BE) or consumer (FE) or both > get blown away. > > There can be generic mechanisms in xenstore++ for colouring resources > and grouping roles etc to do fancy MAC stuff. > > > ...or something like that. > > Harry. > Hmm... this is not how I see xenstore today. Did you discuss what it takes to implement the "++"? (especially the part where you suggest moving xenstore in its on secured domain sounds very interesting) Would this be a non-intrusive change to Xen? Reiner _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |