|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel][Xense-devel][PATCH][XSM][1/4] Xen Security Modules Patch
On 8/3/07 19:58, "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote: > purpose of the security field is not only to facilitate information > flows to resources, virtual or physical, in the hypervisor, but also to > facilitate guests in the ability to identify channels based on these > security properties and support information flows mediated by these > guests. This is really an important property for creating secure > channels between domains as well as other resources (virtual or > physical) resources. E.g., the information flow from timer events to a guest? I can't envisage what kinds of policies you might have in mind. I'm probably missing some bigger picture. > To achieve a very light-weight > domain, one would like to remove as much functionality from that domain > as possible, to include the interrupt handler. Instead, there would > exist a light-weight domain interrupt handler domain that is responsible > for this functionality. These interrupts would manifest as interdomain > channels; however, the ipi mechanism remains unless a hook exists to > block this code path. Likewise, the light-weight domains wouldn't be > able to close their channels arbitrarily, and require a check on close > as well. I think this sounds like a microkernel-style 'interrupt server'? Why would you want that? And if you did have it, why would you care about the clients of this server closing their ends of interdomain event channels? -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |