|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] [XEN] [ACM] [1/2] Enable updating of policy on running system
This is a revised version of the previously posted patch that adds functionality to allow a policy to be updated on a running system and domains to be relabeled. The updating of a policy is happening in several steps: relabeling the domains, testing whether the system would be in a valid state after the relabeling, committing the changes if state is determined to be valid. To avoid a domain from being created while the policy is updated, the read-lock to the ACM policy must be held during all operations that evaluate against the current policy. In this patch I implement a function pair acm_rlock_policy()/acm_runlock_policy() that grab the read-lock in do_domctl() only when the operation is XEN_DOMCTL_createdomain. The operations are void if ACM is not compiled into Xen. The 2nd part of the patch restructures the code so that the pair of locking functions need not take the operation as parameter anymore. Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx> Attachment:
xen_acm_policy_update.diff _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |