[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] [Xen] [ACM] (revised) Updating a policy on a running system

To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Tue, 24 Apr 2007 23:53:37 -0400
Cc: Keir Fraser <keir@xxxxxxxxxxxxx>
Delivery-date: Tue, 24 Apr 2007 20:11:52 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

This is a revised version of the previously posted patch that adds
functionality to allow a policy to be updated on a running system and
domains to be relabeled. The updating of a policy is happening in
several steps: relabeling the domains, testing whether the system would
be in a valid state after the relabeling (according to the policy),
committing the changes if state is determined to be valid.

I have followed Keir's suggestion of building a 2nd linked list parallel
to the domain list. That 2nd list holds security information related to
the running domains. Each entry is pointed to by its domain structure.
The list is protected by its own read/write-lock. I have moved nearly
all ACM-related code that was traversing the domain list previously to
traverse this list instead and not hold onto the domain list lock.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: xen_acm_policy_update.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: [Xen-devel] xc_translate_foreign_address
Next by Date: Re: [Xen-devel] looking for Xen Summit 2007 presentations
Previous by thread: [Xen-devel] xc_translate_foreign_address
Next by thread: [Xen-devel] c/s 14921
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.