[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSM/Flask Default policy and Testing


  • To: "Ahmed, Farid" <Farid.Ahmed@xxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
  • Date: Fri, 24 Oct 2008 10:45:50 -0400
  • Cc:
  • Delivery-date: Fri, 24 Oct 2008 07:47:56 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: Ack1k3U6pdzwWbFtRk2U+jpeTyeaUAAS6kPAAAIFr50=
  • Thread-topic: [Xen-devel] XSM/Flask Default policy and Testing

Farid,

The default policy track the Dom0/DomU usage model in the sense that one can
create and manage DomUs.  That said, just because you can do something from
Dom0, doesn't mean that the sample policy supports that usage.  An example
of the latter is kexec/kdump.  The sample policy is a guide, you need to
develop your own policy goals and implement the policy accordingly.

You should be able to use the SELinux policy writing and analysis tools.
These tools depend only on the policy directory structure which the sample
XSM/Flask policy preserves with SELinux.

George

On 10/24/08 9:53 AM, "Ahmed, Farid" <Farid.Ahmed@xxxxxxxxxx> wrote:

>  Hello everyone,
> I have two questions related to the XSM/Flask default policy.
> 1. Is there any documentation of what the default policy (or Dom0/DomU
> usage model) is supposed to do?
> 2. Is there any tool that may help the policy writing and especially
> testing XSM/Flask policy? How do we verify the policy is working?
> 
> Thanks
> Farid
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel

-- 
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.