|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [Patch] Dynamic update to device ocontexts
Added the ability to add and delete ocontexts dynamically on a running system. Two new commands have been added to the xsm hypercall, add and delete ocontext. Twelve new library functions have been implemented that use the hypercall commands to label and unlabel pirqs, PCI devices, I/O ports and memory. The base policy has been updated so dom0 has the ability to use the hypercall commands by default. Items added to the list will not be present next time the system reloads. They will need to be added to the static policy. Signed-off-by : George Coker <gscoker@xxxxxxxxxxxxxx> Signed-off-by : Paul Nuzzi <pjnuzzi@xxxxxxxxxxxxxx> --- tools/flask/libflask/flask_op.c | 233 +++++++++++++++++++++ tools/flask/libflask/include/flask.h | 19 + tools/flask/policy/policy/flask/access_vectors | 2 tools/flask/policy/policy/modules/xen/xen.te | 2 xen/include/public/xsm/flask_op.h | 4 xen/xsm/flask/flask_op.c | 103 +++++++++ xen/xsm/flask/include/av_perm_to_string.h | 2 xen/xsm/flask/include/av_permissions.h | 2 xen/xsm/flask/include/security.h | 4 xen/xsm/flask/ss/services.c | 274 +++++++++++++++++++++++++ 10 files changed, 642 insertions(+), 3 deletions(-) Attachment:
dynamic_ocontexts.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |