[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] how to label a pci device step by step?

On 07/09/2012 02:01 AM, Allan Chen wrote:
> hi,all
>    i follow the instruction in file xsm-flask.txt(in xen-4.1.2/docs/misc)
> to  label a NIC,
> if i uncomment policy in file xen.te
>      pirqcon 33 system_u:object_r:nicP_t
> then:
> make polily
> I got an error: pirqcon not supported for target
> where do i find a tutorial about labelling a NIC in XEN  flask?
> thank you very mouch!

In order to use pirqcon or other static device labeling directives in the
security policy, you need to tell checkpolicy (the compiler) to enable
Xen policy features by adding "-t Xen" in tools/flask/policy/Makefile. The
docs file mentions this under "Device Policy"; you may also want to look
at 4.2's docs as they better explain the origin of pcidevicecon.

If you are planning to switch to Xen 4.2 in the future, you may want to
look at the flask-label-pci tool which will handle dynamic addresses/IRQs.

Daniel De Graaf
National Security Agency

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.