# Grand Unified Makefile for Xen.
#
-KERNELS ?= linux-2.6-xen
+#KERNELS ?= linux-2.6-xen
+KERNELS ?= linux-2.6-xen0 linux-2.6-xenU
# You may use wildcards in the above e.g. KERNELS=*2.6*
XKERNELS := $(foreach kernel, $(KERNELS), $(patsubst buildconfigs/mk.%,%,$(wildcard buildconfigs/mk.$(kernel))) )
+++ /dev/null
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security labels, which can -->
-<!-- be attached to Domains and resources. Based on -->
-<!-- these labels, the access control module decides -->
-<!-- about sharing between Domains and about access -->
-<!-- of Domains to real resources. -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
- <LabelHeader>
- <Name>chwall-security_label_template</Name>
- <Date>2005-08-10</Date>
- <PolicyName>
- <Url>chwall-security_policy.xml</Url>
- <Reference>abcdef123456abcdef</Reference>
- </PolicyName>
- </LabelHeader>
-
- <SubjectLabels bootstrap="dom_SystemManagement">
- <!-- single ste typed domains -->
- <!-- ACM enforces that only domains with -->
- <!-- the same type can share information -->
- <!-- -->
- <!-- Bootstrap label is assigned to Dom0 -->
- <VirtualMachineLabel>
- <Name>dom_HomeBanking</Name>
- <ChineseWallTypes>
- <Type>cw_Sensitive</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <Name>dom_Fun</Name>
- <ChineseWallTypes>
- <Type>cw_Distrusted</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- donating some cycles to seti@home -->
- <Name>dom_BoincClient</Name>
- <ChineseWallTypes>
- <Type>cw_Isolated</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <!-- Domains with multiple ste types services; such domains -->
- <!-- must keep the types inside their domain safely confined. -->
- <VirtualMachineLabel>
- <Name>dom_SystemManagement</Name>
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves persistent storage to other domains -->
- <Name>dom_StorageDomain</Name>
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves network access to other domains -->
- <Name>dom_NetworkDomain</Name>
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
- </SubjectLabels>
-</SecurityLabelTemplate>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security policies, which -->
-<!-- can be enforced by the Xen Access Control Module. -->
-<!-- Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
- <Name>chwall-security_policy</Name>
- <Date>2005-08-10</Date>
-</PolicyHeader>
-<!-- -->
-<!-- example of a chinese wall type definition -->
-<!-- along with its conflict sets -->
-<!-- (typse in a confict set are exclusive, i.e. -->
-<!-- once a Domain with one type of a set is -->
-<!-- running, no other Domain with another type -->
-<!-- of the same conflict set can start.) -->
- <ChineseWall priority="PrimaryPolicyComponent">
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- <Type>cw_Sensitive</Type>
- <Type>cw_Isolated</Type>
- <Type>cw_Distrusted</Type>
- </ChineseWallTypes>
-
- <ConflictSets>
- <Conflict name="Protection1">
- <Type>cw_Sensitive</Type>
- <Type>cw_Distrusted</Type>
- </Conflict>
- </ConflictSets>
- </ChineseWall>
-</SecurityPolicyDefinition>
-
+++ /dev/null
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security labels, which can -->
-<!-- be attached to Domains and resources. Based on -->
-<!-- these labels, the access control module decides -->
-<!-- about sharing between Domains and about access -->
-<!-- of Domains to real resources. -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
- <LabelHeader>
- <Name>chwall_ste-security_label_template</Name>
- <Date>2005-08-10</Date>
- <PolicyName>
- <Url>chwall_ste-security_policy.xml</Url>
- <Reference>abcdef123456abcdef</Reference>
- </PolicyName>
- </LabelHeader>
-
- <SubjectLabels bootstrap="dom_SystemManagement">
- <!-- single ste typed domains -->
- <!-- ACM enforces that only domains with -->
- <!-- the same type can share information -->
- <!-- -->
- <!-- Bootstrap label is assigned to Dom0 -->
- <VirtualMachineLabel>
- <Name>dom_HomeBanking</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_Sensitive</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <Name>dom_Fun</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_Distrusted</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- donating some cycles to seti@home -->
- <Name>dom_BoincClient</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_DonatedCycles</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_Isolated</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <!-- Domains with multiple ste types services; such domains -->
- <!-- must keep the types inside their domain safely confined. -->
- <VirtualMachineLabel>
- <Name>dom_SystemManagement</Name>
- <SimpleTypeEnforcementTypes>
- <!-- since dom0 needs access to every domain and -->
- <!-- resource right now ... -->
- <Type>ste_SystemManagement</Type>
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- <Type>ste_DonatedCycles</Type>
- <Type>ste_PersistentStorageA</Type>
- <Type>ste_NetworkAdapter0</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves persistent storage to other domains -->
- <Name>dom_StorageDomain</Name>
- <SimpleTypeEnforcementTypes>
- <!-- access right to the resource (hard drive a) -->
- <Type>ste_PersistentStorageA</Type>
- <!-- can serve following types -->
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves network access to other domains -->
- <Name>dom_NetworkDomain</Name>
- <SimpleTypeEnforcementTypes>
- <!-- access right to the resource (ethernet card) -->
- <Type>ste_NetworkAdapter0</Type>
- <!-- can serve following types -->
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- <Type>ste_DonatedCycles</Type>
- </SimpleTypeEnforcementTypes>
-
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- </ChineseWallTypes>
- </VirtualMachineLabel>
- </SubjectLabels>
-
- <ObjectLabels>
- <ResourceLabel>
- <Name>res_ManagementResource</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_HardDrive (hda)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersistentStorageA</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_LogicalDiskPartition1 (hda1)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_LogicalDiskPartition2 (hda2)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_EthernetCard</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_NetworkAdapter0</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_SecurityToken</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_GraphicsAdapter</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
- </ObjectLabels>
-</SecurityLabelTemplate>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security policies, which -->
-<!-- can be enforced by the Xen Access Control Module. -->
-<!-- Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
- <Name>chwall_ste-security_policy</Name>
- <Date>2005-08-10</Date>
-</PolicyHeader>
-<!-- -->
-<!-- example of a simple type enforcement policy definition -->
-<!-- -->
- <SimpleTypeEnforcement>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type> <!-- machine/security management -->
- <Type>ste_PersonalFinances</Type> <!-- personal finances -->
- <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. -->
- <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home -->
- <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
- <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0-->
- </SimpleTypeEnforcementTypes>
- </SimpleTypeEnforcement>
-<!-- -->
-<!-- example of a chinese wall type definition -->
-<!-- along with its conflict sets -->
-<!-- (typse in a confict set are exclusive, i.e. -->
-<!-- once a Domain with one type of a set is -->
-<!-- running, no other Domain with another type -->
-<!-- of the same conflict set can start.) -->
- <ChineseWall priority="PrimaryPolicyComponent">
- <ChineseWallTypes>
- <Type>cw_SystemManagement</Type>
- <Type>cw_Sensitive</Type>
- <Type>cw_Isolated</Type>
- <Type>cw_Distrusted</Type>
- </ChineseWallTypes>
-
- <ConflictSets>
- <Conflict name="Protection1">
- <Type>cw_Sensitive</Type>
- <Type>cw_Distrusted</Type>
- </Conflict>
- </ConflictSets>
- </ChineseWall>
-</SecurityPolicyDefinition>
-
+++ /dev/null
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security labels, which can -->
-<!-- be attached to Domains and resources. Based on -->
-<!-- these labels, the access control module decides -->
-<!-- about sharing between Domains and about access -->
-<!-- of Domains to real resources. -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
- <LabelHeader>
- <Name>null-security_label_template</Name>
-
- <Date>2005-08-10</Date>
- <PolicyName>
- <Url>null-security_policy.xml</Url>
-
- <Reference>abcdef123456abcdef</Reference>
- </PolicyName>
- </LabelHeader>
-</SecurityLabelTemplate>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security policies, which -->
-<!-- can be enforced by the Xen Access Control Module. -->
-<!-- Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
- <Name>null-security_policy</Name>
- <Date>2005-08-10</Date>
-</PolicyHeader>
-</SecurityPolicyDefinition>
-
<?xml version="1.0" encoding="UTF-8"?>
<!-- Author: Ray Valdez, Reiner Sailer {rvaldez,sailer}@us.ibm.com -->
<!-- This file defines the schema, which is used to define -->
-<!-- the security policy and the security labels in Xe. -->
+<!-- the security policy and the security labels in Xen. -->
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.ibm.com" xmlns="http://www.ibm.com" elementFormDefault="qualified">
<xsd:element name="SecurityPolicyDefinition">
<xsd:complexType>
<xsd:sequence>
- <xsd:element ref="PolicyHeader" minOccurs="0" maxOccurs="1"></xsd:element>
+ <xsd:element ref="PolicyHeader" minOccurs="1" maxOccurs="1"></xsd:element>
<xsd:element ref="SimpleTypeEnforcement" minOccurs="0" maxOccurs="1"></xsd:element>
<xsd:element ref="ChineseWall" minOccurs="0" maxOccurs="1"></xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="SecurityLabelTemplate">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="LabelHeader" minOccurs="1" maxOccurs="1"></xsd:element>
- <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
- </xsd:sequence>
- <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
+ <xsd:element ref="SecurityLabelTemplate" minOccurs="1" maxOccurs="1"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
<xsd:element name="PolicyHeader">
<xsd:complexType>
<xsd:sequence>
- <xsd:element ref="Name" minOccurs="1" maxOccurs="1" />
- <xsd:element ref="Date" minOccurs="1" maxOccurs="1" />
+ <xsd:element name="PolicyName" minOccurs="1" maxOccurs="1" type="xsd:string"></xsd:element>
+ <xsd:element name="PolicyUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
+ <xsd:element name="Reference" type="xsd:string" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="Date" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
+ <xsd:element name="NameSpaceUrl" minOccurs="0" maxOccurs="1" type="xsd:string"></xsd:element>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
- <xsd:element name="LabelHeader">
+ <xsd:element name="ChineseWall">
<xsd:complexType>
<xsd:sequence>
- <xsd:element ref="Name"></xsd:element>
- <xsd:element ref="Date" minOccurs="1" maxOccurs="1"></xsd:element>
- <xsd:element ref="PolicyName" minOccurs="1" maxOccurs="1"></xsd:element>
+ <xsd:element ref="ChineseWallTypes" minOccurs="1" maxOccurs="1" />
+ <xsd:element ref="ConflictSets" minOccurs="0" maxOccurs="1" />
</xsd:sequence>
+ <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="SimpleTypeEnforcement">
<xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
</xsd:complexType>
</xsd:element>
- <xsd:element name="ChineseWall">
+ <xsd:element name="SecurityLabelTemplate">
<xsd:complexType>
<xsd:sequence>
- <xsd:element ref="ChineseWallTypes" />
- <xsd:element ref="ConflictSets" />
+ <xsd:element name="SubjectLabels" minOccurs="0" maxOccurs="1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="VirtualMachineLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="bootstrap" type="xsd:string" use="required"></xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ObjectLabels" minOccurs="0" maxOccurs="1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="ResourceLabel" minOccurs="1" maxOccurs="unbounded"></xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
</xsd:sequence>
- <xsd:attribute name="priority" type="PolicyOrder" use="optional"></xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="ChineseWallTypes">
</xsd:sequence>
</xsd:complexType>
</xsd:element>
- <xsd:element name="PolicyName">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element ref="Url" />
- <xsd:element ref="Reference" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="Date" type="xsd:string" />
<xsd:element name="Name" type="xsd:string" />
<xsd:element name="Type" type="xsd:string" />
- <xsd:element name="Reference" type="xsd:string" />
- <xsd:element name="Url"></xsd:element>
-
<xsd:simpleType name="PolicyOrder">
<xsd:restriction base="xsd:string">
<xsd:enumeration value="PrimaryPolicyComponent"></xsd:enumeration>
</xsd:restriction>
</xsd:simpleType>
-
</xsd:schema>
+++ /dev/null
-<?xml version="1.0"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security labels, which can -->
-<!-- be attached to Domains and resources. Based on -->
-<!-- these labels, the access control module decides -->
-<!-- about sharing between Domains and about access -->
-<!-- of Domains to real resources. -->
-
-<SecurityLabelTemplate
- xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
- <LabelHeader>
- <Name>ste-security_label_template</Name>
- <Date>2005-08-10</Date>
- <PolicyName>
- <Url>ste-security_policy.xml</Url>
- <Reference>abcdef123456abcdef</Reference>
- </PolicyName>
- </LabelHeader>
-
- <SubjectLabels bootstrap="dom_SystemManagement">
- <!-- single ste typed domains -->
- <!-- ACM enforces that only domains with -->
- <!-- the same type can share information -->
- <!-- -->
- <!-- Bootstrap label is assigned to Dom0 -->
- <VirtualMachineLabel>
- <Name>dom_HomeBanking</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <Name>dom_Fun</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- donating some cycles to seti@home -->
- <Name>dom_BoincClient</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_DonatedCycles</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
-
- <!-- Domains with multiple ste types services; such domains -->
- <!-- must keep the types inside their domain safely confined. -->
- <VirtualMachineLabel>
- <Name>dom_SystemManagement</Name>
- <SimpleTypeEnforcementTypes>
- <!-- since dom0 needs access to every domain and -->
- <!-- resource right now ... -->
- <Type>ste_SystemManagement</Type>
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- <Type>ste_DonatedCycles</Type>
- <Type>ste_PersistentStorageA</Type>
- <Type>ste_NetworkAdapter0</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves persistent storage to other domains -->
- <Name>dom_StorageDomain</Name>
- <SimpleTypeEnforcementTypes>
- <!-- access right to the resource (hard drive a) -->
- <Type>ste_PersistentStorageA</Type>
- <!-- can serve following types -->
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
-
- <VirtualMachineLabel>
- <!-- serves network access to other domains -->
- <Name>dom_NetworkDomain</Name>
- <SimpleTypeEnforcementTypes>
- <!-- access right to the resource (ethernet card) -->
- <Type>ste_NetworkAdapter0</Type>
- <!-- can serve following types -->
- <Type>ste_PersonalFinances</Type>
- <Type>ste_InternetInsecure</Type>
- <Type>ste_DonatedCycles</Type>
- </SimpleTypeEnforcementTypes>
- </VirtualMachineLabel>
- </SubjectLabels>
-
- <ObjectLabels>
- <ResourceLabel>
- <Name>res_ManagementResource</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_HardDrive (hda)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersistentStorageA</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_LogicalDiskPartition1 (hda1)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_LogicalDiskPartition2 (hda2)</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_InternetInsecure</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_EthernetCard</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_NetworkAdapter0</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_SecurityToken</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_PersonalFinances</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
-
- <ResourceLabel>
- <Name>res_GraphicsAdapter</Name>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type>
- </SimpleTypeEnforcementTypes>
- </ResourceLabel>
- </ObjectLabels>
-</SecurityLabelTemplate>
-
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Author: Reiner Sailer, Ray Valdez {sailer,rvaldez}@us.ibm.com -->
-<!-- This file defines the security policies, which -->
-<!-- can be enforced by the Xen Access Control Module. -->
-<!-- Currently: Chinese Wall and Simple Type Enforcement-->
-<SecurityPolicyDefinition xmlns="http://www.ibm.com"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.ibm.com security_policy.xsd">
-<PolicyHeader>
- <Name>ste-security_policy</Name>
- <Date>2005-08-10</Date>
-</PolicyHeader>
-<!-- -->
-<!-- example of a simple type enforcement policy definition -->
-<!-- -->
- <SimpleTypeEnforcement>
- <SimpleTypeEnforcementTypes>
- <Type>ste_SystemManagement</Type> <!-- machine/security management -->
- <Type>ste_PersonalFinances</Type> <!-- personal finances -->
- <Type>ste_InternetInsecure</Type> <!-- games, active X, etc. -->
- <Type>ste_DonatedCycles</Type> <!-- donation to BOINC/seti@home -->
- <Type>ste_PersistentStorageA</Type> <!-- domain managing the harddrive A-->
- <Type>ste_NetworkAdapter0</Type> <!-- type of the domain managing ethernet adapter 0-->
- </SimpleTypeEnforcementTypes>
- </SimpleTypeEnforcement>
-</SecurityPolicyDefinition>
-
projects / xen.git / commitdiff