projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 16d8dcb) | patch
xsm: Add support for Xen device policies
authorKeir Fraser <keir.fraser@citrix.com>
Tue, 27 Oct 2009 12:52:57 +0000 (12:52 +0000)
committerKeir Fraser <keir.fraser@citrix.com>
Tue, 27 Oct 2009 12:52:57 +0000 (12:52 +0000)
commit78942912c8a3ff303b910d4a179ff6be7e9b0477
tree10468e48843fbc769f0298b5bc52df3dfb63aa73tree | snapshot
parent16d8dcbfb346174e67a61134a45d40870d112cadcommit | diff
xsm: Add support for Xen device policies

Add support for Xen ocontext records to enable device polices.  The
default policy will not be changed and instructions have been added to
enable the new functionality.  Examples on how to use the new policy
language have been added but commented out.  The newest version of
checkpolicy (>= 2.0.20) and libsepol (>= 2.0.39) is needed in order to
compile it.  Devices can be labeled and enforced using the following
new commands; pirqcon, iomemcon, ioportcon and pcidevicecon.

Signed-off-by : George Coker <gscoker@alpha.ncsc.mil>
Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
docs/misc/xsm-flask.txt diff | blob | history
tools/flask/policy/Makefile diff | blob | history
tools/flask/policy/policy/modules/xen/xen.if diff | blob | history
tools/flask/policy/policy/modules/xen/xen.te diff | blob | history
xen/xsm/flask/avc.c diff | blob | history
xen/xsm/flask/hooks.c diff | blob | history
xen/xsm/flask/include/avc.h diff | blob | history
xen/xsm/flask/ss/policydb.c diff | blob | history
xen/xsm/flask/ss/policydb.h diff | blob | history
xen/xsm/flask/ss/services.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.