dgit.raspbian.org Git - xen.git/commit

acm: Updating a policy on a running system.

Allow a policy to be updated on a running system and domains to be
relabeled. The updating of a policy is happening in several steps:
relabeling the domains, testing whether the system would be in a valid
state after the relabeling (according to the policy), committing the
changes if state is determined to be valid.

I have followed Keir's suggestion of building a 2nd linked list
parallel to the domain list. That 2nd list holds security information
related to the running domains. Each entry is pointed to by its domain
structure. The list is protected by its own read/write-lock. I have
moved nearly all ACM-related code that was traversing the domain list
previously to traverse this list instead and not hold onto the domain
list lock.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>

author	kfraser@localhost.localdomain <kfraser@localhost.localdomain>
	Wed, 25 Apr 2007 08:40:02 +0000 (09:40 +0100)
committer	kfraser@localhost.localdomain <kfraser@localhost.localdomain>
	Wed, 25 Apr 2007 08:40:02 +0000 (09:40 +0100)
commit	260c2c91b7deab998a801ca77580fb6f2d3c1704
tree	3178ea4dc361fc59c5b6d28f4487079b288178f8	tree \| snapshot
parent	8c706ec28d6ac4805a513fe29850a97773a9a4ee	commit \| diff

xen/acm/acm_chinesewall_hooks.c		diff \| blob \| history
xen/acm/acm_core.c		diff \| blob \| history
xen/acm/acm_null_hooks.c		diff \| blob \| history
xen/acm/acm_policy.c		diff \| blob \| history
xen/acm/acm_simple_type_enforcement_hooks.c		diff \| blob \| history
xen/common/acm_ops.c		diff \| blob \| history
xen/include/acm/acm_core.h		diff \| blob \| history
xen/include/acm/acm_hooks.h		diff \| blob \| history
xen/include/public/acm.h		diff \| blob \| history
xen/include/public/acm_ops.h		diff \| blob \| history