projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2abe070) | patch
[ACM] Check a domain's authorization to run.
authorkfraser@localhost.localdomain <kfraser@localhost.localdomain>
Fri, 27 Jul 2007 08:01:15 +0000 (09:01 +0100)
committerkfraser@localhost.localdomain <kfraser@localhost.localdomain>
Fri, 27 Jul 2007 08:01:15 +0000 (09:01 +0100)
commitbf9e4257b392c550afe1c34d1fe38b6a2659dd69
tree2544a327b55a0a389c3d5a7169e7faf6e23458a0tree | snapshot
parent2abe070373048a47d66851e76593c11f95683059commit | diff
[ACM] Check a domain's authorization to run.

A domain is only authorized to run if it has a superset of Simple Type
Enforcement Types in its VM label compared to that of Domain-0, which
itself may not have all STEs available in a policy. This patch adds a
check for this into Xend and the necessary code support into Xen.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
tools/python/xen/lowlevel/acm/acm.c diff | blob | history
tools/python/xen/util/security.py diff | blob | history
tools/python/xen/xend/XendDomainInfo.py diff | blob | history
xen/acm/acm_chinesewall_hooks.c diff | blob | history
xen/acm/acm_core.c diff | blob | history
xen/acm/acm_policy.c diff | blob | history
xen/acm/acm_simple_type_enforcement_hooks.c diff | blob | history
xen/include/acm/acm_core.h diff | blob | history
xen/include/acm/acm_hooks.h diff | blob | history
xen/include/public/acm.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.