diff options
| author | Stefano Stabellini <stefano.stabellini@eu.citrix.com> | 2012-01-10 16:13:06 +0000 |
|---|---|---|
| committer | Stefano Stabellini <stefano.stabellini@eu.citrix.com> | 2012-01-10 16:13:06 +0000 |
| commit | 004d103be6131eba8596fed489dc3d64a87ad0ef (patch) | |
| tree | 868a2a09668a99ebc20cd767f6cda7c61e2757cb /docs/man/xl.pod.1 | |
| parent | 17c9cd6d20735ce4be4cb7f1590b3d6d64c627c7 (diff) | |
| download | xen-004d103be6131eba8596fed489dc3d64a87ad0ef.tar.gz xen-004d103be6131eba8596fed489dc3d64a87ad0ef.tar.bz2 xen-004d103be6131eba8596fed489dc3d64a87ad0ef.zip | |
docs: xl.pod.1: introduction to FLASK
Add a simple introduction to FLASK to the xl man page, at the beginning
of the FLASK chapter. Link to the xsm-flask.txt document.
Currently FLASK, TMEM and PCI PASS-THROUGH are defined as =head2 so they
look like sub-chapters of VIRTUAL DEVICE COMMANDS. Make them =head1.
Based on a text written by Daniel De Graaf.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'docs/man/xl.pod.1')
| -rw-r--r-- | docs/man/xl.pod.1 | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1 index 17789b4766..18fd411e82 100644 --- a/docs/man/xl.pod.1 +++ b/docs/man/xl.pod.1 @@ -906,7 +906,7 @@ List virtual network interfaces for a domain. =back -=head2 PCI PASS-THROUGH +=head1 PCI PASS-THROUGH =over 4 @@ -929,7 +929,7 @@ List pass-through pci devices for a domain. =back -=head2 TMEM +=head1 TMEM =over 4 @@ -995,7 +995,20 @@ Get information about how much freeable memory (MB) is in-use by tmem. =back -=head2 FLASK +=head1 FLASK + +B<FLASK> is a security framework that defines a mandatory access control policy +providing fine-grained controls over Xen domains, allowing the policy writer +to define what interactions between domains, devices, and the hypervisor are +permitted. Some example of what you can do using XSM/FLASK: + - Prevent two domains from communicating via event channels or grants + - Control which domains can use device passthrough (and which devices) + - Restrict or audit operations performed by privileged domains + - Prevent a privileged domain from arbitrarily mapping pages from other + domains. + +You can find more details on how to use FLASK and an example security +policy here: L<http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt> =over 4 @@ -1039,6 +1052,7 @@ And the following documents on the xen.org website: L<http://xenbits.xen.org/docs/unstable/misc/xl-network-configuration.html> L<http://xenbits.xen.org/docs/unstable/misc/xl-disk-configuration.txt> +L<http://xenbits.xen.org/docs/unstable/misc/xsm-flask.txt> =head1 BUGS |