diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:35:03 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-12-18 14:35:03 +0000 |
commit | e628c3b0b888ac4291e8d963eb01f420ffca10ad (patch) | |
tree | 7f70a146ba45e15e7d2677f5db606d41b3cd3043 /docs/man | |
parent | 32103e04bed97da5c42a12d2d40cbdfff61e8cdb (diff) | |
download | xen-e628c3b0b888ac4291e8d963eb01f420ffca10ad.tar.gz xen-e628c3b0b888ac4291e8d963eb01f420ffca10ad.tar.bz2 xen-e628c3b0b888ac4291e8d963eb01f420ffca10ad.zip |
xl.pod.1: improve documentation of FLASK commands
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Diffstat (limited to 'docs/man')
-rw-r--r-- | docs/man/xl.pod.1 | 38 |
1 files changed, 22 insertions, 16 deletions
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1 index 5a39ae5cdf..72196ee28b 100644 --- a/docs/man/xl.pod.1 +++ b/docs/man/xl.pod.1 @@ -197,10 +197,6 @@ I<filename> specified, without pausing the domain. The dump file will be written to a distribution specific directory for dump files. Such as: /var/lib/xen/dump or /var/xen/dump. -=item B<getenforce> - -Returns the current enforcing mode of the Flask Xen security module. - =item B<help> [I<--long>] Displays the short help message (i.e. common commands). @@ -303,10 +299,6 @@ less utilized than a high CPU workload. Consider yourself warned. =back -=item B<loadpolicy> I<policyfile> - -Loads a new policy int the Flask Xen security module. - =item B<mem-max> I<domain-id> I<mem> Specify the maximum amount of memory the domain is able to use, appending 't' @@ -397,10 +389,6 @@ Enable debug messages. =back -=item B<setenforce> I<1|0|Enforcing|Permissive> - -Sets the current enforcing mode of the Flask Xen security module - =item B<save> [I<OPTIONS>] I<domain-id> I<CheckpointFile> [I<ConfigFile>] Saves a running domain to a state file so that it can be restored @@ -997,6 +985,28 @@ Get information about how much freeable memory (MB) is in-use by tmem. =back +=head2 FLASK + +=over 4 + +=item B<getenforce> + +Determine if the FLASK security module is loaded and enforcing its policy. + +=item B<setenforce> I<1|0|Enforcing|Permissive> + +Enable or disable enforcing of the FLASK access controls. The default is +permissive and can be changed using the flask_enforcing option on the +hypervisor's command line. + +=item B<loadpolicy> I<policy-file> + +Load FLASK policy from the given policy file. The initial policy is provided to +the hypervisor as a multiboot module; this command allows runtime updates to the +policy. Loading new security policy will reset runtime changes to device labels. + +=back + =head1 TO BE DOCUMENTED We need better documentation for: @@ -1007,10 +1017,6 @@ We need better documentation for: Trascendent Memory. -=item B<Flask> - -Xen Flask security module. - =back =head1 SEE ALSO |