diff options
author | Hollis Blanchard <hollisb@us.ibm.com> | 2006-11-29 14:16:36 -0600 |
---|---|---|
committer | Hollis Blanchard <hollisb@us.ibm.com> | 2006-11-29 14:16:36 -0600 |
commit | ab26a6a563a0acb589af87a8e063c0e171d75665 (patch) | |
tree | 71a432bde5d016e928ab3ad7860fca01312ec787 /docs/src/interface.tex | |
parent | d3be8a6ca1aa9312cc01e780a2fea56ab8ec12b4 (diff) | |
parent | 1c804664cf63f0c2e80d0420e52d5f82c3956685 (diff) | |
download | xen-ab26a6a563a0acb589af87a8e063c0e171d75665.tar.gz xen-ab26a6a563a0acb589af87a8e063c0e171d75665.tar.bz2 xen-ab26a6a563a0acb589af87a8e063c0e171d75665.zip |
Merge with xen-unstable.hg.
Signed-off-by: Hollis Blanchard <hollisb@us.ibm.com>
Diffstat (limited to 'docs/src/interface.tex')
-rw-r--r-- | docs/src/interface.tex | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/docs/src/interface.tex b/docs/src/interface.tex index 9a598406a1..a77d4e81c2 100644 --- a/docs/src/interface.tex +++ b/docs/src/interface.tex @@ -955,7 +955,6 @@ This information doesn't change and is indexed by the domain's UUID. A {\bf /vm} entry contains the following information: \begin{description} -\item[ssidref] ssid reference for domain \item[uuid] uuid of the domain (somewhat redundant) \item[on\_reboot] the action to take on a domain reboot request (destroy or restart) \item[on\_poweroff] the action to take on a domain halt request (destroy or restart) @@ -1125,6 +1124,16 @@ This path contains: \end{description} \end{description} + \item[security/] access control information for the domain + \begin{description} + \item[ssidref] security reference identifier used inside the hypervisor + \item[access\_control/] security label used by management tools + \begin{description} + \item[label] security label name + \item[policy] security policy name + \end{description} + \end{description} + \item[store/] per-domain information for the store \begin{description} \item[port] the event channel used for the store ring queue @@ -2168,19 +2177,46 @@ Most of the above are best understood by looking at the code implementing them (in {\tt xen/common/dom0\_ops.c}) and in the user-space tools that use them (mostly in {\tt tools/libxc}). +\section{Access Control Module Hypercalls} +\label{s:acmops} + Hypercalls relating to the management of the Access Control Module are -also restricted to domain 0 access for now: +also restricted to domain 0 access for now. For more details on any or +all of these, please see {\tt xen/include/public/acm\_ops.h}. A +complete list is given below: \begin{quote} -\hypercall{acm\_op(struct acm\_op * u\_acm\_op)} +\hypercall{acm\_op(int cmd, void *args)} This hypercall can be used to configure the state of the ACM, query that state, request access control decisions and dump additional information. +\begin{description} + +\item [ACMOP\_SETPOLICY:] set the access control policy + +\item [ACMOP\_GETPOLICY:] get the current access control policy and + status + +\item [ACMOP\_DUMPSTATS:] get current access control hook invocation + statistics + +\item [ACMOP\_GETSSID:] get security access control information for a + domain + +\item [ACMOP\_GETDECISION:] get access decision based on the currently + enforced access control policy + +\end{description} \end{quote} +Most of the above are best understood by looking at the code +implementing them (in {\tt xen/common/acm\_ops.c}) and in the +user-space tools that use them (mostly in {\tt tools/security} and +{\tt tools/python/xen/lowlevel/acm}). + \section{Debugging Hypercalls} |