diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-09 18:25:49 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-02-09 18:25:49 +0000 |
commit | da41740d00b89d4141398600869e4a656da2501b (patch) | |
tree | b5c847d0a7292af42b3e87f58e43eefc2bce0ae0 /docs | |
parent | 0e19f276cf127ec118ef122d4934c845c5fc99a7 (diff) | |
download | xen-da41740d00b89d4141398600869e4a656da2501b.tar.gz xen-da41740d00b89d4141398600869e4a656da2501b.tar.bz2 xen-da41740d00b89d4141398600869e4a656da2501b.zip |
flask/policy: add device model types to example policy
This adds an example user for device_model_stubdomain_seclabel.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/misc/xsm-flask.txt | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 5b4297da85..e2e415d578 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -61,6 +61,10 @@ that can be used without dom0 disaggregation. The main types for domUs are: - isolated_domU_t can only communicate with dom0 - prot_domU_t is a domain type whose creation can be disabled with a boolean +HVM domains with stubdomain device models use two types (one per domain): + - domHVM_t is an HVM domain that uses a stubdomain device model + - dm_dom_t is the device model for a domain with type domHVM_t + One disadvantage of using type enforcement to enforce isolation is that a new type is needed for each group of domains. In addition, it is not possible to allow isolated_domU_t cannot to create loopback event channels without allowing |