diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2008-09-04 11:26:25 +0100 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2008-09-04 11:26:25 +0100 |
commit | 3129d6f2ead5be7c75078b1f7325d5a1e6d5e4d8 (patch) | |
tree | 9ad863524d59aff303bf67434c3dec8b45bae7bc /tools/flask/policy/policy/modules/xen/xen.if | |
parent | aff2988ad524ed3835bd0c402f8ec25264db61ea (diff) | |
download | xen-3129d6f2ead5be7c75078b1f7325d5a1e6d5e4d8.tar.gz xen-3129d6f2ead5be7c75078b1f7325d5a1e6d5e4d8.tar.bz2 xen-3129d6f2ead5be7c75078b1f7325d5a1e6d5e4d8.zip |
xsm, flask: sample flask policy
- The patch includes a policy for xen that can be booted into
enforcing mode and supports creation and management of
paravirtualized guests. The policy follows the dom0/domU usage
model, extension to other models or the addition of management or IO
permissions should be much more straightforward now. The option
flask_enforcing=1 can be passed on the xen line in grub to boot
into enforcing mode.
- The policy provides a basic policy for booting the platform and
creating a domU with the label system_u:object_r:domU_t. The policy
can be easily extended to support new types by modifying the xen.te
source file.
- The policy includes some basic macros which may be helpful in
extending the policy.
- The policy is compatible with and requires the most recent XSM
patch, xsm-flask-io-sysctl-hooks-090308.diff.
- The policy is not built as part of the make all as it requires the
SELinux policy compiler which may/may not be installed on all
systems. Users must go into the tools/flask/policy directory and
explicitly compile the policy.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.if')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if new file mode 100644 index 0000000000..792d600548 --- /dev/null +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -0,0 +1 @@ +# |