diff options
| author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-07-19 16:59:48 +0100 |
|---|---|---|
| committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-07-19 16:59:48 +0100 |
| commit | fbf9c4996c5d8e18060c3391cc3a7e6bf3e81dca (patch) | |
| tree | f6cc5a911d55ee477499cf2e6d5546744ea076a3 /tools/libxen | |
| parent | e090b4546373065d13b799dfe05340b5e93f41fa (diff) | |
| download | xen-fbf9c4996c5d8e18060c3391cc3a7e6bf3e81dca.tar.gz xen-fbf9c4996c5d8e18060c3391cc3a7e6bf3e81dca.tar.bz2 xen-fbf9c4996c5d8e18060c3391cc3a7e6bf3e81dca.zip | |
[xend / libxen] Add support for labeling of virtual network interfaces.
This patch adds labeling of virtual network interfaces to xend and
makes this manageable through the Xen-API. It's a feature that is
only usable if ACM is enabled in Xen and xend is used through the
xen-api. A labeled virtual network interface will be plugged into a
bridge where other domains with the same-labeled network interface are
connected to, so that only same-colored domains can communicate with
each other. The bridge should be connected to the outside world using
VLAN for isolation, extending the isolation beyond the local machine.
If a virtual machine is labeled with a VM label that only has one
Simple Type Enforcement Type then it is not necessary to label the
virtual network interface, but the color of the network interface is
determined from the VM's label. If, however, a virtual machine is
labeled with a VM label that has multiple Simple Type Enforcement
Types, then the explicit labeling of each virtual network interface is
required. To specify the label of a network interface, the vif line in
the VM's configuration file has been extended with parameters similar
use for specifying the label of the VM:
vif = ['policy=<policy name>,label=<resource label>']
This labels the VIF of the virtual machine for usage under the policy
'policy name' and labels it with the label 'resource label'.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Diffstat (limited to 'tools/libxen')
| -rw-r--r-- | tools/libxen/include/xen/api/xen_vif.h | 14 | ||||
| -rw-r--r-- | tools/libxen/src/xen_vif.c | 39 |
2 files changed, 53 insertions, 0 deletions
diff --git a/tools/libxen/include/xen/api/xen_vif.h b/tools/libxen/include/xen/api/xen_vif.h index 26608f0af9..3fb8d7128e 100644 --- a/tools/libxen/include/xen/api/xen_vif.h +++ b/tools/libxen/include/xen/api/xen_vif.h @@ -362,4 +362,18 @@ extern bool xen_vif_get_all(xen_session *session, struct xen_vif_set **result); +/** + * Set the security label of a VIF. + */ +extern bool +xen_vif_set_security_label(xen_session *session, int64_t *result, xen_vif vif, + char *label, char *oldlabel); + + +/** + * Get the security label of a VIF. + */ +extern bool +xen_vif_get_security_label(xen_session *session, char **result, xen_vif vif); + #endif diff --git a/tools/libxen/src/xen_vif.c b/tools/libxen/src/xen_vif.c index bc9dd0dd2f..ac6147ff4f 100644 --- a/tools/libxen/src/xen_vif.c +++ b/tools/libxen/src/xen_vif.c @@ -575,3 +575,42 @@ xen_vif_get_uuid(xen_session *session, char **result, xen_vif vif) XEN_CALL_("VIF.get_uuid"); return session->ok; } + + +bool +xen_vif_set_security_label(xen_session *session, int64_t *result, xen_vif vif, + char *label, char *oldlabel) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vif }, + { .type = &abstract_type_string, + .u.string_val = label }, + { .type = &abstract_type_string, + .u.string_val = oldlabel }, + }; + + abstract_type result_type = abstract_type_int; + + *result = 0; + XEN_CALL_("VIF.set_security_label"); + return session->ok; +} + + +bool +xen_vif_get_security_label(xen_session *session, char **result, xen_vif vif) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vif }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("VIF.get_security_label"); + return session->ok; +} |