aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask
Commit message (Collapse)AuthorAgeFilesLines
* tools: clean up handling of xen config and scripts directories.Keir Fraser2009-05-191-1/+1
| | | | | | | For now hardcode /etc w/o a prefix as there are hardcoded config paths in the code which would break otherwise. Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
* Use -MMD -MF in tools/* rather than -Wp,-M...Keir Fraser2009-01-122-6/+2
| | | | | | | | | | | | | | | | | | | | | | If you use -MMD -MF then the correct .o filename is written to the .*.d file as the compiler driver arranges everything. This was done in 19010:275abe1c5d24 for the hypervisor. In this patch we do the same elsewhere in the xen-unstable tree, particularly tools/. Specifically: * Change tools/Rules.mk to add -MMD -MF ... to CFLAGS and set DEPS. * Remove -Wp,-MD... from every other Makefile * Remove setting of DEPS from every other Makefile * Ensure that every Makefile says -include $(DEPS) * Ensure that every Makefile's clean target removes $(DEPS) Some Makefiles were already halfway there, but often for a different variable name eg PROG_DEP. The variable name is now standardised in Rules.mk as DEPS. I have done a test build with this change, on Debian etch. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
* Add 2 more permissions to the XSM/Flask default policy.Keir Fraser2008-10-271-1/+2
| | | | Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
* flask: Add 2 permissions to the default flask policy to get a VIF-enabled ↵Keir Fraser2008-10-081-0/+3
| | | | | | | | | guest to work This adds two more permissions to the default Flask policy to get a VM with a network interface to work. Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
* flask: Fix to default policy to get simple VM runningKeir Fraser2008-10-081-1/+1
| | | | | | | This fix gets to the default Flask/XSM policy gets a simple guest VM (Ramdisk only, no VIF) running. Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
* xsm, flask: sample flask policyKeir Fraser2008-09-0421-0/+2291
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - The patch includes a policy for xen that can be booted into enforcing mode and supports creation and management of paravirtualized guests. The policy follows the dom0/domU usage model, extension to other models or the addition of management or IO permissions should be much more straightforward now. The option flask_enforcing=1 can be passed on the xen line in grub to boot into enforcing mode. - The policy provides a basic policy for booting the platform and creating a domU with the label system_u:object_r:domU_t. The policy can be easily extended to support new types by modifying the xen.te source file. - The policy includes some basic macros which may be helpful in extending the policy. - The policy is compatible with and requires the most recent XSM patch, xsm-flask-io-sysctl-hooks-090308.diff. - The policy is not built as part of the make all as it requires the SELinux policy compiler which may/may not be installed on all systems. Users must go into the tools/flask/policy directory and explicitly compile the policy. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
* [XSM][FLASK] Argument handling bugs in XSM:FLASKKeir Fraser2008-07-212-6/+6
| | | | | | | | | | | | | | | | | | | Addresses a number of argument handling bugs in the flask_op hypercall in the XSM:Flask module. Thanks to Rafal Wojtczuk at McAfee for reporting the issues and Tim Deegan at Citrix for providing an initial patch. This patch addresses the following issues: - bounds checking and validation on input arguments to flask_op - updated ABI/API, size and cmd are now uint32_t - updated userspace tools and libraries to account for ABI/API changes - implemented all copies using from/to guest, better portability - implemented upper bounds checking on op->cmd, op->size - implemented sanity checking on op->size and op->buf - implemented bit vector for checking from/to usage on op->cmd Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
* tools/flask build: Use generic subdirs rules.Keir Fraser2008-03-251-18/+2
| | | | Signed-off-by: Bastian Blank <waldi@debian.org>
* Define CFLAGS and LDFLAGS for libxenctrl.Keir Fraser2008-01-271-3/+2
| | | | Signed-off-by: Bastian Blank <waldi@debian.org>
* Move generation of public header hierarchy into the tools.Keir Fraser2008-01-262-1/+2
| | | | | | | This patch merges the two versions of public header generation currently used in the build into one. Signed-off-by: Bastian Blank <waldi@debian.org>
* Add SBINDIR. Use it always.Keir Fraser2008-01-221-2/+2
| | | | Signed-off-by: Bastian Blank <waldi@debian.org>
* Add INCLUDEDIR. Use it.Keir Fraser2008-01-221-2/+2
| | | | Signed-off-by: Bastian Blank <waldi@debian.org>
* Apply PREFIX directly to LIBDIR.Keir Fraser2008-01-221-5/+5
| | | | Signed-off-by: Bastian Blank <waldi@debian.org>
* tools: Remove bogus external uses of xc_private.h. Clean up libflask.Keir Fraser2007-10-185-83/+30
| | | | Signed-off-by: Keir Fraser <keir@xensource.com>
* Fix non-portabilities in libflask.Keir Fraser2007-10-023-8/+7
| | | | Signed-off-by: John Levon <john.levon@sun.com>
* Delete flask tools build target and add to .hgignore.kfraser@localhost.localdomain2007-09-061-0/+0
| | | | Signed-off-by: Keir Fraser <keir@xensource.com>
* Xen Security Modules: ACM.kfraser@localhost.localdomain2007-08-311-0/+0
| | | | Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
* Xen Security Modules: Tools.kfraser@localhost.localdomain2007-08-316-0/+428
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 11:39:00 +0000