[Xen-devel] [PATCH] ACM: adding C-support for policy translation and labeling support for domains

[Reiner Sailer <sailer@xxxxxxxxxx>]

This patch:

* adds a C-based security policy translation
tool to Xen (secpol_xml2bin) and removes the current Java 
security policy translator (Java dependencies).
 The C-based tool integrates into the Xen source tree build 
and install (using gnome libxml2 for
XML parsing). See install.txt.

* introduces security labels and related
tools. Users can now use semantic-rich label names to put security-tags

on domains. See example.txt, policy.txt.

* moves the security configuration (currently
ACM_USE_SECURITY_POLICY) from xen/Rules.mk 
into a separate top-level Security.mk
file  (it is needed by the tools/security and xen/acm).

Both xen/acm and tools/security are
built during the Xen build process only if ACM_USE_SECURITY_POLICY 
is not ACM_NULL_POLICY (which is the
default setting).

Comments welcome!

Note: We are currently preparing a patch
that introduces a new ACM command (getssid) to retrieve the security types

of a running domain. This command is
enables domain-internal enforcement functions based on the ACM security
policy.

Thanks
Reiner

Signed-off-by Reiner Sailer <sailer@xxxxxxxxxx>
Signed-off by Stefan Berger <stefanb@xxxxxxxxxx>
Signed-off by Ray Valdez <rvaldez@xxxxxxxxxx>

secpol_xml2bin.diff
Description: Binary data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel