 Home |
About Xen.org |
Xen |
Xen Summit |
Wiki |
Mailing List |
Bug Tracker |
Xen Downloads |
xense-devel
Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkb
|
> > So basically, the xenstore++ is in a stripped down secured domain and > someone with role-based access privileges communicates with xenstore++ > to connect a resource to a domain. Xenstore++ checks the permissions > and sets up the connection where the protocol description to use is an > attribute of the resource class. The protocol is policed and if it's > violated then either the resource provider (BE) or consumer (FE) or both > get blown away. > > There can be generic mechanisms in xenstore++ for colouring resources > and grouping roles etc to do fancy MAC stuff. > > > ...or something like that. > > Harry. > Hmm... this is not how I see xenstore today. Did you discuss what it takes to implement the "++"? (especially the part where you suggest moving xenstore in its on secured domain sounds very interesting) Would this be a non-intrusive change to Xen? Reiner _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| Previous by Date: | Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Harry Butterworth |
|---|---|
| Next by Date: | Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Andrew Warfield |
| Previous by Thread: | Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Harry Butterworth |
| Next by Thread: | Re: [Xen-devel] [PATCH][ACM] kernel enforcement of vbd policies via blkback driver, Harry Butterworth |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
xen.org, 