view .hgtags @ 18437:294fc8fc4ba0

xsm, flask: sample flask policy

- The patch includes a policy for xen that can be booted into
enforcing mode and supports creation and management of
paravirtualized guests. The policy follows the dom0/domU usage
model, extension to other models or the addition of management or IO
permissions should be much more straightforward now. The option
flask_enforcing=1 can be passed on the xen line in grub to boot
into enforcing mode.

- The policy provides a basic policy for booting the platform and
creating a domU with the label system_u:object_r:domU_t. The policy
can be easily extended to support new types by modifying the xen.te
source file.

- The policy includes some basic macros which may be helpful in
extending the policy.

- The policy is compatible with and requires the most recent XSM
patch, xsm-flask-io-sysctl-hooks-090308.diff.

- The policy is not built as part of the make all as it requires the
SELinux policy compiler which may/may not be installed on all
systems. Users must go into the tools/flask/policy directory and
explicitly compile the policy.

Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
author Keir Fraser <keir.fraser@citrix.com>
date Thu Sep 04 11:26:25 2008 +0100 (2008-09-04)
parents ab1eec9ba5cb
children ee3e1fad5d92
line source
1 42882b3e0dda89f3a8ec00da568f86e9b3c230f1 RELEASE-2.0.0
2 475a162b66e2c19b1e9468b234a4ba705334905e RELEASE-2.0.1
3 dc2f08429f17e6614fd2f1ab88cc09ca0a850f32 RELEASE-2.0.2
4 6e1bbc13911751efa0b1c018425c1b085820fa02 RELEASE-2.0.3
5 fb875591fd72e15c31879c0e9034d99b80225595 RELEASE-2.0.4
6 1a522944f76540ea9d73fcc1b0d13d0f670183f0 RELEASE-2.0.5
7 2a5814ad2e5634a5fa291b703a152e7fc0b4faf0 RELEASE-2.0.6
8 487b2ee37d1cecb5f3e7a546b05ad097a0226f2f beta1
9 6a65fe0f84c8339b5b89362d0ec34d8abab752b0 ia64-stable
10 3d330e41f41ce1bc118c02346e18949ad5d67f6b latest-semistable
11 30c521db4c71960b0cf1d9c9e1b658e77b535a3e latest-stable
12 9afec5bc14aeb197ef37ea54a57eacd427463fc3 semistable
13 30c521db4c71960b0cf1d9c9e1b658e77b535a3e split-1.0
14 3d330e41f41ce1bc118c02346e18949ad5d67f6b split-1.1
15 c8fdb0caa77b429cf47f9707926e83947778cb48 RELEASE-3.0.0
16 af0573e9e5258db0a9d28aa954dd302ddd2c2d23 3.0.2-rc
17 d0d3fef37685be264a7f52201f8ef44c030daad3 3.0.2-branched
18 6ed4368b4a9e1924c983774c4b1a2b6baf8e98a6 3.0.3-branched
19 057f7c4dbed1c75a3fbe446d346cee04cff31497 3.0.4-branched
20 d2ef85c6bf84cc619ca2d42c2edfc6229e70a6ad 3.1.0-branched
21 bd3d6b4c52ec809f080c89c4ffcf61dc6e445978 sparse-tree-deprecated
22 1f0c6e0d74a4acc1d3796ff705adc8485eba9377 3.2.0-rc1
23 458dc123dd02d38aaa9acb513d6f237a1c6e967e 3.2.0-rc2
24 ed79613b48817d5e0d1f9b3cf104c0e4e8b0d8cf 3.2.0-rc3
25 c5deb251b9dcece9e466a48a66d3528ca1797db4 3.2.0-rc4
26 36bb2ab4722733d919d32e4555eb46cc6a06cb8f 3.2.0-rc5
27 9facc624a238f2b9437b07fa28ff65884aa867f2 3.2.0-rc6
28 c3494402098e26507fc61a6579832c0149351d6a 3.3.0-rc1
29 dde12ff94c96331668fe38a7b09506fa94d03c34 3.3.0-rc2
30 57fca3648f25dcc085ee380954342960a7979987 3.3.0-rc3
31 96d0a48e87ee46ba7b73e8c906a7e2e0baf60e2e 3.3.0-rc4
32 b4dba6a0e97cb6dd080fa566468e3cc972c34d7a 3.3.0-rc5
33 bc372510f1794ee41a8b0501cc84f8a65d05e094 3.3.0-rc6
34 daf1193bcd11345d566a4747fe1f12c90b44452c 3.3.0-rc7
35 1e99ba54035623731bc7318a8357aa6a118c5da1 3.3.0-branched