SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: xen 2.0 - adding selinux permissions This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Luke Kenneth Casson Leighton <lkcl_at_lkcl.net> Date: Wed, 24 Nov 2004 15:09:27 +0000 On Wed, Nov 24, 2004 at 08:39:16AM -0500, Stephen Smalley wrote: > On Tue, 2004-11-23 at 17:03, Luke Kenneth Casson Leighton wrote: > > - add in some new selinux security ids representing the xen commands > > (create virtual machine, list virtual machines, shutdown a machine, > > suspend-a-session-to-disk, etc.) > > I assume you actually mean add a new security class (xen) and define an > access vector for it with permissions for each of these operations, not > add a security identifier. yes? > As there is no real object for these > requests, I suppose you could just make them task->self checks as with > the existing capability checks. No need to add a new security id for > the target. okay, i must have misunderstood. i envisage creating a xen_has_perm() and _that_ means adding something to security/selinux/include/av_permissions.h #define XEN_VM_CREATE 0x00000001UL #define XEN_VM_DESTROY 0x00000002UL, etc. and creating a SECCLASS_XEN? /* Check whether a task is allowed to perform a xen virtual machine operation. / int xen_has_perm(struct task_struct tsk, u32 perms) { struct task_security_struct *tsec; tsec = tsk->security; return avc_has_perm(tsec->sid, tsec->sid, SECCLASS_XEN, perms, NULL, NULL); } what alternative to this approach is there? bearing in mind that the xen daemon (running in the xen master) offers access to the consoles of the guest operating systems. i _really_ want to be able to stop that access from happening, or at least control the circumstances under which access to the guest's consoles is allowed! at present, any program with access to port 8000 (on localhost or on the LAN depending on a config option) can start a guest OS, kill an existing one, access all consoles and start hacking away at the login prompt, that sort of thing... l. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 24 Nov 2004 - 09:58:50 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: xen 2.0 - adding selinux permissions" Previous message: Stephen Smalley: "Re: xen 2.0 - adding selinux permissions" In reply to: Stephen Smalley: "Re: xen 2.0 - adding selinux permissions" Next in thread: Stephen Smalley: "Re: xen 2.0 - adding selinux permissions" Reply: Stephen Smalley: "Re: xen 2.0 - adding selinux permissions" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom