From patchwork Tue Jul 19 07:33:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anshul Makkar X-Patchwork-Id: 9236213 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 82A00600CB for ; Tue, 19 Jul 2016 07:35:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 77882201F5 for ; Tue, 19 Jul 2016 07:35:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6C338205AA; Tue, 19 Jul 2016 07:35:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id AFB99201F5 for ; Tue, 19 Jul 2016 07:35:54 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bPPWj-0003Hm-7y; Tue, 19 Jul 2016 07:33:13 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bPPWh-0003Hg-PQ for xen-devel@lists.xen.org; Tue, 19 Jul 2016 07:33:11 +0000 Received: from [85.158.139.211] by server-10.bemta-5.messagelabs.com id 37/AC-19922-7B7DD875; Tue, 19 Jul 2016 07:33:11 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupikeJIrShJLcpLzFFi42JxWrrBXnfb9d5 wg59z1C2WfFzM4sDocXT3b6YAxijWzLyk/IoE1owPB2awFHzgrTg16xpbA+Nh7i5GTg4JAX+J lWt2MIPYbAJ6Ekdu/WEHsUUEZCVWd80Bs5kFXCWuNE1mAbGFBVwklu3aBGazCKhKLNq7C8zmF XCX2PntCzPETDmJk8cms4LYQkA1vc8OMUHUCEqcnPmEBWKmhMTBFy+A6jmA6rkl/nbbT2DkmY WkahaSqgWMTKsYNYpTi8pSi3SNzPSSijLTM0pyEzNzdA0NTPVyU4uLE9NTcxKTivWS83M3MQJ DpJ6BgXEH4+3JfocYJTmYlER5VUV7w4X4kvJTKjMSizPii0pzUosPMcpwcChJ8PZdA8oJFqWm p1akZeYAgxUmLcHBoyTCOxckzVtckJhbnJkOkTrFaMyxbdr1tUwcWxbcWMskxJKXn5cqJc4bB VIqAFKaUZoHNwgWRZcYZaWEeRkZGBiEeApSi3IzS1DlXzGKczAqCfOeB5nCk5lXArfvFdApTE CnGKh2g5xSkoiQkmpgFNaUXBlye0JKBMOBn9m33s7t99l46uZkiRW3Z7/bcmV7L8e8rc+nOMc LzfFQ5wtZNj9M0My749KqWcFa3kK6L3Ju9yQ3zlCaYFluEfgo98TG4OJ9+W42c8y2bTO5+4Ch zHpi4qSV8aK8d5smVbv8mrulfFbLKyuB7KSdqyfejrQ9+ffEpPIHxUosxRmJhlrMRcWJAAxOa cidAgAA X-Env-Sender: prvs=0012f5e29=anshul.makkar@citrix.com X-Msg-Ref: server-10.tower-206.messagelabs.com!1468913589!33076027!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.77; banners=-,-,- X-VirusChecked: Checked Received: (qmail 27183 invoked from network); 19 Jul 2016 07:33:10 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-10.tower-206.messagelabs.com with RC4-SHA encrypted SMTP; 19 Jul 2016 07:33:10 -0000 X-IronPort-AV: E=Sophos;i="5.28,388,1464652800"; d="scan'208";a="373975248" From: Anshul Makkar To: Date: Tue, 19 Jul 2016 08:33:01 +0100 Message-ID: <1468913581-6533-1-git-send-email-anshul.makkar@citrix.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 X-DLP: MIA1 Cc: dgdegra@tycho.nsa.gov, Anshul Makkar Subject: [Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Anshul Makkar --- docs/misc/xsm-flask.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 62f15dd..bf8bb6e 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -9,8 +9,8 @@ controls over Xen domains, allowing the policy writer to define what interactions between domains, devices, and the hypervisor are permitted. Some examples of what FLASK can do: - - Prevent two domains from communicating via event channels or grants - - Control which domains can use device passthrough (and which devices) + - Prevent two domains types from communicating via event channels or grants + - Control which type of domains can use device passthrough (and which devices) - Restrict or audit operations performed by privileged domains - Prevent a privileged domain from arbitrarily mapping pages from other domains @@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy". The example policy included with Xen demonstrates most of the features of FLASK that can be used without dom0 disaggregation. The main types for domUs are: - - domU_t is a domain that can communicate with any other domU_t + - domU_t is a domain type that can communicate with any other domU_t types. - isolated_domU_t can only communicate with dom0 - prot_domU_t is a domain type whose creation can be disabled with a boolean - - nomigrate_t is a domain that must be created via the nomigrate_t_building + - nomigrate_t is a domain type that must be created via the nomigrate_t_building type, and whose memory cannot be read by dom0 once created HVM domains with stubdomain device models also need a type for the stub domain.