From patchwork Tue Jul 19 09:05:34 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anshul Makkar X-Patchwork-Id: 9236517 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id A2DE66075D for ; Tue, 19 Jul 2016 09:08:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 922DC20009 for ; Tue, 19 Jul 2016 09:08:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 867C82624D; Tue, 19 Jul 2016 09:08:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 1F75520009 for ; Tue, 19 Jul 2016 09:08:35 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bPQyD-000383-Nq; Tue, 19 Jul 2016 09:05:41 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bPQyC-00037t-Hx for xen-devel@lists.xen.org; Tue, 19 Jul 2016 09:05:40 +0000 Received: from [193.109.254.147] by server-13.bemta-14.messagelabs.com id 55/9B-09524-36DED875; Tue, 19 Jul 2016 09:05:39 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpikeJIrShJLcpLzFFi42JxWrrBXjf5bW+ 4wbsnQhZLPi5mcWD0OLr7N1MAYxRrZl5SfkUCa8bU5+YFe/gqerceZGlgbOTpYuTkkBDwl9g9 4RIriM0moCdx5NYfdhBbREBWYnXXHDCbWcBV4krTZBYQW1igiVGi6bw6iM0ioCoxt+kfI4jNK +AucfvlCzaImXISJ49NBpspBFTT++wQE0SNoMTJmU9YIGZKSBx88YK5i5EDqJ5b4m+3/QRGnl lIqmYhqVrAyLSKUb04tagstUjXUC+pKDM9oyQ3MTNH19DQRC83tbg4MT01JzGpWC85P3cTIzA 8GIBgB+PRTudDjJIcTEqivKqiveFCfEn5KZUZicUZ8UWlOanFhxhlODiUJHi53wDlBItS01Mr 0jJzgIEKk5bg4FES4WUHSfMWFyTmFmemQ6ROMepybFlwYy2TEEtefl6qlDjvv9dARQIgRRmle XAjYFFziVFWSpiXEegoIZ6C1KLczBJU+VeM4hyMSsK89iCreDLzSuA2vQI6ggnoCAPVbpAjSh IRUlINjGvfp56Y2znHYsuDw8I/1tje2vjBuEqwWDrnadFm/97GyQtsOmRWhkdd/OzNICiyjPO f0m+zDTEZPZ+63z5ryo2/ovequNBCRc/bSdvZ8GbrG+ZXK012uj+dqprgfj791bcVlotazdZO nWGo/Wey+KZHc795/JzUIeNQX2Ps/GTLSe69t1//D1ViKc5INNRiLipOBADKbYcflQIAAA== X-Env-Sender: prvs=0012f5e29=anshul.makkar@citrix.com X-Msg-Ref: server-15.tower-27.messagelabs.com!1468919137!2123597!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 8.77; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2080 invoked from network); 19 Jul 2016 09:05:39 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-15.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 19 Jul 2016 09:05:39 -0000 X-IronPort-AV: E=Sophos;i="5.28,388,1464652800"; d="scan'208";a="373985529" From: Anshul Makkar To: Date: Tue, 19 Jul 2016 10:05:34 +0100 Message-ID: <1468919134-7603-1-git-send-email-anshul.makkar@citrix.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 X-DLP: MIA1 Cc: dgdegra@tycho.nsa.gov, Anshul Makkar Subject: [Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this. X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Anshul Makkar --- * Resending the patch due to incomplete subject in the previous patch. docs/misc/xsm-flask.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 62f15dd..bf8bb6e 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/misc/xsm-flask.txt @@ -9,8 +9,8 @@ controls over Xen domains, allowing the policy writer to define what interactions between domains, devices, and the hypervisor are permitted. Some examples of what FLASK can do: - - Prevent two domains from communicating via event channels or grants - - Control which domains can use device passthrough (and which devices) + - Prevent two domains types from communicating via event channels or grants + - Control which type of domains can use device passthrough (and which devices) - Restrict or audit operations performed by privileged domains - Prevent a privileged domain from arbitrarily mapping pages from other domains @@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy". The example policy included with Xen demonstrates most of the features of FLASK that can be used without dom0 disaggregation. The main types for domUs are: - - domU_t is a domain that can communicate with any other domU_t + - domU_t is a domain type that can communicate with any other domU_t types. - isolated_domU_t can only communicate with dom0 - prot_domU_t is a domain type whose creation can be disabled with a boolean - - nomigrate_t is a domain that must be created via the nomigrate_t_building + - nomigrate_t is a domain type that must be created via the nomigrate_t_building type, and whose memory cannot be read by dom0 once created HVM domains with stubdomain device models also need a type for the stub domain.