#
# This file contains a listing of available modules.
#
# To prevent a module from  being used in policy creation, set the module name
# to "off"; otherwise, set the module name on "on".
#
# The order the modules appear in this file is the order they will be parsed;
# this can be important if you plan to use types defined in one file in another.
#

# Basic types and classes for the Xen hypervisor.  This module is required.
xen = on

# Permissions for domain 0.  Most of these are required to boot.
dom0 = on

# Allow all domains the ability to use access-controlled features and hypercalls
# that are not restricted when XSM is disabled.
guest_features = on

# The default domain type (domU_t) and its device model (dm_dom_t).  The domain
# is created and managed by dom0_t, and has no special restrictions.
#
# This is required if you want to be able to create domains without specifying
# their XSM label in the configuration.
domU = on

# Example types with restrictions
isolated_domU = on
prot_domU = on
nomigrate = on

# Example device policy.  Also see policy/device_contexts.
nic_dev = on

# Xenstore stub domain (see init-xenstore-domain).
xenstore = on

# This allows any domain type to be created using the system_r role.  When it is
# disabled, domains not using the default types (dom0_t, domU_t, dm_dom_t) must
# use another role (such as vm_r from the vm_role module below).
all_system_role = on

# Example users, roles, and constraints for user-based separation.
# 
# The three users defined here can set up grant/event channel communication
# (vchan, device frontend/backend) between their own VMs, but cannot set up a
# channel to a VM under a different user.
vm_role = on