Searched refs:security (Results 1 – 25 of 33) sorted by relevance
12
| /xen-4.10.0-shim-comet/tools/flask/policy/modules/ |
| A D | dom0.te | 3 # Allow dom0 access to all sysctls, devices, and the security server.
46 # These permissions allow using the FLASK security server to compute access
49 # Xen's security policy.
50 allow dom0_t security_t:security {
55 allow dom0_t security_t:security check_context;
58 allow dom0_t security_t:security { add_ocontext del_ocontext };
60 # Allow performance parameters of the security server to be tweaked
61 allow dom0_t security_t:security setsecparam;
63 # Allow changing the security policy
64 allow dom0_t security_t:security { load_policy setenforce setbool };
[all …]
|
| A D | xen.te | 41 # The XSM/FLASK security server
|
| A D | xen.if | 56 allow $1 $2:security check_context;
|
| /xen-4.10.0-shim-comet/ |
| A D | SUPPORT.md | 157 Status: Supported, not security supported
165 Status: Supported, not security supported
194 Status: Supported, Not security supported
498 for more information about security support.
506 are excluded from security support.
808 (or contact another security response team,
815 for non-security-supported versions.
820 * **Supported, Not security supported**
827 This feature is security supported
844 ### External security support
[all …]
|
| A D | .gitignore | 234 tools/security/secpol_tool
235 tools/security/xen/*
236 tools/security/xensec_tool
|
| A D | README | 189 http://www.intel.com/technology/security/.
|
| /xen-4.10.0-shim-comet/docs/features/ |
| A D | livepatch.pandoc | 25 has been used by multiple vendors to fix several real-world security
36 worth detailing the scope of security support:
40 guests and it shall be treated as a security issue if this is not
47 functions are patched), it shall be treated as a security issue.
52 results in an insecure host, this shall not be considered a security
62 security issue.
66 caused by invalid ELF files are not considered to be security issues
73 treated as a security issue.
79 There are also some generic security questions which are worth asking:
|
| A D | template.pandoc | 10 for the feature (indicating its security status), as well as brief user
|
| /xen-4.10.0-shim-comet/xen/xsm/flask/policy/ |
| A D | initial_sids | 4 # Define initial security identifiers
11 sid security
|
| A D | security_classes | 4 # Define the security object classes
20 class security
|
| A D | access_vectors | 416 # target = resource's security label
433 # target = resource's security label
440 # target = resource's security label
445 # target = resource's security label
480 # Class security describes the FLASK security server itself; these operations
485 # can bypass the rest of the security policy.
486 class security
488 # use the security server to compute an access check
490 # use the security server to compute a type transition
492 # use the security server to compute member selection
[all …]
|
| /xen-4.10.0-shim-comet/tools/flask/policy/policy/ |
| A D | security_classes | 1 # Locally defined security classes
5 # security policy.
|
| A D | access_vectors | 3 # Define access vectors for the security classes defined in security_classes.
|
| A D | initial_sids | 10 sid security gen_context(system_u:system_r:security_t,s0)
|
| /xen-4.10.0-shim-comet/docs/misc/ |
| A D | xsm-flask.txt | 6 a security model using this framework (at the time of writing, it is the only
29 dom0, and have not been reviewed for security when exposed to
35 Until the interfaces have been properly reviewed for security against
36 hostile callers, the Xen.org security team intends (subject of course
39 normal non-security-related bugs.
42 a radically disaggregated system to the security of a
55 not listed here are considered safe for disaggregation, security
57 to the normal security problem response policy
58 http://www.xenproject.org/security-policy.html.
92 reduced security support.
[all …]
|
| A D | qemu-xen-security | 2 security fixes when used together with the Xen hypervisor and only with
21 (security@xenproject.org).
|
| A D | qemu-deprivilege.txt | 1 For security reasons, libxl tries to pass a non-root username to QEMU as
|
| A D | vtpm-platforms.txt | 8 security properties for guests running on the platforms. There are several
|
| /xen-4.10.0-shim-comet/xen/common/ |
| A D | Kconfig | 95 Enables the security framework known as Xen Security Modules which
110 control framework by which security enforcement, isolation, and
111 auditing can be achieved with fine granular control via a security
128 bool "Compile Xen with a built-in security policy"
158 not present. If this feature is being used for security, it should
|
| /xen-4.10.0-shim-comet/xen/include/asm-arm/ |
| A D | cpufeature.h | 36 #define cpu_has_security (boot_cpu_feature32(security) > 0)
|
| A D | processor.h | 439 unsigned long security:4; member
|
| /xen-4.10.0-shim-comet/docs/process/ |
| A D | xen-release-management.pandoc | 87 limited due to the sensitive nature of security work. The best action the
88 Release Manager can take is to set aside some time for potential security
191 They have the correct commits and all security patches applied. There will be
224 Allow for contingencies. It is not uncommon that some last minute (security or
227 a push. For security bugs, coordinate with the Security Team to adjust the
228 dates according to our security policy.
|
| /xen-4.10.0-shim-comet/docs/man/ |
| A D | xen-vtpmmgr.pod.7 | 43 system's security, the PCRs used to seal the TPM manager's data must contain
279 TPM 2.0. Since using PCRs to seal the data can be an important security feature
281 TPM2_Seal/TPM2_Unseal to provide as much security as it did for TPM 1.2 in later
|
| A D | xl.pod.1.in | 309 Also displays the security labels.
313 Also displays the domain UUIDs, the shutdown reason and security labels.
1603 messages; inability to migrate the guest; and security
1604 vulnerabilities which are not covered by the Xen Project security
1687 B<FLASK> is a security framework that defines a mandatory access control policy
1697 You can find more details on how to use FLASK and an example security
1704 Determine if the FLASK security module is loaded and enforcing its policy.
1716 policy. Loading new security policy will reset runtime changes to device labels.
|
| A D | xl.cfg.pod.5.in | 557 Assign an XSM security label to this domain.
561 Specify an XSM security label used for this domain temporarily during
564 unpausing the domain. With a properly constructed security policy (such
1053 more control over the device, which may have security or stability
1309 to limit the consequencese of security vulnerabilities in qemu.
1398 while it may enhance your security,
1405 In the future as we enhance this feature to improve the security,
1662 can enhance security. This options requires that PAE also be
2502 Assign an XSM security label to the device-model stubdomain.
|
Completed in 22 milliseconds
12