1#
2# This file contains a listing of available modules.
3#
4# To prevent a module from  being used in policy creation, set the module name
5# to "off"; otherwise, set the module name on "on".
6#
7# The order the modules appear in this file is the order they will be parsed;
8# this can be important if you plan to use types defined in one file in another.
9#
10
11# Basic types and classes for the Xen hypervisor.  This module is required.
12xen = on
13
14# Permissions for domain 0.  Most of these are required to boot.
15dom0 = on
16
17# Allow all domains the ability to use access-controlled features and hypercalls
18# that are not restricted when XSM is disabled.
19guest_features = on
20
21# The default domain type (domU_t) and its device model (dm_dom_t).  The domain
22# is created and managed by dom0_t, and has no special restrictions.
23#
24# This is required if you want to be able to create domains without specifying
25# their XSM label in the configuration.
26domU = on
27
28# Example types with restrictions
29isolated_domU = on
30prot_domU = on
31nomigrate = on
32
33# Example device policy.  Also see policy/device_contexts.
34nic_dev = on
35
36# Xenstore stub domain (see init-xenstore-domain).
37xenstore = on
38
39# This allows any domain type to be created using the system_r role.  When it is
40# disabled, domains not using the default types (dom0_t, domU_t, dm_dom_t) must
41# use another role (such as vm_r from the vm_role module below).
42all_system_role = on
43
44# Example users, roles, and constraints for user-based separation.
45#
46# The three users defined here can set up grant/event channel communication
47# (vchan, device frontend/backend) between their own VMs, but cannot set up a
48# channel to a VM under a different user.
49vm_role = on
50