Home
last modified time | relevance | path

Searched refs:security (Results 1 – 25 of 35) sorted by relevance

12

/xen/tools/flask/policy/modules/
A Ddom0.te3 # Allow dom0 access to all sysctls, devices, and the security server.
46 # These permissions allow using the FLASK security server to compute access
49 # Xen's security policy.
50 allow dom0_t security_t:security {
55 allow dom0_t security_t:security check_context;
58 allow dom0_t security_t:security { add_ocontext del_ocontext };
60 # Allow performance parameters of the security server to be tweaked
61 allow dom0_t security_t:security setsecparam;
63 # Allow changing the security policy
64 allow dom0_t security_t:security { load_policy setenforce setbool };
[all …]
A Dxen.te41 # The XSM/FLASK security server
A Dxen.if57 allow $1 $2:security check_context;
/xen/
A DSUPPORT.md200 Status: Supported, not security supported
206 Status: Supported, not security supported
236 Status: Supported, Not security supported
559 for more information about security support.
567 are excluded from security support.
934 (or contact another security response team,
941 for non-security-supported versions.
946 * **Supported, Not security supported**
953 This feature is security supported
970 ### External security support
[all …]
A DCODING_STYLE160 reliability and security.
186 - To minimize risk of introducing security vulnerabilities,
229 introduce security vulnerabilities.
A D.gitignore227 tools/security/secpol_tool
228 tools/security/xen/*
229 tools/security/xensec_tool
A DINSTALL31 supported (and security supported) by the Xen Project, to change a
38 resulting configurations do not receive security support. If you set
290 and enabling XSM/Flask in the 'Common Features' menu. A security policy
/xen/docs/features/
A Dlivepatch.pandoc25 has been used by multiple vendors to fix several real-world security
36 worth detailing the scope of security support:
40 guests and it shall be treated as a security issue if this is not
47 functions are patched), it shall be treated as a security issue.
52 results in an insecure host, this shall not be considered a security
62 security issue.
66 caused by invalid ELF files are not considered to be security issues
73 treated as a security issue.
79 There are also some generic security questions which are worth asking:
A Dqemu-deprivilege.pandoc40 For maximum security, libxl needs to run the devicemodel for each
128 See SUPPORT.md for security support status.
A Dtemplate.pandoc10 for the feature (indicating its security status), as well as brief user
/xen/xen/xsm/flask/policy/
A Dinitial_sids4 # Define initial security identifiers
11 sid security
A Dsecurity_classes4 # Define the security object classes
20 class security
A Daccess_vectors407 # target = resource's security label
424 # target = resource's security label
431 # target = resource's security label
436 # target = resource's security label
471 # Class security describes the FLASK security server itself; these operations
476 # can bypass the rest of the security policy.
477 class security
479 # use the security server to compute an access check
481 # use the security server to compute a type transition
483 # use the security server to compute member selection
[all …]
/xen/tools/flask/policy/policy/
A Dsecurity_classes1 # Locally defined security classes
5 # security policy.
A Daccess_vectors3 # Define access vectors for the security classes defined in security_classes.
A Dinitial_sids10 sid security gen_context(system_u:system_r:security_t,s0)
/xen/docs/misc/
A Dxsm-flask.txt6 a security model using this framework (at the time of writing, it is the only
29 dom0, and have not been reviewed for security when exposed to
35 Until the interfaces have been properly reviewed for security against
36 hostile callers, the Xen.org security team intends (subject of course
39 normal non-security-related bugs.
42 a radically disaggregated system to the security of a
49 than reduce the security of such a system to one whose device models,
55 not listed here are considered safe for disaggregation, security
57 to the normal security problem response policy
58 https://www.xenproject.org/security-policy.html.
[all …]
A Dvtpm-platforms.txt8 security properties for guests running on the platforms. There are several
/xen/xen/include/asm-arm/
A Dcpufeature.h36 #define cpu_has_security (boot_cpu_feature32(security) > 0)
214 unsigned long security:4; member
/xen/xen/
A DKconfig44 Xen binaries built with this option enabled are not security
/xen/xen/common/
A DKconfig179 Enables the security framework known as Xen Security Modules which
194 control framework by which security enforcement, isolation, and
195 auditing can be achieved with fine granular control via a security
212 bool "Compile Xen with a built-in FLASK security policy"
269 not present. If this feature is being used for security, it should
/xen/docs/process/
A Dxen-release-management.pandoc78 limited due to the sensitive nature of security work. The best action the
79 Release Manager can take is to set aside some time for potential security
187 They have the correct commits and all security patches applied. There will be
197 5. Specify the dates regarding support and security support in SUPPORT.md.
227 Allow for contingencies. It is not uncommon that some last minute (security or
230 a push. For security bugs, coordinate with the Security Team to adjust the
231 dates according to our security policy.
/xen/docs/man/
A Dxen-vtpmmgr.7.pod47 system's security, the PCRs used to seal the TPM manager's data must contain
283 TPM 2.0. Since using PCRs to seal the data can be an important security feature
285 TPM2_Seal/TPM2_Unseal to provide as much security as it did for TPM 1.2 in later
A Dxl.1.pod.in309 Also displays the security labels.
313 Also displays the domain UUIDs, the shutdown reason and security labels.
1726 messages; inability to migrate the guest; and security
1727 vulnerabilities which are not covered by the Xen Project security
1742 B<FLASK> is a security framework that defines a mandatory access control policy
1752 You can find more details on how to use FLASK and an example security
1759 Determine if the FLASK security module is loaded and enforcing its policy.
1771 policy. Loading new security policy will reset runtime changes to device labels.
/xen/docs/designs/
A Dqemu-deprivilege.md6 violating the system's overall security properties. Ie, a guest
229 interactions have not historically considered from a security point of

Completed in 25 milliseconds

12