XENStatements

From SELinux Wiki

1 Xen Statements

[edit] Xen Statements

Xen policy supports additional policy language statements: iomemcon, ioportcon, pcidevicecon and pirqcon that are discussed in the sections that follow.

To compile these additional statements using semodule(8), ensure that the semanage.conf(5) file has the policy-target=xen entry.

[edit] iomemcon Statement

The sid statement declares the actual SID identifier and is defined at the start of a policy source file.

The statement definition is:

iomemcon addr context;

Where:

iomemcon	The iomemcon keyword.
addr	The memory address to apply the context. This may also be a range that consists of a start and end address separated by a hypen ('`-`').
context	The security context to be applied.

The statement is valid in:

Monolithic Policy	Base Policy	Module Policy
Yes	Yes	No
Conditional Policy (if]) Statement	optional Statement	require Statement
No	No	No

Example:

iomemcon 0xfebd9 system_u:object_r:nicP_t;

iomemcon 0xfebe0-0xfebff system_u:object_r:nicP_t;

[edit] ioportcon Statement

The sid statement declares the actual SID identifier and is defined at the start of a policy source file.

The statement definition is:

ioportcon port context;

Where:

ioportcon	The ioportcon keyword.
port	The port to apply the context. This may also be a range that consists of a start and end port number separated by a hypen ('`-`').
context	The security context to be applied.

The statement is valid in:

Monolithic Policy	Base Policy	Module Policy
Yes	Yes	No
Conditional Policy (if]) Statement	optional Statement	require Statement
No	No	No

Example:

ioportcon 0xeac0 system_u:object_r:nicP_t;

ioportcon 0xecc0-0xecdf system_u:object_r:nicP_t;

[edit] pcidevicecon Statement

The sid statement declares the actual SID identifier and is defined at the start of a policy source file.

The statement definition is:

pcidevicecon pci_id context;

Where:

pcidevicecon	The pcidevicecon keyword.
pci_id	The PCI indentifer.
context	The security context to be applied.

The statement is valid in:

Monolithic Policy	Base Policy	Module Policy
Yes	Yes	No
Conditional Policy (if]) Statement	optional Statement	require Statement
No	No	No

Example:

pcidevicecon 0xc800 system_u:object_r:nicP_t;

[edit] pirqcon Statement

The sid statement declares the actual SID identifier and is defined at the start of a policy source file.

The statement definition is:

pirqcon irq context;

Where:

pirqcon	The pirqcon keyword.
irq	The interrupt request number.
context	The security context to be applied.

The statement is valid in:

Monolithic Policy	Base Policy	Module Policy
Yes	Yes	No
Conditional Policy (if]) Statement	optional Statement	require Statement
No	No	No

Example:

pirqcon 33 system_u:object_r:nicP_t;

Retrieved from "http://selinuxproject.org/page/XENStatements"

Category: Notebook

XENStatements

From SELinux Wiki

Contents

[edit] Xen Statements

[edit] iomemcon Statement

[edit] ioportcon Statement

[edit] pcidevicecon Statement

[edit] pirqcon Statement

Views

Personal tools

Navigation

Search

Toolbox