The scope for XSM-FLASK is limited to Xen. The XSM-FLASK module implements
a separate and distinct security server from SELinux. The subjects,
objects, and permissions described in the XSM-FLASK policy are relevant only
to Xen. There is no functional dependency between XSM-FLASK and SELinux
guests. However, one uses the SELinux tools and policy grammar to construct
and analyze XSM-FLASK policies.
In a system running an SELinux guest and an XSM-FLASK enabled hypervisor,
there are two security servers. One security server is in the SELinux
guest. The other security server is in the XSM-FLASK enabled hypervisor.
Each security server is loaded with a policy that is relevant only to the
SELinux guest or XSM-Flask enabled hypervisor, respectively.
Let me know if this doesn't answer your questions.
> I have a question about XSM-ACM(sHype) and XSM-FLASK difference.
> These two are based on Flask model.
> So I wan to know the difference of these two.
> Is this is only a implementation difference?
> (like a policy description format etc.)
> Or any other difference exists?
> I think XSM-FLASK policy format is same as SELinux one.
> But Security Server is splited between Linux/Xen.
> In this situation,
> it looks same XSM-ACM and XSM-FLASKin a view from Security Server.
> If this discussion is already done,
> Please suggest me a pointer.
> Atsushi SAKAI
> Xense-devel mailing list
> [hidden email] > http://lists.xensource.com/xense-devel