Chapter 10: Using Xen Security Modules with FLASK

In Chapter 9, Secure Virtualization, we saw that libvirt is able to apply sVirt protection measures, based upon SELinux domains and category assignation, to several supported hypervisors. Xen, another popular open source hypervisor, is also supported by libvirt, but it is much more common to use Xen on its own, independent from libvirt.

Xen itself has a security framework called Xen Security Modules (XSM), similar to Linux Security Modules (LSM), and an access control system called XSM-FLASK, which is their SELinux-based security framework. We'll see how Xen uses XSM, how to build Xen with XSM support, and finally, how we can apply policies to Xen domains.

In this chapter, we're going to cover ...

Get SELinux System Administration - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Third Edition by Sven Vermeulen

Chapter 10: Using Xen Security Modules with FLASK

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly