Applying custom XSM policies – SELinux

July 03, 2021

Xen also allows administrators to build and use their own, custom policy.

The default policy for Xen is available inside the tools/flask/policy directory within the Xen build directory. For instance, the policy rules for the dom0 guest are available inside modules/dom0.te.

Building a custom policy is a matter of updating these files (make a backup before you do) and then rebuilding the policy itself:

$ make

The result of the policy build is a new xenpolicy-4.13.1 file. This file can be loaded directly using the xl loadpolicy command:

# xl loadpolicy /path/to/xenpolicy-4.13.1

This command is similar to the flask-loadpolicy command:

# flask-loadpolicy /path/to/xenpolicy-4.13.1

If, after testing, the policy is deemed ready to be used continuously, copy it over to /boot so that it is automatically picked up at the next boot as well.

Related Articles

How to add swap space on Ubuntu 21.04 Operating System

How to add swap space on Ubuntu 21.04 Operating System

The swap space is a unique space on the disk that is used by the system when Physical RAM is full. When a Linux machine runout the RAM it use swap space to move inactive pages from RAM. Swap space can be created into Linux system in two ways, one we can create a...

read more

Lorem ipsum dolor sit amet consectetur


Submit a Comment

Your email address will not be published. Required fields are marked *

fifteen + 12 =