blob: 6dba0a3d9172659b466fe6858340f65290e09afb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
#
# This file contains a listing of available modules.
#
# To prevent a module from being used in policy creation, set the module name
# to "off"; otherwise, set the module name on "on".
#
# The order the modules appear in this file is the order they will be parsed;
# this can be important if you plan to use types defined in one file in another.
#
# Basic types and classes for the Xen hypervisor. This module is required.
xen = on
# Permissions for domain 0. Most of these are required to boot.
dom0 = on
# Allow all domains the ability to use access-controlled features and hypercalls
# that are not restricted when XSM is disabled.
guest_features = on
# The default domain type (domU_t) and its device model (dm_dom_t). The domain
# is created and managed by dom0_t, and has no special restrictions.
#
# This is required if you want to be able to create domains without specifying
# their XSM label in the configuration.
domU = on
# Example types with restrictions
isolated_domU = on
prot_domU = on
nomigrate = on
# Example device policy. Also see policy/device_contexts.
nic_dev = on
# Xenstore stub domain (see init-xenstore-domain).
xenstore = on
# This allows any domain type to be created using the system_r role. When it is
# disabled, domains not using the default types (dom0_t, domU_t, dm_dom_t) must
# use another role (such as vm_r from the vm_role module below).
all_system_role = on
# Example users, roles, and constraints for user-based separation.
#
# The three users defined here can set up grant/event channel communication
# (vchan, device frontend/backend) between their own VMs, but cannot set up a
# channel to a VM under a different user.
vm_role = on
|
