...
t's been decided that SELinux has to be fully integrated in to XenClientOpenXT's predecessor.
For that, it needs a policy governing every action that every program can do.
...
A good summary of SELinux history can be found here: https://www.ibm.com/developerworks/library/l-secure-linux-ru/
In
...
OpenXT's Predecessor
For now, SELinux is present in dom0 and ndvm, and as of the latest Spindrift release it is enforced from first boot in a Kent installation, permissive for all the other cases.
...
SELinux is also used to separate QEMU processes from eachother using an architecture known as sVirt. Our implementation of sVirt is documented in the XenClient sVirt pagethe OpenXT's predecessor sVirt page.
How it works
SELinux is built on the notion of contexts.
...
The SELinux rules are located in the XenClient git OpenXT's predecessor git repository selinux-policy.
...
Start by copying a small existing XenClient moduleOpenXT's predecessor module, such as angelomachy, replacing of course the occurrences of "angelomachy" by your module name.
...