On 05/02/2011 03:12 PM, Paolo Smiraglia wrote: > Hi Michal! > > Due to reduce the implementation time and verify quickly if our project > is feasible, we decided to implement the prototype by using the simplest > user-space applications (VTun, Open vSwitch). > > To increase the security, we would like to move in kernel-space all > security components. We want to migrate from user to kernel space not by > defining new kernel modules or by modifying the existing ones, but by > using already defined applications that perform our security > requirements in kernel spaces. > > For instance, we have defined an application which filters all received > packets (by analyzing the VLAN tags) before that they are received by > the switch. We think that the filtering may be executed by using the > SELinux labels. About tunneling, we want to remove VTun from our > framework and setup directly the 'gretap' interfaces. > > Any other questions are welcomed! > > Paolo > > Hi Paolo, thanks for your quick reply. Maybe I can see the point now. If you would like to implement it using the already defined application that performs the security requirements in the kernel-space I guess the application are in the form of kernel module or directly implemented into the kernel so you need to check whether the required feature is present/module loaded to allow the functionality. Is this your aim ? Michal -- Michal Novotny <minovotn@xxxxxxxxxx>, RHCE Virtualization Team (xen userspace), Red Hat -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list