17.20.4. Configuring Access Control
Red Hat Virtualization access control consists of two major components. The Access Control Policy (ACP) defines access rules and security labels. When domains requests communication access, the Access Control Module (ACM) interprets the policy and handles access control decisions. The ACM determines access rights from the domain security label. Then the ACP enables the security labels and access rules and assigns them to domains and resources. The ACP uses two different ways of label management:
| Label | Description |
|---|---|
|
Simple Type Enforcement |
The ACP interprets the labels and assigns access requests to domains that require virtual (or physical) access. The security policy controls access between domains and assigns the proper labels to the respective domain. By default, access to domains with Simple Type Enforcement domains is not enabled. |
|
Chinese Wall |
The Chinese Wall security policy controls and responds to access requests from a domain. |
A policy is a separated list of names that translates into a local path and points to the policy XML file (relative to the global policy root directory). For instance, the domain file chinese_wall.client_V1 pertains to the policy file /example/chinese_wall.client_v1.xml.
Red Hat Virtualization includes these parameters that allow you to manage security policies and assign labels to domains: