Trusted virtual machines based on statically configured security models are either too restrictive, or too open an environment for many types of applications. The domain and type enforcement model of mandatory access control is a static approach to security that supports the principle of least privilege. We propose a dynamically configurable variant of domain and type enforcement, in which access control tables are modifiable subject to configuration controls represented in a rule-base. Two benefits accrue from this separation into table-based access control, and rule-based configuration control: simplicity, and efficiency. An example demonstrates the viability of our approach.