[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v7] libxl: introduce XSM relabel on build



On Wed, 2012-12-12 at 20:17 +0000, Daniel De Graaf wrote:
> In response to a suggestion from Jan, I am splitting out independent
> patches from the larger XSM series that I have been posting.  This is
> the only patch from that series that touches the toolstack; it is
> independent of the rest of the series as the hypervisor component has
> already been committed.
> 
> ---------------------8<-------------------------------------------------
> 
> Allow a domain to be built under one security label and run using a
> different label.  This can be used to prevent the domain builder or
> control domain from having the ability to access a guest domain's memory
> via map_foreign_range except during the build process where this is
> required.
> 
> Example domain configuration snippet:
>   seclabel='customer_1:vm_r:nomigrate_t'
>   init_seclabel='customer_1:vm_r:nomigrate_t_building'
> 
> Note: this does not provide complete protection from a malicious dom0;
> mappings created during the build process may persist after the relabel,
> and could be used to indirectly access the guest's memory. However, if
> dom0 correctly unmaps the domain upon building, a the domU is protected
> against dom0 becoming malicious in the future.
> 
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
> Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>

Acked + applied, thanks.

I'm in two minds about whether we should add a LIBXL_HAVE_<foo> #define.

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.