[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [OSSTEST PATCH v2 11/12] ts-debian-install: add in seclabel if XSM is enabled

Wei Liu writes ("Re: [OSSTEST PATCH v2 11/12] ts-debian-install: add in 
seclabel if XSM is enabled"):
> On Fri, Oct 10, 2014 at 05:01:57PM +0100, Ian Jackson wrote:
> > Surely it is a bug that this is necessary ?  xl shuld do the right
> > thing by default.
> 
> Well, xl is doing the right thing. Xen denies starting a guest without a
> seclabel. I think this is policy related, so it shouldn't be classified
> as a bug.

You haven't asked xl to `start a guest without a seclabel'.

You have asked xl to `start a guest'.

xl should do whatever is necessary to implement your wishes (assuming
your wishes are reasonable, of course).  If guests have to have
seclabels, xl should arrange to give them seclabels.  If you don't
specify the seclabel, xl should figure out what seclabel to give them.

And most of this ought probably to be in libxl, probably, rather than
xl.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.