[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] (4.5-rc1) Problems using xl migrate



On 11/25/2014 05:07 AM, George Dunlap wrote:
On Mon, Nov 24, 2014 at 10:05 PM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
I do. The error is
(XEN) flask_domctl: Unknown op 72

Incidentally, Flask is running in permissive mode.

      Michael Young


This means that the new domctl needs to be added to the switch statement
in flask/hooks.c.  This error is triggered in permissive mode because it
is a code error rather than a policy error (which is what permissive mode
is intended to debug).

If that's the case, should we make that a BUG_ON()?  Or at least an
ASSERT() (which will only bug when compiled with debug=y), followed by
allow if in permissive mode, and deny if in enforcing mode?

Having it default deny, even in permissive mode, breaks the "principle
of least surprise", I think. :-)

  -George
Either one of these will allow a guest to crash the hypervisor by requesting
an undefined domctl, which is not really a good idea.  Linux uses a flag in
the security policy which defines if unknown permissions are allowed or
denied; I will send a patch adding this to Xen's security server and using
it instead of -EPERM in the default case of the switch statements.

The patch adding this feature probably shouldn't be applied to 4.5, but I'll
send it anyway.  I will also send a separate patch adding the 2 domctls.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.