[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly

On Tue, 2015-02-24 at 09:31 +0000, Julien Grall wrote:
> On 24/02/2015 08:47, Ian Campbell wrote:
> > On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf wrote:
> >> When no policy is loaded, the FLASK policy is equivalent to an allow-all
> >> policy; see xen/xsm/flask/ss/services.c:security_compute_av where it
> >> bails out if !ss_initialized.  It could be considered as either enforcing
> >> or being permissive with an allow-all policy, but the actual access is
> >> the same.
> >
> > Do you think anyone would want an option to be provided which causes Xen
> > to fail to boot if a proper policy isn't provided (and loaded)? Similar
> > to how iommu=force works.
> >
> > I can see how osstest testcases for xsm might want this to avoid
> > accidentally testing with no policy, but not sure if it would be
> > considered generally useful enough to be added.
> I think it would make sense to panic when flask_enforcing is enabled and 
> the policy is not loaded or valid.

That would stop you running in enforcing mode with a late loaded policy.
A separate flag to enforce boot time loading was what I was thinking of.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.