|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
On Tue, 2015-02-24 at 09:31 +0000, Julien Grall wrote: > > On 24/02/2015 08:47, Ian Campbell wrote: > > On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf wrote: > >> When no policy is loaded, the FLASK policy is equivalent to an allow-all > >> policy; see xen/xsm/flask/ss/services.c:security_compute_av where it > >> bails out if !ss_initialized. It could be considered as either enforcing > >> or being permissive with an allow-all policy, but the actual access is > >> the same. > > > > Do you think anyone would want an option to be provided which causes Xen > > to fail to boot if a proper policy isn't provided (and loaded)? Similar > > to how iommu=force works. > > > > I can see how osstest testcases for xsm might want this to avoid > > accidentally testing with no policy, but not sure if it would be > > considered generally useful enough to be added. > > I think it would make sense to panic when flask_enforcing is enabled and > the policy is not loaded or valid. That would stop you running in enforcing mode with a late loaded policy. A separate flag to enforce boot time loading was what I was thinking of. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |