|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
On Tue, 2015-02-24 at 09:51 +0000, Julien Grall wrote: > > On 24/02/2015 09:39, Ian Campbell wrote: > > On Tue, 2015-02-24 at 09:31 +0000, Julien Grall wrote: > >> > >> On 24/02/2015 08:47, Ian Campbell wrote: > >>> On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf wrote: > >>>> When no policy is loaded, the FLASK policy is equivalent to an allow-all > >>>> policy; see xen/xsm/flask/ss/services.c:security_compute_av where it > >>>> bails out if !ss_initialized. It could be considered as either enforcing > >>>> or being permissive with an allow-all policy, but the actual access is > >>>> the same. > >>> > >>> Do you think anyone would want an option to be provided which causes Xen > >>> to fail to boot if a proper policy isn't provided (and loaded)? Similar > >>> to how iommu=force works. > >>> > >>> I can see how osstest testcases for xsm might want this to avoid > >>> accidentally testing with no policy, but not sure if it would be > >>> considered generally useful enough to be added. > >> > >> I think it would make sense to panic when flask_enforcing is enabled and > >> the policy is not loaded or valid. > > > > That would stop you running in enforcing mode with a late loaded policy. > > A separate flag to enforce boot time loading was what I was thinking of. > > You can enforce the policy later via xl setenforce. Ah, good. > So if someone wants to load a policy later and enforced it, he would > have to call : > - xl loadpolicy > - xl setenforce > > IHMO, when you set flask_enforcing on the command line, you expect to > pass a policy via the bootloader. That doesn't seem unreasonable -- Daniel what do you think? _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |