[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxxxxx>
Date: Fri, 27 Feb 2015 14:03:26 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Wei Liu <wei.liu2@xxxxxxxxxx>
Delivery-date: Fri, 27 Feb 2015 14:04:03 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi Daniel,

On 24/02/15 15:53, Daniel De Graaf wrote:
> This seems a reasonable solution if we don't want to change how the boot
> parameters are set up.
> 
> Another alternative would be to change flask_enforcing/flask_enabled to
> a single "flask=" parameter with options:
>  disabled - revert to dummy (no XSM) policy, same as flask_enabled=0
>  develop/permissive - a missing or broken policy does not panic
>  enforce/enforcing/force - require policy to be loaded at boot time
>  late/load - bootloader policy is not used; later loadpolicy is enforcing
> 
> The default would be "permissive" as in the existing hypervisor.  This
> would be more flexible, but I'm not sure it is worth breaking existing
> command lines and changing documentation to implement.

This look a good solution, having flask_enforcing without flask_enable
doesn't make much sense.

Although I don't know what is the policy about xen parameters. Maybe Ian
or Jan have an idea about it.

Regards,

-- 
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Wei Liu
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Daniel De Graaf
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Julien Grall
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Julien Grall
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Ian Campbell
- Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] [PATCH 3/5] x86: widen NUMA nodes to be allocated from
Next by Date: [Xen-devel] [PATCH] xen/arm: Handle translated addresses for hardware domains in GICv2
Previous by thread: Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
Next by thread: [Xen-devel] [rumpuserxen test] 34949: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.