|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xsm/flask: Handle policy load failures properly
On Fri, 2015-02-27 at 14:03 +0000, Julien Grall wrote: > Hi Daniel, > > On 24/02/15 15:53, Daniel De Graaf wrote: > > This seems a reasonable solution if we don't want to change how the boot > > parameters are set up. > > > > Another alternative would be to change flask_enforcing/flask_enabled to > > a single "flask=" parameter with options: > > disabled - revert to dummy (no XSM) policy, same as flask_enabled=0 > > develop/permissive - a missing or broken policy does not panic > > enforce/enforcing/force - require policy to be loaded at boot time > > late/load - bootloader policy is not used; later loadpolicy is enforcing > > > > The default would be "permissive" as in the existing hypervisor. This > > would be more flexible, but I'm not sure it is worth breaking existing > > command lines and changing documentation to implement. > > This look a good solution, having flask_enforcing without flask_enable > doesn't make much sense. > > Although I don't know what is the policy about xen parameters. Maybe Ian > or Jan have an idea about it. I don't think we generally shy away from making such changes where we have a good reason. It might be nice to keep the old options as aliases for the equivalent new behaviour, I don't know if that should be mandatory thoguh. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |