|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 6/6] libxl: assign a default ssidref (XSM label) to guests
On Wed, May 20, 2015 at 03:39:00PM +0100, Ian Campbell wrote:
> We have now arranged for SECINITSID_DOMU and SECINITSID_DOMDM to be
> defined (correspondng to system_u:system_r:domU_t and
> system_u:system_r:dm_dom_t respectively in the default policy). Use
> these as the default for the SSID of every (stub)domain.
>
> Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> Cc: Wei.Liu2@xxxxxxxxxx
Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> ---
> v2: Set ssidref rather than label. It is no longer necessary to
> reorder things in libxl.c.
> v3: Set device_model_ssidref too if stubdoms are enabled.
> I didn't apply Wei's ack due to this change.
> ---
> tools/libxl/libxl_create.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
> index f0da7dc..853c252 100644
> --- a/tools/libxl/libxl_create.c
> +++ b/tools/libxl/libxl_create.c
> @@ -25,6 +25,8 @@
> #include <xen/hvm/hvm_info_table.h>
> #include <xen/hvm/e820.h>
>
> +#include <xen-xsm/flask/flask.h>
> +
> int libxl__domain_create_info_setdefault(libxl__gc *gc,
> libxl_domain_create_info *c_info)
> {
> @@ -42,6 +44,9 @@ int libxl__domain_create_info_setdefault(libxl__gc *gc,
> libxl_defbool_setdefault(&c_info->run_hotplug_scripts, true);
> libxl_defbool_setdefault(&c_info->driver_domain, false);
>
> + if (!c_info->ssidref)
> + c_info->ssidref = SECINITSID_DOMU;
> +
> return 0;
> }
>
> @@ -111,6 +116,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc,
>
> libxl_defbool_setdefault(&b_info->device_model_stubdomain, false);
>
> + if (libxl_defbool_val(b_info->device_model_stubdomain) &&
> + !b_info->device_model_ssidref)
> + b_info->device_model_ssidref = SECINITSID_DOMDM;
> +
> if (!b_info->device_model_version) {
> if (b_info->type == LIBXL_DOMAIN_TYPE_HVM) {
> if (libxl_defbool_val(b_info->device_model_stubdomain)) {
> --
> 1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |