[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] XSM permissive by default.
On 3/8/16 7:51 PM, Konrad Rzeszutek Wilk wrote: > Hey, > > I was wondering if it we should change the default flask_bootparam > option from permissive to disabled? > > The reason being is that I was startled to see that my xSplice > code was able to patch the hypervisor from within an PV guest! > > Further testing showed that I could do 'xl debug-keys R' from > within the guests. This being possible with released 4.6 if I have > XSM enabled. > > All of this is due to the fact that I had forgotten to load the policy, > but Xen just told me: > > Flask: Access controls disabled until policy is loaded. > > which is an understatement. I somehow had expected that if no > policy was loaded it would revert to the dummy one which has the > same permission as the non-XSM build. Ha! What a surprise.. That's certainly been my assumption as well. > > Now that the XSM is enabled via config it becomes much more > easy to enable it.. > > Or perhaps change the code to flask so that if there are any > errors loading the policy it uses the dummy one? > To me that's what that error message from flask meant so I think that's the most sane default. Being in a worse state than if you had built without it. Machon, Something to consider for the Yocto builds as well. -- Doug Goldstein Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |