Xen project Mailing List

Re: [Xen-devel] XSM permissive by default.

To: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, <dgdegra@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 9 Mar 2016 13:24:15 +0000

Delivery-date: Wed, 09 Mar 2016 13:24:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 09/03/16 01:51, Konrad Rzeszutek Wilk wrote: > Hey, > > I was wondering if it we should change the default flask_bootparam > option from permissive to disabled? > > The reason being is that I was startled to see that my xSplice > code was able to patch the hypervisor from within an PV guest! > > Further testing showed that I could do 'xl debug-keys R' from > within the guests. This being possible with released 4.6 if I have > XSM enabled. > > All of this is due to the fact that I had forgotten to load the policy, > but Xen just told me: > > Flask: Access controls disabled until policy is loaded. > > which is an understatement. I somehow had expected that if no > policy was loaded it would revert to the dummy one which has the > same permission as the non-XSM build. Ha! What a surprise.. > > Now that the XSM is enabled via config it becomes much more > easy to enable it.. > > Or perhaps change the code to flask so that if there are any > errors loading the policy it uses the dummy one? By the looks of it, "permissive" shouldn't be an available option at all. If a misconfiguration occurs, the behaviour should revert back to the current "dom0 all powerful, everything else unprivileged" state which currently exists without XSM. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.