[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] XSM permissive by default.
On 09/03/16 01:51, Konrad Rzeszutek Wilk wrote: > Hey, > > I was wondering if it we should change the default flask_bootparam > option from permissive to disabled? > > The reason being is that I was startled to see that my xSplice > code was able to patch the hypervisor from within an PV guest! > > Further testing showed that I could do 'xl debug-keys R' from > within the guests. This being possible with released 4.6 if I have > XSM enabled. > > All of this is due to the fact that I had forgotten to load the policy, > but Xen just told me: > > Flask: Access controls disabled until policy is loaded. > > which is an understatement. I somehow had expected that if no > policy was loaded it would revert to the dummy one which has the > same permission as the non-XSM build. Ha! What a surprise.. > > Now that the XSM is enabled via config it becomes much more > easy to enable it.. > > Or perhaps change the code to flask so that if there are any > errors loading the policy it uses the dummy one? By the looks of it, "permissive" shouldn't be an available option at all. If a misconfiguration occurs, the behaviour should revert back to the current "dom0 all powerful, everything else unprivileged" state which currently exists without XSM. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |