[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] XSM permissive by default.



On 09/03/16 01:51, Konrad Rzeszutek Wilk wrote:
> Hey,
>
> I was wondering if it we should change the default flask_bootparam
> option from permissive to disabled?
>
> The reason being is that I was startled to see that my xSplice
> code was able to patch the hypervisor from within an PV guest!
>
> Further testing showed that I could do 'xl debug-keys R' from
> within the guests. This being possible with released 4.6 if I have
> XSM enabled.
>
> All of this is due to the fact that I had forgotten to load the policy,
> but Xen just told me:
>
> Flask:  Access controls disabled until policy is loaded.
>
> which is an understatement. I somehow had expected that if no
> policy was loaded it would revert to the dummy one which has the
> same permission as the non-XSM build. Ha! What a surprise..
>
> Now that the XSM is enabled via config it becomes much more
> easy to enable it..
>
> Or perhaps change the code to flask so that if there are any
> errors loading the policy it uses the dummy one?

By the looks of it, "permissive" shouldn't be an available option at all.

If a misconfiguration occurs, the behaviour should revert back to the
current "dom0 all powerful, everything else unprivileged" state which
currently exists without XSM.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.