[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] XSM permissive by default.
On 10/03/16 17:10, Konrad Rzeszutek Wilk wrote: > I presume this patch would be to folks +1: > > From 3373a50f386b41eea6ecede4b430e4fa09b2fe7e Mon Sep 17 00:00:00 2001 > From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > Date: Thu, 10 Mar 2016 12:05:29 -0500 > Subject: [PATCH] flask: By default be in FLASK_BOOTPARAM_ENFORCING mode. > > By default the mode was 'permissive' which is "meant for > developing (or debugging) a disaggregated system, > where the restrictions on non-dom0 would also break the system." > > However this default mode made it possible to boot an machine > in this state if a policy file during bootup was not provided. > > The end was less secure than with XSM-enabled - any guest > could do any operation (including rebooting the machine). > > Alternative solutions such as switching from flask to dummy. > However "The main issue with starting with dummy and then > switching to FLASK is that any domains created while using > the dummy policy won't have flask_domain_alloc_security called > to populate domain->ssid, and the rest of the flask code relies > on this being non-NULL. The same would be true for event channels, > but inlining the field to save space makes that a non-issue." > > (both excerpts are from Daniel De Graaf emails). > > This is a much easier fix. > > Suggested-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > docs/misc/xen-command-line.markdown | 2 +- > xen/xsm/flask/flask_op.c | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown > b/docs/misc/xen-command-line.markdown > index ca77e3b..9e77f8a 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -662,7 +662,7 @@ to use the default. > ### flask > > `= permissive | enforcing | late | disabled` > > -> Default: `permissive` > +> Default: `enforcing` > > Specify how the FLASK security server should be configured. This option is > only > available if the hypervisor was compiled with XSM support (which can be > enabled > diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c > index f4f5dd1..aaed75d 100644 > --- a/xen/xsm/flask/flask_op.c > +++ b/xen/xsm/flask/flask_op.c > @@ -25,7 +25,7 @@ > #define _copy_to_guest copy_to_guest > #define _copy_from_guest copy_from_guest > > -enum flask_bootparam_t __read_mostly flask_bootparam = > FLASK_BOOTPARAM_PERMISSIVE; > +enum flask_bootparam_t __read_mostly flask_bootparam = > FLASK_BOOTPARAM_ENFORCING; > static void parse_flask_param(char *s); > custom_param("flask", parse_flask_param); > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |