|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] flask: change default state to enforcing
On 03/11/2016 04:07 AM, Jan Beulich wrote: On 10.03.16 at 19:30, <dgdegra@xxxxxxxxxxxxx> wrote:This change will cause the boot to fail if you do not specify an XSM policy during boot; if you need to load a policy from dom0, use the "flask=late" boot parameter.And what mode is the system in until that happens? From the command line doc, I understand it would be in not-enforcing mode, but that seems contrary to the code (already before your change) setting flask_enforcing to 1 in that case. The FLASK code does not deny any actions until a policy has been loaded, so the flask_enforcing value only takes effect then. With flask=late, userspace code can also adjust the value (xl setenforce) before loading the policy. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |