|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] flask: change default state to enforcing
On 03/11/2016 10:43 AM, Jan Beulich wrote: On 11.03.16 at 16:39, <dgdegra@xxxxxxxxxxxxx> wrote:On 03/11/2016 04:07 AM, Jan Beulich wrote:On 10.03.16 at 19:30, <dgdegra@xxxxxxxxxxxxx> wrote:This change will cause the boot to fail if you do not specify an XSM policy during boot; if you need to load a policy from dom0, use the "flask=late" boot parameter.And what mode is the system in until that happens? From the command line doc, I understand it would be in not-enforcing mode, but that seems contrary to the code (already before your change) setting flask_enforcing to 1 in that case.The FLASK code does not deny any actions until a policy has been loaded, so the flask_enforcing value only takes effect then. With flask=late, userspace code can also adjust the value (xl setenforce) before loading the policy.So doesn't this leave the system again in an insecure state then? Jan It does, at least until the policy is loaded. The point of "flask=late" is that dom0 loads the policy early in boot, preferably before creating any domains. Since all xen architectures now support loading the policy from the bootloader, this is never a required mode of operation. We did discuss preventing the creation of domains without a policy loaded to avoid making this mistake, but since this is no longer the default, I don't think that type of guard isnecessary. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |