[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 00/15] XSM/FLASK updates for 4.8



On 6/9/16 9:47 AM, Daniel De Graaf wrote:
> Some of these patches have been posted before (patch 11 was posted in
> 2014; an earlier variant of 1-6 and 15 were posted recently as RFC).
> The rest are mostly removal of unused code or other cleanup.
> 
> FLASK policy updates:
> [PATCH 01/15] flask/policy: split into modules
> [PATCH 02/15] flask/policy: split out rules for system_r
> [PATCH 03/15] flask/policy: move user definitions and constraints
> [PATCH 04/15] flask/policy: remove unused support for binary modules
> [PATCH 05/15] flask/policy: xenstore stubdom policy
> [PATCH 06/15] flask/policy: remove unused example
> 
> Hypervisor updates to the FLASK security server:
> [PATCH 07/15] flask: unify {get,set}vcpucontext permissions
> [PATCH 08/15] flask: remove unused secondary context in ocontext
> [PATCH 09/15] flask: remove unused AVC callback functions
> [PATCH 10/15] flask: remove xen_flask_userlist operation
> [PATCH 11/15] flask: improve unknown permission handling
> 
> Hypervisor updates to the XSM framework:
> [PATCH 12/15] xen/xsm: remove .xsm_initcall.init section
> [PATCH 13/15] xsm: annotate setup functions with __init
> [PATCH 14/15] xsm: clean up unregistration
> [PATCH 15/15] xsm: add a default policy to .init.data
> 

I've reviewed the whole series at this point. I'd honestly like to see
at least the first 6 patches land into staging at this point. There's
two R-b's (mine and Konrad's) and no comments that would imply a change
needs to happen. Those 6 stand on their own as well. There are no ACKs
since Daniel is the only maintainer for those changes.

I can rebase some changes I've got locally for a custom policy (honestly
Daniel's changes will make it easier/better for me) and give it a full
on test Monday morning if there is any concerns.

The other patches in the series can mostly get my R-b as well. I do have
some of the same comments / concerns that have already been brought up
so I'll go through and add my R-b to the clean patches and wait for a v2
of the others.

-- 
Doug Goldstein

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.