|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 10/17] flask: remove xen_flask_userlist operation
On 06/20/2016 10:35 AM, Doug Goldstein wrote: On 6/20/16 9:04 AM, Daniel De Graaf wrote:This operation has no known users, and is primarily useful when an MLS policy is in use (which has never been shipped with Xen). In addition, the information it provides does not actually depend on hypervisor state (only on the XSM policy), so an application that needs it could compute the results without needing to involve the hypervisor.So if I read this language correctly. Removing this does not affect someone being able to build a MLS policy at a later date right? Correct; that support is still there. This hypercall was used to compute a list of reachable security contexts for a given user, which is trivial in a non-MLS policy but more complex when one is being used. This computation makes more sense on Linux (where creating new contexts via "exec" is common) than on Xen (where normally a domain cannot create another). -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |