[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 11/15] xsm, argo: XSM control for argo register

To: "DeGraaf, Daniel G" <dgdegra@xxxxxxx>
From: Christopher Clark <christopher.w.clark@xxxxxxxxx>
Date: Wed, 9 Jan 2019 23:08:31 -0800
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Ross Philipson <ross.philipson@xxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jason Andryuk <jandryuk@xxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Rich Persaud <persaur@xxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, James McKenzie <james@xxxxxxxxxxx>, Eric Chanudet <eric.chanudet@xxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>
Delivery-date: Thu, 10 Jan 2019 07:09:12 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Jan 7, 2019 at 3:07 PM DeGraaf, Daniel G <dgdegra@xxxxxxx> wrote:
>
> > From: Christopher Clark <christopher.w.clark@xxxxxxxxx>
> > Subject: [PATCH v3 11/15] xsm, argo: XSM control for argo register
> >
> > XSM controls for argo ring registration with two distinct cases, where
> > the ring being registered is:
> >
> > 1) Single source:  registering a ring for communication to receive messages
> >                    from a specified single other domain.
> >    Default policy: allow.
> >
> > 2) Any source:     registering a ring for communication to receive messages
> >                    from any, or all, other domains (ie. wildcard).
> >    Default policy: deny, with runtime policy configuration via bootparam.
> >
> > The existing argo-mac boot parameter indicates administrator preference for
> > either permissive or strict access control, which will allow or deny
> > registration of any-sender rings.
> >
> > This commit modifies the signature of core XSM hook functions in order to
> > apply 'const' to arguments, needed in order for 'const' to be accepted in
> > signature of functions that invoke them.
> >
> > Signed-off-by: Christopher Clark <christopher.clark6@xxxxxxxxxxxxxx>
>
> Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
>
> While it does not need to be a part of this patch, somewhere in the series 
> you should add a rule allowing these features to be used by guests in the 
> default XSM policy; tools/flask/policy/modules/guest_features.te is where 
> features like this have previously been handled.  Since you're adding 
> permissions one at a time, you could add the rules all at once or as a part 
> of the patch adding the vector.

Thanks for the reviews, acks and pointer to the policy file. I will
add to the default XSM policy in the next revision that I post.

thanks,

Christopher

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- Re: [Xen-devel] [PATCH v3 11/15] xsm, argo: XSM control for argo register
  - From: DeGraaf, Daniel G

Prev by Date: Re: [Xen-devel] [PATCH v3 09/15] argo: implement the sendv op; evtchn: expose send_guest_global_virq
Next by Date: Re: [Xen-devel] [PATCH v6 1/4] xen: introduce SYMBOL
Previous by thread: Re: [Xen-devel] [PATCH v3 11/15] xsm, argo: XSM control for argo register
Next by thread: Re: [Xen-devel] [PATCH 13/20] xenbus: drop useless LIST_HEAD
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.