[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] tools/xl: Add device_model_stubdomain_init_seclabel option to xl.cfg

Marek Marczykowski-Górecki writes ("Re: [XEN PATCH] tools/xl: Add 
device_model_stubdomain_init_seclabel option to xl.cfg"):
> On Mon, Jul 26, 2021 at 09:07:03AM -0400, Jason Andryuk wrote:
> > Sort of relatedly, is stubdom unpaused before the guest gets
> > relabeled?  Quickly looking, I think stubdom is unpaused.  I would
> > think you want them both relabeled before either is unpaused.  If the
> > stubdom starts with the exec_label, but it sees the guest with the
> > init_label, it may get an unexpected denial?  On the other hand,
> > delayed unpausing of stubdom would slow down booting.
> Some parts of the stubdomain setup are done after it's unpaused (but
> before the guest is unpaused). Especially, PCI devices are hot-plugged
> only when QEMU is already running (not sure why).

I think the PCI hotplug involves interaction with QEMU, and providing
only hotplug simplifies the code in libxl.  Anthony, do I have that
righgt ?

Naively, it seems to me that the security risks are limited because
until the guest is unpaused it doesn't have the ability to do
anything, so cannot yet mount an attack on qemu.  So I'm expecting
that qemu is still trustworthy until the guest is unpaused.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.