[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/7] xsm: remove the ability to disable flask

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 27 Aug 2021 09:42:02 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1630071727; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=TmFi20IXZOCGSzpzjXY8TtbnZGVJCnidZE51dIM45zc=; b=DgzGGwSByN7ek5nF7EfHwqoxDkaGNs+G6Z3IbDXUopMeuVvMWzoawPhs0ryitxan/C59Z15pIquSqXqmOa/k0DmAGxAL+sFgoP/Nn24jzuYS9zsHDK6c1EA8mXNyplJ41L8tD1kByJCss0QRNI28oPQTV/BGoRX9MUg8xZV2V9s=
  • Arc-seal: i=1; a=rsa-sha256; t=1630071727; cv=none; d=zohomail.com; s=zohoarc; b=FtH6lYNtoLsRsJFYCcwAIbghdc3JRPnMky/snryegtBfhSsUmQ57OEcCC2K1Qp+JShs/NJ8XsTGizzTJXzl+lMTMH6mwl/nSdur+f69S+JsCzsGksr0Zn2yB3XsgXZ8AZAuuScuHos+Gc1OfuYk+Y0N0HDFbXl64HsKVSeN42kY=
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 27 Aug 2021 13:42:24 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 8/25/21 11:22 AM, Jan Beulich wrote:
> On 05.08.2021 16:06, Daniel P. Smith wrote:
>> On Linux when SELinux is put into permissive mode the descretionary access
>> controls are still in place. Whereas for Xen when the enforcing state of 
>> flask
>> is set to permissive, all operations for all domains would succeed, i.e. it
>> does not fall back to the default access controls. To provide a means to 
>> mimic
>> a similar but not equivalent behavior, a flask op is present to allow a
>> one-time switch back to the default access controls, aka the "dummy policy".
>>
>> This patch removes this flask op to enforce a consistent XSM usage model 
>> that a
>> reboot of Xen is required to change the XSM policy module in use.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> 
> The primary reason you remove this is - aiui - that with alternatives
> patching there's technically not really a way back (would need to re-
> patch every patched location, or every hook would need to check whether
> state changed to disabled and if so chain on to the dummy function).
> This became sufficiently clear to me only when looking at the next
> patch. It would be nice if description also said why the change is
> needed. As it stands to me the description reads at best like something
> that people could have different views on (and initially I didn't mean
> to reply here, for not being convinced of the removal of functionality
> in the common case).
> 
> Jan
> 

Ack, I can expand further.

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.