[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/2] flask: implement xsm_set_system_active

To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Fri, 22 Apr 2022 12:58:01 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
Delivery-date: Fri, 22 Apr 2022 16:58:15 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Apr 22, 2022 at 12:35 PM Daniel P. Smith
<dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> This commit implements full support for starting the idle domain privileged by
> introducing a new flask label xenboot_t which the idle domain is labeled with
> at creation.  It then provides the implementation for the XSM hook
> xsm_set_system_active to relabel the idle domain to the existing xen_t flask
> label.
>
> In the reference flask policy a new macro, xen_build_domain(target), is
> introduced for creating policies for dom0less/hyperlaunch allowing the
> hypervisor to create and assign the necessary resources for domain
> construction.
>
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
> ---

> @@ -188,8 +188,12 @@ static int cf_check flask_domain_alloc_security(struct 
> domain *d)
>
>  static int cf_check flask_set_system_active(void)
>  {
> +    struct domain_security_struct *dsec;
>      struct domain *d = current->domain;
>
> +    dsec = d->ssid;
> +    ASSERT( dsec->sid == SECINITSID_XENBOOT);

Extra space before dsec.

With that fixed,
Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>

Follow-Ups:
- Re: [PATCH v3 2/2] flask: implement xsm_set_system_active
  - From: Daniel P. Smith

References:
- [PATCH v3 0/2] Adds starting the idle domain privileged
  - From: Daniel P. Smith
- [PATCH v3 2/2] flask: implement xsm_set_system_active
  - From: Daniel P. Smith

Prev by Date: Re: [PATCH v3 1/2] xsm: create idle domain privileged and demote after setup
Next by Date: [qemu-mainline test] 169614: tolerable FAIL - PUSHED
Previous by thread: [PATCH v3 2/2] flask: implement xsm_set_system_active
Next by thread: Re: [PATCH v3 2/2] flask: implement xsm_set_system_active
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.