[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 2/2] flask: implement xsm_set_system_active
- To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Mon, 2 May 2022 16:16:26 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UGKVNXpk6Yv1J6OL742nVyzRVlUL2zXcUGt7Gxrlk2U=; b=Fu3yZfR7CJsfQYh9ZvI80FB8DmOuauzB4ugtbpT6zttftAAID0HK9fFV/ktAahxALSAJ/3jiIa4IoW8ZO6Oxql2gJATmIqz7jDi4zRhsGSRSyFgm+eetTM4nwrQow3QiJnfbh7UERsDWjsNR+0PkciqsbaneWmF4hc78+Vuupw6oNsqXO1DraZOEAxb5DY84OF+FPQHNzNlb8l/ecSethKgiAp5UBZhxF2m9pI4rHEsK/8YcGvbzm9CVxsUn9A4P74Qd7iN9mPFAXNmcf3LSNq3Cb/XR13xlKEMCWTs56U45EPFZnOzh6YTYf2CF1eAtbesmVpFK90kKp+hJsknA/A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iZFMD6kHjBOwskec7ZUcCiOZUsAQYTnDsq7geNjlArYfEv38nqsrS4sqifdZkT5TQ7ASFsdgcS9vqBuCtzXLflnP0A+Gq4h33tHLjxwhU4tOTNbUha+o9QgEK+oNou0WIXAd4r+GKXzVC7LZ6ilFLVgmhMhjm18WNXLQ1MQNCJFYSawX6v9eQg5Rpa8V5CBq8NuR//CF3Da8AB+80tbHQnzp6Dglv5ep9wSezSoBn7Mpow8AX8LWUzCchtBrVfZRDzWUsSkvEOc+GvojUMbcvLc1QqWcVPTFNNHrh5hz2tre/5rDkU8OY8hepp36yJTRxoSx2gFBLqqKWR8xyf6LLg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, christopher.clark@xxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Mon, 02 May 2022 14:16:34 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 02.05.2022 15:30, Daniel P. Smith wrote:
> @@ -188,14 +188,20 @@ static int cf_check flask_domain_alloc_security(struct
> domain *d)
>
> static int cf_check flask_set_system_active(void)
> {
> + struct domain_security_struct *dsec;
> struct domain *d = current->domain;
>
> + dsec = d->ssid;
> + ASSERT(dsec->sid == SECINITSID_XENBOOT);
What about ->self_sid, which ...
> +
> if ( d->domain_id != DOMID_IDLE )
> {
> printk("xsm_set_system_active should only be called by idle
> domain\n");
> return -EPERM;
> }
>
> + dsec->self_sid = dsec->sid = SECINITSID_XEN;
... you also overwrite here?
Jan
|