[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v8 2/2] flask: implement xsm_set_system_active

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 2 Jun 2022 17:18:34 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1654204805; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=FJKAaVTT+R2zvKSvaDWAN2iQq0wixUB9o/f6YbTjDmU=; b=BjGukJQfAYZNzTWcH6PuNMnfFTwT95KcK9NPzfOmwxLhYBL2F7f6VGuAvMNO1VjZhslY14GdyV5BQBWq4+1+t7NhBLcTTmyP+n/Xa+LilI0X88psgzHAPSZcekRCCAUjfYEOangs3JEMVUhjC2teJ8m+r787hyrm/Z9D6uxep2s=
  • Arc-seal: i=1; a=rsa-sha256; t=1654204805; cv=none; d=zohomail.com; s=zohoarc; b=ZAKHKc0ihEqMlIkC7Pg4x00z9OtuyZSOAF8r8POW78p4f4G43L6jf5el0IQMk6ID0F+HzkJRBXP3kkU/lwIyCDGjTTBTZrwMoWITa+7tqehlG6r5wyUDD6fCmUAR4zIcnAfJtORxPGdTtVPRhtsljSHZQia9cdmfZPPV4nOhkog=
  • Cc: scott.davis@xxxxxxxxxx, christopher.clark@xxxxxxxxxx, jandryuk@xxxxxxxxx, Luca Fancellu <luca.fancellu@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Thu, 02 Jun 2022 21:20:18 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 6/2/22 16:32, Daniel P. Smith wrote:
> On 5/31/22 10:56, Daniel P. Smith wrote:
>> This commit implements full support for starting the idle domain privileged 
>> by
>> introducing a new flask label xenboot_t which the idle domain is labeled with
>> at creation.  It then provides the implementation for the XSM hook
>> xsm_set_system_active to relabel the idle domain to the existing xen_t flask
>> label.
>>
>> In the reference flask policy a new macro, xen_build_domain(target), is
>> introduced for creating policies for dom0less/hyperlaunch allowing the
>> hypervisor to create and assign the necessary resources for domain
>> construction.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>
>> Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
>> Tested-by: Luca Fancellu <luca.fancellu@xxxxxxx>
> 
> I am still debugging, but I now have a dom0 crashing due to an AVC that
> is being tripped with this patch applied to the tip of staging. I just
> wanted to give a heads-up, and I will follow back up once I can
> determine the root cause.

Please ignore and my apologies for the noise. The updated policy file
was not getting synced into the test environment.

v/r,
dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.