Xen project Mailing List

Re: [PATCH v9 0/3] Adds starting the idle domain privileged

To: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Fri, 1 Jul 2022 12:24:37 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UYINq0ya/FtyAiI/ePiZ/8DJ7K/z5jslKI4ztS0uuoc=; b=Jqgx+NAV8QvRVGoVdFEVAI+f2BfPife8wimA6rlk71qCoUXvaHFPJMCrNlyvlMQ1JvIU48WDnR7KeDM8K0BKWLiu0GaCK0BdvDGGzA1fBLQ0elbdBgaMo5DZJB79HuaoJtAAoeb1khvJoqSbGthxC1Ow+e2oeXTAhzAUuKITJZtynRyG5S/YtzuOQvJp03Cr+0+1HVaEAEPR4cmmzNIekGmAYZKTsgpEWQrFxYWKmqFwGTvbO8WegErQT+0a8qo5ZL7cgZ/iw48NjZQmvS0BbMnJE3rQrmbSLmRGTbseHcMnpJP55AZM3j9zsZLdAq5kgwTHsh14/FdvIPqWdaPl4g==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MZnMBlIzesx1hzLQWYl/1hpmu9nG+Hzdwjy/XBKZrBbx3FHUlEtmhzvyFTXEY2lJwWh8iWJ9nAFhfIY7Sk1+sE36+GuVMHysR+rya9VK166apWjgp2PIpELXDy0kKuVuF2dzVPws0m2ljKqpcj2JN7PAGQU/QUW+W6h68mLTJPplgLoZxPugmrd0a9ct16jW7Ronga1DhVp+d9Vbf0BRr1ZMskYDP2g2kV2+XCWu5qfTL+HCVUEVgtY0rOwCdLShv2rWV5iLikyJ98Wq812Mqr+9sI3FLR+xQiptR8Eme4s2vjY0vbMKFcl2GO+ziqMxluJkha660Lh/BnV3eILrgQ==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx, christopher.clark@xxxxxxxxxx, dgdegra@xxxxxxxxxxxxx, julien@xxxxxxx, george.dunlap@xxxxxxxxxx, andrew.cooper3@xxxxxxxxxx, dfaggioli@xxxxxxxx, "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 01 Jul 2022 10:24:50 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01.07.2022 00:35, Stefano Stabellini wrote: > On Wed, 29 Jun 2022, Daniel P. Smith wrote: >> This series makes it so that the idle domain is started privileged under the >> default policy, which the SILO policy inherits, and under the flask policy. >> It >> then introduces a new one-way XSM hook, xsm_transition_running, that is >> hooked >> by an XSM policy to transition the idle domain to its running privilege >> level. >> >> Patch 3 is an important one, as first it addresses the issue raised under an >> RFC late last year by Jason Andryuk regarding the awkward entanglement of >> flask_domain_alloc_security() and flask_domain_create(). Second, it helps >> articulate why it is that the hypervisor should go through the access control >> checks, even when it is doing the action itself. The issue at hand is not >> that >> the hypervisor could be influenced to go around these check. The issue is >> these >> checks provides a configurable way to express the execution flow that the >> hypervisor should enforce. Specifically with this change, it is now possible >> for an owner of a dom0less or hyperlaunch system to express a policy where >> the >> hypervisor will enforce that no dom0 will be constructed, regardless of what >> boot construction details were provided to it. Likewise, an owner that does >> not >> want to see dom0less or hyperlaunch to be used can enforce that the >> hypervisor >> will only construct a dom0 domain. This can all be accomplished without the >> need to rebuild the hypervisor with these features enabled or disabled. > > > It looks like this patch series is fully acked except: > - in theory we need an ack from Daniel for flask > - there is a very small change to sched that would need an ack from > George/Dario I don't think I've seen any R-b for the last patch. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.