Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
>>> On 16.08.18 at 15:18, wrote: > On 16/08/18 13:56, Jan Beulich wrote: > On 16.08.18 at 14:46, wrote: >>> On 26/06/18 12:09, Andrew Cooper wrote: Future changes will introduce a new SILO mode, which is intended to be > useful for cloud and enterprise setups where all domUs are unprivileged and have no buisness communicating directly. This was discussed at XenSummit, but I'll leave further details to the > series which introduces it. However, to begin with, clean up the XSM namespacing > to better separate XSM and FLASK. No functional change. Andrew Cooper (2): xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY >>> Ping "The Rest" in lieu of Daniel. This series is blocking the >>> functional XSM SILO work. >> Iirc I had given some comments, regarding the (too long) names. >> The changes are mechanical enough that I don't think there's >> much else to say. > > And I justified why the current naming is IMO wrong and why it wants to > be suitably namespaced. But I didn't object to the rename (and name spacing) in general, I've merely suggested that shorter (still properly name spaced) names would do as well. Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
On 16/08/18 13:56, Jan Beulich wrote: On 16.08.18 at 14:46, wrote: >> On 26/06/18 12:09, Andrew Cooper wrote: >>> Future changes will introduce a new SILO mode, which is intended to be >>> useful >>> for cloud and enterprise setups where all domUs are unprivileged and have no >>> buisness communicating directly. >>> >>> This was discussed at XenSummit, but I'll leave further details to the >>> series >>> which introduces it. However, to begin with, clean up the XSM namespacing >>> to >>> better separate XSM and FLASK. >>> >>> No functional change. >>> >>> Andrew Cooper (2): >>> xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* >>> xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY >> Ping "The Rest" in lieu of Daniel. This series is blocking the >> functional XSM SILO work. > Iirc I had given some comments, regarding the (too long) names. > The changes are mechanical enough that I don't think there's > much else to say. And I justified why the current naming is IMO wrong and why it wants to be suitably namespaced. Hence the ping to unblock this series. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
>>> On 16.08.18 at 14:46, wrote: > On 26/06/18 12:09, Andrew Cooper wrote: >> Future changes will introduce a new SILO mode, which is intended to be useful >> for cloud and enterprise setups where all domUs are unprivileged and have no >> buisness communicating directly. >> >> This was discussed at XenSummit, but I'll leave further details to the series >> which introduces it. However, to begin with, clean up the XSM namespacing to >> better separate XSM and FLASK. >> >> No functional change. >> >> Andrew Cooper (2): >> xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* >> xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY > > Ping "The Rest" in lieu of Daniel. This series is blocking the > functional XSM SILO work. Iirc I had given some comments, regarding the (too long) names. The changes are mechanical enough that I don't think there's much else to say. Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
On 26/06/18 12:09, Andrew Cooper wrote: > Future changes will introduce a new SILO mode, which is intended to be useful > for cloud and enterprise setups where all domUs are unprivileged and have no > buisness communicating directly. > > This was discussed at XenSummit, but I'll leave further details to the series > which introduces it. However, to begin with, clean up the XSM namespacing to > better separate XSM and FLASK. > > No functional change. > > Andrew Cooper (2): > xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* > xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY Ping "The Rest" in lieu of Daniel. This series is blocking the functional XSM SILO work. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
On 26/06/2018 14:16, Jan Beulich wrote: On 26.06.18 at 14:42, wrote: >> On 26/06/18 13:04, Jan Beulich wrote: >> On 26.06.18 at 13:09, wrote: Future changes will introduce a new SILO mode, which is intended to be useful for cloud and enterprise setups where all domUs are unprivileged and have no buisness communicating directly. This was discussed at XenSummit, but I'll leave further details to the series which introduces it. However, to begin with, clean up the XSM namespacing to better separate XSM and FLASK. No functional change. Andrew Cooper (2): xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY >>> I don't particularly mind the change, but I also don't view it as >>> particularly useful: For the first patch I'd see the point if you >>> meant to introduce some CONFIG_ABC_FLASK, but that's not how >>> I understand the description there. For the second I don't see >>> the point of retaining XSM in the name. >> XSM != Flask, and this is the naming confusion trying to be rectified. > But why is FLASK alone not meaningful enough? > >> CONFIG_XSM_SILO is going to be the introduced new mode. > And then SILO alone here? FLASK and SILO alone are meaningful to the core maintainers/developers, but only because they're aware (even if only tangentially) of all the development work going on. By namespacing with an XSM, it is far clearer as to the hierarchy of named features. This particular rename came about as a direct result of my observation of a room full of confused developers as to exactly where the split of various features lay. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
On Tue, Jun 26, 2018 at 07:16:08AM -0600, Jan Beulich wrote: > >>> On 26.06.18 at 14:42, wrote: > > On 26/06/18 13:04, Jan Beulich wrote: > > On 26.06.18 at 13:09, wrote: > >>> Future changes will introduce a new SILO mode, which is intended to be > >>> useful > >>> for cloud and enterprise setups where all domUs are unprivileged and have > >>> no > >>> buisness communicating directly. > >>> > >>> This was discussed at XenSummit, but I'll leave further details to the > >>> series > >>> which introduces it. However, to begin with, clean up the XSM > >>> namespacing to > >>> better separate XSM and FLASK. > >>> > >>> No functional change. > >>> > >>> Andrew Cooper (2): > >>> xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* > >>> xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY > >> I don't particularly mind the change, but I also don't view it as > >> particularly useful: For the first patch I'd see the point if you > >> meant to introduce some CONFIG_ABC_FLASK, but that's not how > >> I understand the description there. For the second I don't see > >> the point of retaining XSM in the name. > > > > XSM != Flask, and this is the naming confusion trying to be rectified. > > But why is FLASK alone not meaningful enough? Thoughout the code and docs there are conflations between XSM and FLASK when they're distict pieces of code. FLASK is akin to SELinux while XSM is akin to the LSM in Linux. To use the Linux paradigms their config options are: CONFIG_SECURITY - enables LSMs CONFIG_SECURITY_SELINUX - enables SELinux We're going to have similar menus to allow someone to select a different XSM implmentation. ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
>>> On 26.06.18 at 14:42, wrote: > On 26/06/18 13:04, Jan Beulich wrote: > On 26.06.18 at 13:09, wrote: >>> Future changes will introduce a new SILO mode, which is intended to be >>> useful >>> for cloud and enterprise setups where all domUs are unprivileged and have no >>> buisness communicating directly. >>> >>> This was discussed at XenSummit, but I'll leave further details to the >>> series >>> which introduces it. However, to begin with, clean up the XSM namespacing >>> to >>> better separate XSM and FLASK. >>> >>> No functional change. >>> >>> Andrew Cooper (2): >>> xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* >>> xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY >> I don't particularly mind the change, but I also don't view it as >> particularly useful: For the first patch I'd see the point if you >> meant to introduce some CONFIG_ABC_FLASK, but that's not how >> I understand the description there. For the second I don't see >> the point of retaining XSM in the name. > > XSM != Flask, and this is the naming confusion trying to be rectified. But why is FLASK alone not meaningful enough? > CONFIG_XSM_SILO is going to be the introduced new mode. And then SILO alone here? Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
On 26/06/18 13:04, Jan Beulich wrote: On 26.06.18 at 13:09, wrote: >> Future changes will introduce a new SILO mode, which is intended to be useful >> for cloud and enterprise setups where all domUs are unprivileged and have no >> buisness communicating directly. >> >> This was discussed at XenSummit, but I'll leave further details to the series >> which introduces it. However, to begin with, clean up the XSM namespacing to >> better separate XSM and FLASK. >> >> No functional change. >> >> Andrew Cooper (2): >> xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* >> xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY > I don't particularly mind the change, but I also don't view it as > particularly useful: For the first patch I'd see the point if you > meant to introduce some CONFIG_ABC_FLASK, but that's not how > I understand the description there. For the second I don't see > the point of retaining XSM in the name. XSM != Flask, and this is the naming confusion trying to be rectified. CONFIG_XSM_SILO is going to be the introduced new mode. ~Andrew ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode
>>> On 26.06.18 at 13:09, wrote: > Future changes will introduce a new SILO mode, which is intended to be useful > for cloud and enterprise setups where all domUs are unprivileged and have no > buisness communicating directly. > > This was discussed at XenSummit, but I'll leave further details to the series > which introduces it. However, to begin with, clean up the XSM namespacing to > better separate XSM and FLASK. > > No functional change. > > Andrew Cooper (2): > xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_* > xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY I don't particularly mind the change, but I also don't view it as particularly useful: For the first patch I'd see the point if you meant to introduce some CONFIG_ABC_FLASK, but that's not how I understand the description there. For the second I don't see the point of retaining XSM in the name. Jan ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
