On 15/12/15 08:13, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_DEVICE_TREE defines in the code
base.
CC: Ian Campbell
CC: Stefano Stabellini
CC: Jan Beulich
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Jan Beulich
Acked-by: Daniel De Graaf
an Campbell
Cc: Daniel De Graaf
---
Daniel, you input on the description of the unmap notification stuff
would be much appreciated.
The description looks complete and correct to me. The statement that
the interfaces operate on a single page only might be misleading - the
interface will wor
itched?
The #ifdef is there mostly as a failsafe reminder to ensure that the
implementation for other architectures actually calls the same XSM hooks
that the x86 version does.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing l
On 24/11/15 09:42, Jan Beulich wrote:
Now that we intercept them all, there's no reason not to also uniformly
hand them to XSM. Reads (which are expected to be of less interest) get
handled as before (MMCFG accesses un-audited).
Signed-off-by: Jan Beulich
Acked-by: Daniel De
On 16/11/15 07:30, Ian Campbell wrote:
On Fri, 2015-11-13 at 15:38 -0500, Daniel De Graaf wrote:
On 13/11/15 10:02, Ian Campbell wrote:
On Wed, 2015-11-11 at 15:03 +, Ian Jackson wrote:
Ian Campbell writes ("[PATCH XEN v5 07/23] tools: Refactor
/dev/xen/gnt{dev,shr} wrappers
payloads,
- check*1, apply*1, replace*1, and unload payloads.
*1: Which of course in this patch are nops.
Signed-off-by: Konrad Rzeszutek Wilk
Signed-off-by: Ross Lagerwall
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
start_address,
uint32_t count);
What effect does this have on the peer ?
Daniel?
If this removes the (final copy of the) mapping and a notify offset/port
is set, that processing happens. Otherwise, the peer cannot tell when
this is called.
--
Daniel De Graaf
National Security Agency
__
when before calling do_settime,
so that system_time actually accounts for all the time in nsec between
machine boot and when the wallclock was set.
Expose xsm_platform_op to ARM.
Signed-off-by: Stefano Stabellini
CC: dgde...@tycho.nsa.gov
Acked-by: Daniel De Graaf
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_PCI defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_DEVICE_TREE defines in the code
base.
Signed-off-by: Doug Goldstein
CC: Ian Campbell
CC: Stefano Stabellini
CC: Jan Beulich
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
On 11/11/15 11:50, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_SHARING defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
On 11/11/15 11:50, Doug Goldstein wrote:
Use the Kconfig generated CONFIG_HAS_MEM_PAGING defines in the code base.
Signed-off-by: Doug Goldstein
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Razvan Cojocaru
CC: Tamas K Lengyel
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
De Graaf
Signed-off-by: Doug Goldstein
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 11/11/15 11:49, Doug Goldstein wrote:
Use the Kconfig generated HAS_PASSTHROUGH defines for the code base.
Signed-off-by: Doug Goldstein
CC: Ian Campbell
CC: Stefano Stabellini
CC: Keir Fraser
CC: Jan Beulich
CC: Andrew Cooper
CC: Daniel De Graaf
Signed-off-by: Doug Goldstein
version_use in domain2.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 09/11/15 12:32, sstabell...@kernel.org wrote:
From: Stefano Stabellini
Call update_domain_wallclock_time at domain initialization, specifically
in arch_set_info_guest for vcpu0, like we do on x86.
Set time_offset_seconds to the number of seconds between phisical boot
and domain initializatio
good idea. The read check wouldn't be
covered, but I think the protections of that XSM hook are only really
important on writes. The read check could also be duplicated as a
more conservative alternative.
--
Daniel De Graaf
National Security Agency
_
On 10/10/15 12:26, Quan Xu wrote:
Signed-off-by: Quan Xu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
a performance hit (not that I
reckon you could). How Linux chooses to behave itself has absolutely no
bearing on how we go about securing the hypercall.
But making something slower is surely not something we strive for.
~Andrew
--
Daniel De Graaf
National Security Agency
is is uncommon.
As far as the xsm_default_t value, this is really what XSM_OTHER is for,
but if there are going to be many instances of this type of data, a new
value like XSM_PRIV_INFOLEAK could be introduced.
--
Daniel De Graaf
National Security Agency
more inline with the rest of the functions.
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 27/08/15 07:02, Konrad Rzeszutek Wilk wrote:
The sysctl is where the tmem control operations are done and the
XSM checks are done via there. The old mechanism (to check
for control tmem op XSM from do_tmem_op) is not needed anymore.
CC: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk
On 06/23/2015 12:11 PM, Vitaly Kuznetsov wrote:
Add new soft_reset vector to domain2 class, add it to create_domain
in the default policy.
Signed-off-by: Vitaly Kuznetsov
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel
e guest to the monitor. The
best way to control this communication is probably when the shared page is
mapped by the monitor, but this is an existing mechanism which appears to
be covered by the ability to map any page in the target domain.
--
Daniel De Graaf
National Secur
On 07/01/2015 02:09 PM, Ed White wrote:
From: Ravi Sahita
Signed-off-by: Ravi Sahita
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 06/26/2015 03:35 PM, Ed White wrote:
On 06/26/2015 12:24 PM, Daniel De Graaf wrote:
On 06/22/2015 02:56 PM, Ed White wrote:
From: Ravi Sahita
Signed-off-by: Ravi Sahita
One comment, below.
[...]
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask/policy/policy
ain before anyone can use it.
Otherwise, this looks good, although if patch #10 is changed to expose
a single subop, the altp2mhvm_op XSM checks will need to be relocated.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lis
On 06/22/2015 02:37 PM, Konrad Rzeszutek Wilk wrote:
On Mon, Jun 22, 2015 at 08:13:35PM +0200, Marek Marczykowski-Górecki wrote:
On Mon, Jun 22, 2015 at 01:46:27PM -0400, Konrad Rzeszutek Wilk wrote:
On Wed, Jun 17, 2015 at 09:42:11PM +0200, Marek Marczykowski-Górecki wrote:
On Thu, May 28, 20
do it, the second is being used that is's possible
two typos in the commit message
to trasfer memory from source domain to destination domain. The default policy
requires their contexts to match.
Signed-off-by: Vitaly Kuznetsov
Acked-by: Daniel De
Signed-off-by: Daniel De Graaf
---
tools/libxc/xc_flask.c | 12
1 file changed, 12 insertions(+)
diff --git a/tools/libxc/xc_flask.c b/tools/libxc/xc_flask.c
index bb117f7..e24a2e7 100644
--- a/tools/libxc/xc_flask.c
+++ b/tools/libxc/xc_flask.c
@@ -191,6 +191,12 @@ int
nning "flask-set-bool guest_writeconsole off" will disable this
permission, which defaults to on. Actual output to the console is also
controlled by log levels, so this may not even be needed to hide the output
in normal use.
--
Daniel De Graaf
National Security Agency
possibilities.
Reported-by: Wei Liu
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/policy/modules/xen/xen.if | 2 ++
tools/flask/policy/policy/modules/xen/xen.te | 10 ++
2 files changed, 12 insertions(+)
diff --git a/tools/flask/policy/policy/modules/xen/xen.if
b/tools/flask
initialize bool_maxstr correctly prior to its use, it is
simpler to use a fixed maximum of PAGE_SIZE as is done for the other
calls to safe_copy_string_from_guest.
Signed-off-by: Daniel De Graaf
---
xen/xsm/flask/flask_op.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/xen
_both_ domains?
Jan
Unless there is a change in how XSM_TARGET is implemented, the result
is going to be equivalent: it is not possible for a domain to have
more than one target at a time, so if current->domain is not dom0,
then one of the two XSM_TARGET checks will fail.
--
Daniel De Graaf
On 05/21/2015 05:49 AM, Vitaly Kuznetsov wrote:
Daniel De Graaf writes:
On 05/13/2015 05:49 AM, Vitaly Kuznetsov wrote:
Dummy policy just checks that the current domain is privileged,
in flask policy soft_reset is added to create_domain.
Signed-off-by: Vitaly Kuznetsov
I think the FLASK
reset domain
+# target = destination soft reset domain
+soft_reset
These comments are a bit ambiguous. I would suggest something like:
# source = domain making the hypercall
# target = domain being reset (source or destination)
--
Daniel De Graaf
National Security A
.
Signed-off-by: Ian Campbell
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
hypervisor
Signed-off-by: Ian Campbell
Acked-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 05/20/2015 10:38 AM, Ian Campbell wrote:
This isn't strictly necessary but since it is going to be exposed via
tools/include in a later patch this will help prevent accidental
leakage beyond the tools.
Signed-off-by: Ian Campbell
Acked-by: Wei Liu
Acked-by: Daniel De
On 05/20/2015 10:38 AM, Ian Campbell wrote:
When called from the tools side in a later patch we will want to
direct its output to the appropriate place.
Signed-off-by: Ian Campbell
Acked-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel
: Andrew Cooper
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 05/19/2015 09:44 AM, Ian Campbell wrote:
From: Daniel De Graaf
Acked-by: Ian Campbell
---
Daniel -- this is from your example patch in
<2b0e.8050...@tycho.nsa.gov> and so needs your S-o-b, please.
Signed-off-by: Daniel De Graaf
Or you can apply the combined patch that I a
Add default security contexts to the XSM policy for use by the toolstack
when a domain is created without specifying an explicit security label.
Signed-off-by: Daniel De Graaf
---
docs/misc/xsm-flask.txt | 6 +++---
tools/flask/policy/policy/initial_sids | 4
in the local policy (tools/...)
are intended to be used by components outside the hypervisor that do not
implement their own security policy. The current example policy defines
a class for xenstore permissions, but since xenstore does not actually
use this, it is just an example.
--
Daniel De Gra
e domain is created, but it's not really a requirement to
make things work.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 05/15/2015 05:39 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 19:09 -0400, Daniel De Graaf wrote:
On 05/14/2015 07:54 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote:
Hi Ian,
On 14/05/15 11:33, Ian Campbell wrote:
system_u:system_r:domU_t is defined in the
On 05/14/2015 07:54 AM, Ian Campbell wrote:
On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote:
Hi Ian,
On 14/05/15 11:33, Ian Campbell wrote:
system_u:system_r:domU_t is defined in the default policy and makes as
much sense as anything for a default.
So you rule out the possibility to ru
method has the advantage
of not making more architecture-specific hooks which are sometimes harder
to test/maintain.
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
On 04/14/2015 05:08 AM, Emil Condrea wrote:
Currently, the flags are not interpreted by vTPM. They are just
packed and sent to vtpmmgr.
Signed-off-by: Emil Condrea
Acked-by: Daniel De Graaf
[...]
+- res = TPM_DeepQuote(&nonce, &myPCR, &ptPCR, &req->aut
policy, group public key. At the end of these hashes the PCR values are
appended.
Signed-off-by: Emil Condrea
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
buf_size as the maximum value it can be assigned.
+
+memcpy(buf, offset + (uint8_t *)shr, shr->length);
use length rather than shr->length otherwise length goes unused.
Agreed; the values from the shared page should not be read more than
once, because an uncooperative peer could end up chang
On 04/07/2015 03:12 AM, Emil Condrea wrote:
On Mon, Apr 6, 2015 at 6:49 PM, Daniel De Graaf
wrote:
On 04/05/2015 07:09 AM, Emil Condrea wrote:
Enables deep quote execution for vtpmmgr which can not be started
using locality 2. The VTPM_ORD_GET_QUOTE command is backwards
compatible. When
On 04/06/2015 06:12 PM, Boris Ostrovsky wrote:
Signed-off-by: Boris Ostrovsky .
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
, *pcr_size);
+ /*hashes already copied when flags!=0 by do_vtpminfo_hash*/
+ if(extra_info_flags == 0){
+ *pcr_size = pcrs.valueSize;
+ memcpy(pcr_out, pcrs.pcrValue, *pcr_size);
+ }
}
I think it would be useful to append the PCR values to the externData values,
as long as the entire set of hashes doesn't risk becoming too long.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
lien Grall
Looks good to me with one assumption below.
Acked-by: Daniel De Graaf
[...]
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index b1a4f8a..31bc702 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -600,6 +600,9 @@ void avc_audit(u32 ssid, u32 tsid, u16 t
-by: Boris Ostrovsky
Reported-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 55 +
checkpolicy/policy_define.h| 1 +
checkpolicy/policy_parse.y
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
In addition to adding the new ocontext, the existing I/O memory range
ocontext is expanded to 64 bits in order to support hardware with more
than 44 bit
SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 11 +-
checkpolicy/policy_define.h
On 03/13/2015 06:13 AM, Chao Peng wrote:
Add xsm policies for Cache Allocation Technology(CAT) related hypercalls
to restrict the functions visibility to control domain only.
Signed-off-by: Chao Peng
Acked-by: Daniel De Graaf
___
Xen-devel
do not include the newest checkpolicy binary, so
I don't really want to do that without a good reason.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 55 +
checkpolicy/policy_define.h| 1 +
checkpolicy/policy_parse.y
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
In addition to adding the new ocontext, the existing I/O memory range
ocontext is expanded to 64 bits in order to support hardware with more
than 44 bit
SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 6 +++---
checkpolicy/policy_define.h| 2
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 30, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf
---
tools/flask/policy/Makefile | 20 --
xen/include
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files
On 03/12/2015 01:13 PM, Daniel De Graaf wrote:
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 25, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf
---
Note
On 03/12/2015 01:27 PM, Julien Grall wrote:
Hi Daniel,
On 12/03/15 17:12, Daniel De Graaf wrote:
;
+dtree_context_def : DEVICETREECON path security_context_def
+ {if (define_devicetree_context()) return -1;}
+ ;
The
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files
In order to support assigning security lables to ARM device tree nodes
in Xen's XSM policy, a new ocontext type is needed in the security
policy.
This addition requires a new policy version for Xen. In order to keep
the build process for Xen policy sane, a method of determining the
highest Xen po
This adds support in the hypervisor and policy build toolchain for
Xen/Flask policy version 25, which adds the ability to label ARM device
tree nodes and expands the IOMEM ocontext entries to 64 bits.
Signed-off-by: Daniel De Graaf
---
Note: Actually using the features added in this patch
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 55 +
checkpolicy/policy_define.h| 1 +
checkpolicy/policy_parse.y
without -c does not
fail due to the Xen policy having a different maximum version number.
Signed-off-by: Daniel De Graaf
---
checkpolicy/checkpolicy.c | 59 ++
libsepol/include/sepol/policydb/policydb.h | 9 +++--
2 files changed, 49 insertions(+), 1
This change is required to support static I/O memory range labeling for
systems with over 16TB of physical address space.
Signed-off-by: Daniel De Graaf
---
checkpolicy/policy_define.c| 6 +++---
checkpolicy/policy_define.h| 2 +-
checkpolicy/policy_parse.y
some directions about using the xen policy type in
checkpolicy which is no longer needed.
Reported-by: Julien Grall
Signed-off-by: Daniel De Graaf
---
docs/misc/xsm-flask.txt | 31 +++
tools/flask/policy/Makefile | 3 ++-
tools/flask
On 03/10/2015 07:07 PM, Julien Grall wrote:
Hi Daniel,
On 10/03/2015 22:45, Daniel De Graaf wrote:
BTW, do you have any pointer on how to write a policy for device/IRQ
passthrough?
There is a bit of documentation in xsm-flask.txt about device labeling,
which is the hard part of making
On 03/10/2015 12:52 PM, Julien Grall wrote:
Hi Daniel,
On 23/02/15 16:25, Daniel De Graaf wrote:
On 02/20/2015 12:17 PM, Ian Campbell wrote:
On Tue, 2015-01-13 at 14:25 +, Julien Grall wrote:
TODO: Update the commit message
A device node is described by a path. It will be used to
On 03/09/2015 11:58 AM, Emil Condrea wrote:
On Mon, Mar 9, 2015 at 4:40 PM, Daniel De Graaf
wrote:
On 03/08/2015 07:41 AM, Emil Condrea wrote:
I am trying to validate a Deep Quote request made by domU but I feel that
something is missing. Right now when a domU requests TPM_ORD_DeepQuote:
1
be loaded in
enforcing mode if present, but errors will disable access controls until
a successful loadpolicy instead of causing a panic at boot.
Suggested-by: Julien Grall
Signed-off-by: Daniel De Graaf
---
Changes from v4:
- Use enum and bool_t for parameter globals
- Remove duplication of f
useful to be able to ask for the current value of both physical and
virtual PCRs in a single atomic operation. Including the value of all PCRs
in the response could make the reply packet too large (which is part of the
reason why TPM_Quote2 removed them).
--
Daniel De Graaf
National Security Agency
Chagnes from v3:
- Moved documentation to xen-command-line.markdown
Changes from v2:
- Add "flask=" parameter and split off cleanup patch
[PATCH 1/2] flask: clean up initialization and #defines
[PATCH 2/2] flask: create unified "flask=" boot parameter
__
loaded in
enforcing mode if present, but errors will disable access controls until
a successful loadpolicy instead of causing a panic at boot.
Suggested-by: Julien Grall
Signed-off-by: Daniel De Graaf
---
docs/man/xl.pod.1 | 4 ++--
docs/misc/xen-command-line.mar
parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf
Reviewed-by: Wei Liu
---
xen/include/xen/config.h | 4
xen/include/xsm/xsm.h| 2 +-
xen/xsm/flask
On 03/06/2015 07:22 AM, Wei Liu wrote:
On Tue, Mar 03, 2015 at 12:00:19PM -0500, Daniel De Graaf wrote:
[...]
diff --git a/docs/man/xl.pod.1 b/docs/man/xl.pod.1
index 6b89ba8..48b8f98 100644
--- a/docs/man/xl.pod.1
+++ b/docs/man/xl.pod.1
@@ -1441,8 +1441,8 @@ Determine if the FLASK security
loaded in
enforcing mode if present, but errors will disable access controls until
a successful loadpolicy instead of causing a panic at boot.
Suggested-by: Julien Grall
Signed-off-by: Daniel De Graaf
---
docs/man/xl.pod.1| 4 ++--
docs/misc/xsm-flask.txt
parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf
---
xen/include/xen/config.h | 4
xen/include/xsm/xsm.h| 2 +-
xen/xsm/flask/avc.c | 2
This series has changed quite a bit from v2; the focus has changed from
fixing the behavior on failed policy loads to adding the "flask=" boot
parameter. The first patch, which is purely cleanup with no functional
changes, was extracted to simplify review.
[PATCH 1/2] flask: clean up initializati
On 03/03/2015 07:44 AM, Wei Liu wrote:
Translate gawk regex to mawk regex to allow using mawk. The new regex
works on both gawk and mawk.
Signed-off-by: Wei Liu
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http
On 02/24/2015 05:21 AM, Ian Campbell wrote:
On Tue, 2015-02-24 at 09:51 +, Julien Grall wrote:
On 24/02/2015 09:39, Ian Campbell wrote:
On Tue, 2015-02-24 at 09:31 +, Julien Grall wrote:
On 24/02/2015 08:47, Ian Campbell wrote:
On Mon, 2015-02-23 at 12:53 -0500, Daniel De Graaf
()-s here could get proper XENLOG_*
attached.
Will do. I think I will also send a cleanup patch to remove the rather
useless marker messages "Flask: Initializing." and "AVC INITIALIZED";
they convey no useful information.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
ideration
too I suppose?
This may require a bit more thought. At first glance, the dt_phandle
field seems to be an identifier that could be used by FLASK to identify a
device using an ocontext lookup. Labeling would then be done in the same
way as PCI devices and x86 legacy I/O ports.
--
D
guish this case from a successful policy
load in logs.
To clarify that the return value of XSM initcalls is ignored, this patch
also changes the return type of these functions to void.
Reported-by: Julien Grall
Signed-off-by: Daniel De Graaf
---
xen/include/xsm/xsm.h | 2 +-
xen/xsm/flask/ho
On 02/23/2015 10:04 AM, Julien Grall wrote:
Hi Daniel,
On 20/02/15 23:01, Daniel De Graaf wrote:
On 02/20/2015 10:58 AM, Julien Grall wrote:
Each class can contains 32 permisions which are encoded on a word (one
bit per permission).
Currently the awk script will generate an hexadecimal value
arently nobody
ran the script on a system with this bug - in part because nobody ran
Acked-by: Daniel De Graaf
Wow, that's quite an annoying bug. Thankfully, it's more likely to make a
broken system than an insecure one, since doing an access check on the
permission 0x7fff will result
separate labels for each of these memops.
Signed-off-by: Tamas K Lengyel
Acked-by: Daniel De Graaf
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
off-loading the decision making logic into helper
applications when encountering various events during a VM's execution.
Signed-off-by: Tamas K Lengyel
Acked-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xe
which future applications can build
on.
Suggested-by: Andrew Cooper
Signed-off-by: Tamas K Lengyel
Acked-by: Ian Campbell
Acked-by: Kevin Tian
One minor typo, then:
Acked-by: Daniel De Graaf
[...]
diff --git a/xen/xsm/flask/policy/access_vectors
b/xen/xsm/flask/policy/access_vectors
index
ed-by: Daniel De Graaf
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
201 - 300 of 334 matches
Mail list logo