On 6/2/22 16:32, Daniel P. Smith wrote: > On 5/31/22 10:56, Daniel P. Smith wrote: >> This commit implements full support for starting the idle domain privileged >> by >> introducing a new flask label xenboot_t which the idle domain is labeled with >> at creation. It then provides the implementation for the XSM hook >> xsm_set_system_active to relabel the idle domain to the existing xen_t flask >> label. >> >> In the reference flask policy a new macro, xen_build_domain(target), is >> introduced for creating policies for dom0less/hyperlaunch allowing the >> hypervisor to create and assign the necessary resources for domain >> construction. >> >> Signed-off-by: Daniel P. Smith <[email protected]> >> Reviewed-by: Jason Andryuk <[email protected]> >> Reviewed-by: Luca Fancellu <[email protected]> >> Tested-by: Luca Fancellu <[email protected]> > > I am still debugging, but I now have a dom0 crashing due to an AVC that > is being tripped with this patch applied to the tip of staging. I just > wanted to give a heads-up, and I will follow back up once I can > determine the root cause.
Please ignore and my apologies for the noise. The updated policy file was not getting synced into the test environment. v/r, dps
