_get_l3_info -> XEN_SYSCTL_PSR_get_l3_info
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
in production, introduce
__xsm_action_mismatch_detected for llvm coverage builds.
Signed-off-by: Roger Pau Monné <roger@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists
On 10/20/2017 02:14 AM, Jan Beulich wrote:
On 19.10.17 at 19:36, wrote:
On 10/19/2017 07:58 AM, Jan Beulich wrote:
On 19.10.17 at 04:36, wrote:
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -516,7 +516,8 @@ static XSM_INLINE int
On 10/19/2017 08:55 PM, Zhongze Liu wrote:
2017-10-20 8:34 GMT+08:00 Zhongze Liu <blacksk...@gmail.com>:
Hi Daniel,
2017-10-20 1:36 GMT+08:00 Daniel De Graaf <dgde...@tycho.nsa.gov>:
On 10/18/2017 10:36 PM, Zhongze Liu wrote:
The original dummy xsm_map_gmfn_foregin checks if s
On 10/19/2017 07:58 AM, Jan Beulich wrote:
On 19.10.17 at 04:36, wrote:
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -516,7 +516,8 @@ static XSM_INLINE int
xsm_remove_from_physmap(XSM_DEFAULT_ARG struct domain *d1,
static XSM_INLINE int
domains that allow grant mapping/event
channels.
This is for the proposal "Allow setting up shared memory areas between VMs
from xl config file" (see [1]).
[1] https://lists.xen.org/archives/html/xen-devel/2017-08/msg03242.html
Signed-off-by: Zhongze Liu <blacksk...@gmail.com>
Cc:
the new op is not intrinsicly specific to the x86 architecture,
I have no means to test it on an ARM platform and so cannot verify
that it functions correctly.
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tych
_get_l3_info -> XEN_SYSCTL_PSR_get_l3_info
Signed-off-by: Yi Sun <yi.y@linux.intel.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Roger Pau Monné <roger@citrix.com>
Acked-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
__
jgr...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 09/07/2017 09:47 AM, Juergen Gross wrote:
Add a domctl hypercall to set the domain's resource limits regarding
grant tables. It is accepted only as long as neither
gnttab_setup_table() has been called for the domain, nor the domain
has started to run.
Signed-off-by: Juergen Gross
jgr...@suse.com>
Reviewed-by: Paul Durrant <paul.durr...@citrix.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 08/24/2017 08:39 AM, Jan Beulich wrote:
On 24.08.17 at 13:33, wrote:
Hi Jan,
2017-08-24 14:37 GMT+08:00 Jan Beulich :
On 24.08.17 at 02:51, wrote:
2017-08-23 17:55 GMT+08:00 Jan Beulich :
On 22.08.17 at
use the new
primitives, with policy entries that do not require an active IOMMU.
Signed-off-by: Christopher Clark <christopher.cla...@baesystems.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
To be honest, for this kind of a change I would have hoped for
a Reviewed-by (by you o
;
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Cc: Daniel De Graaf <dgde...@tycho.nsa.gov>
Cc: xen-devel@lists.xen.org
---
xen/arch/arm/mm.c | 2 +-
xen/arch/x86/mm/p2m.c | 2 +-
xen/include/xsm/dummy.h | 6 --
xen/include/xsm/xs
<christopher.cla...@baesystems.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
One additional note: if this type of permission expansion needs to be
applied to more permissions based on hypervisor settings, it may be
useful to look at other solutions (such as policy booleans) to im
to a particular domain.
Drop XSM's test_assign_{,dt}device hooks as no longer being
individually useful.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.x
'. E.g.:
1. psr_cat_op -> psr_alloc_op
2. XEN_DOMCTL_psr_cat_op -> XEN_DOMCTL_psr_alloc_op
3. XEN_SYSCTL_psr_cat_op -> XEN_SYSCTL_psr_alloc_op
The sysctl/domctl version numbers are bumped.
Signed-off-by: Yi Sun <yi.y@linux.intel.com>
Acked-by: Daniel De Graaf <dgd
On 08/14/2017 03:08 AM, Juergen Gross wrote:
Add a sysctl hypercall to support setting parameters similar to
command line parameters, but at runtime. The parameters to set are
specified as a string, just like the boot parameters.
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.
On 08/14/2017 03:08 AM, Juergen Gross wrote:
Modify the custom parameter parsing routines in:
xen/xsm/flask/flask_op.c
to indicate whether the parameter value was parsed successfully.
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen
On 06/28/2017 07:16 AM, Andrew Cooper wrote:
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
Thanks for catching this!
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
result in a security issue there.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
xen/xsm/flask/hooks.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index 819e25d3af..57be18d6d4 100644
--- a/xen/xsm/flask/h
On 08/09/2017 03:07 AM, Juergen Gross wrote:
Add a sysctl hypercall to support setting parameters similar to
command line parameters, but at runtime. The parameters to set are
specified as a string, just like the boot parameters.
Looks good, except for one thing:
+case
On 08/09/2017 03:06 AM, Juergen Gross wrote:
Modify the custom parameter parsing routines in:
xen/xsm/flask/flask_op.c
to indicate whether the parameter value was parsed successfully.
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen
On 06/23/2017 11:00 AM, Jan Beulich wrote:
So far callers of the libxc interface passed in a domain ID which was
then ignored in the hypervisor. Instead, make the hypervisor honor it
(accepting DOMID_INVALID to obtain original behavior), allowing to
query whether a device can be assigned to a
o{port,mem,q}_permission
functions too.
Alternatively, you could assume that the PCI device and its associated
resources all have the same label (which will be almost always be true in a
properly configured system) and just use this as an early bail out to avoid
user mistakes.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
s long as it's done on
occasional builds. Alternatively, it could be done by a static analysis tool,
but I've not looked into how to do that with Coverity.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
functionality.
Signed-off-by: Roger Pau Monné <roger@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
-by: Tamas K Lengyel <tamas.leng...@zentific.com>
Signed-off-by: Sergej Proskurin <prosku...@sec.in.tum.de>
Acked-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-d
enabling XSM effectively forces the
value of this setting to "mixed", and "limited" is impossible to use with XSM.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
This also fixes
the behavior of do_xenpmu_op, which will now return -EINVAL for unknown
XENPMU_* operations, instead of -EPERM when called by a privileged domain.
Signed-off-by: Roger Pau Monné <roger@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
This also looks like
On 01/25/2017 05:43 AM, Wei Liu wrote:
In 58cbc034 send_irq permission was removed but there was still
reference to it in policy file. Remove the stale reference.
And now we also need dm permission. Add that.
Signed-off-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf
On 01/25/2017 09:24 AM, Andrew Cooper wrote:
Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Jan Beulich <jbeul...@suse.com>
CC: Daniel De Graaf <dgde...@tycho.nsa.gov>
CC: Paul Durrant <paul.durr...@citrix.com>
CC: Ian Jackson <ian.jack...@eu.c
. In practice
the value passed was always truncated to 32 bits.
Suggested-by: Jan Beulich <jbeul...@suse.com>
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-deve
<jbeul...@suse.com>
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
was always truncated to 32 bits.
Suggested-by: Jan Beulich <jbeul...@suse.com>
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
htt
.
Suggested-by: Jan Beulich <jbeul...@suse.com>
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
Jan Beulich <jbeul...@suse.com>
Cc: Daniel De Graaf <dgde...@tycho.nsa.gov>
Cc: Ian Jackson <ian.jack...@eu.citrix.com>
Acked-by: Wei Liu <wei.l...@citrix.com>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
On 01/17/2017 12:29 PM, Paul Durrant wrote:
The definitions of HVM_IOREQSRV_BUFIOREQ_* have to persist as they are
already in use by callers of the libxc interface.
Suggested-by: Jan Beulich <jbeul...@suse.com>
Signed-off-by: Paul Durrant <paul.durr...@citrix.com>
Acked-by: Dan
nnifer.herb...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 12/19/2016 11:03 PM, Doug Goldstein wrote:
On 12/19/16 10:02 AM, Doug Goldstein wrote:
On 12/14/16 3:09 PM, Daniel De Graaf wrote:
On 12/12/2016 09:00 AM, Anshul Makkar wrote:
During guest migrate allow permission to prevent
spurious page faults.
Prevents these errors:
d73: Non-privileged
On 01/03/2017 09:04 AM, Boris Ostrovsky wrote:
This domctl will allow toolstack to read and write some
ACPI registers. It will be available to both x86 and ARM
but will be implemented first only for x86
Signed-off-by: Boris Ostrovsky <boris.ostrov...@oracle.com>
Acked-by: Daniel De
=system_u:system_r:domU_t tclass=domain
GPU passthrough for hvm guest:
avc: denied { send_irq } for domid=0 target=10
scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=hvm
Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com>
Acked-by: Daniel De Graaf
ook correct, though I have not compiled & looked
at the resulting manpages.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 11/10/2016 04:23 AM, Cédric Bosdonnat wrote:
Gcc6 build reports misleading indentation as warnings. Fix a few
warnings in stubdom.
Signed-off-by: Cédric Bosdonnat <cbosdon...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
<boris.ostrov...@oracle.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
(which results in an XSM check with the source xen_t). It does not make
sense to deny these permissions; no domain should be using xen_t, and
forbidding the hypervisor from performing cleanup is not useful.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Cc: Andrew Cooper <an
output file names with FLASK_BUILD_DIR. Hypervisor and tools
build will set that variable to different directories, so that we can
be safe from races.
Adjust other bits of the build system as needed.
Signed-off-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tych
On 10/13/2016 10:37 AM, Wei Liu wrote:
Signed-off-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 08/24/2016 04:06 AM, Jan Beulich wrote:
Non-debugging message text should be (and is in the cases here)
distinguishable without also logging function names.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tych
t more clear that it is required for all ops.
Signed-off-by: Tamas K Lengyel <tamas.leng...@zentific.com>
Signed-off-by: Sergej Proskurin <prosku...@sec.in.tum.de>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-deve
).
This at once avoids a for_each_domain() loop when the ID of an
existing domain gets passed in.
Reported-by: Marek Marczykowski-Górecki <marma...@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
[...]
I
at it's clearer what the XSM check is
inspecting to determine what to do, especially in this case where it changes
what permissions are actually being enforced (in the non-FLASK case).
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing
r Makefile will use Makefile.common to build xsm
policy.
Signed-off-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Thanks for fixing this; I intended the build to remain separate but
never actually de-configured a build tree to test.
Using git-se
er changes, I agree Doug's rewording is a bit clearer than the
original.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
-in policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Reviewed-by: Jan Beulich <jb
This makes the buffers function parameters instead of globals, in
preparation for adding alternate locations for the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Jan Beulich <jbeul...@suse.com>
---
Changes since v5:
- Adjusted __init annotati
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 07/06/2016 12:19 PM, anshul makkar wrote:
On 06/07/16 16:59, Daniel De Graaf wrote:
On 07/06/2016 11:34 AM, anshul makkar wrote:
Hi,
It allows the resource to be added and removed by the source domain to
target domain, but its use by target domain is blocked.
This rule only mandates
This makes the buffers function parameters instead of globals, in
preparation for adding alternate locations for the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
This patch is new in v5.
xen/include/xsm/xsm.h| 13 ++---
xen/xsm/flask/h
-in policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
---
Changes since v4:
- Fixed
dom0_t tcontext=system_u:system_r:domU_t
tclass=domain
avc: denied { settime } for domid=0 target=1 scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain
Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com>
Acked-by: Daniel De Graaf <dgde..
passed to
xfree() below (only in ARM); the cast would only be moved. The buffer is
never modified, if that's what you are asking.
The reason that xsm_init_policy is unsigned is to avoid compiler warnings
resulting from assigning values such as 0xF3 to a signed character.
--
Daniel De Graaf
National
n't affect the basic
functionalities, is this "neverallow" rule needed ?
Thanks
Anshul Makkar
The neverallow rules are just there to ensure that the attributes are being
used correctly.
--
Daniel De Graaf
National Security Agency
___
Xe
gt;
Reviewed-by: Paul Durrant <paul.durr...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
On 06/24/2016 06:33 AM, Jan Beulich wrote:
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
On 06/24/2016 06:32 AM, Jan Beulich wrote:
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
an Beulich <jbeul...@suse.com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
ew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
ew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
com>
Reviewed-by: Wei Liu <wei.l...@citrix.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
d-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
nsform from log level numbers to strings and
vice verse. Lower and upper bounds are checked. Add XSM hook.
Signed-off-by: Wei Liu <wei.l...@citrix.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
___
Xen-devel mailing list
Xen-devel@l
-in policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
Changes from v3:
- Make default Kconfig value depend on the presence of checkpolicy
- Use
On 06/30/2016 09:45 AM, Konrad Rzeszutek Wilk wrote:
On Wed, Jun 29, 2016 at 11:09:01AM -0400, Daniel De Graaf wrote:
This adds a Kconfig option and support for including the XSM policy from
tools/flask/policy in the hypervisor so that the bootloader does not
need to provide a policy to get
bility to
remove a vTPM without destroying the client domain (or the driver domain),
so I don't think this ever got tested. I am guessing that the minios and/or
Linux driver is missing a state change step.
--
Daniel De Graaf
National Security Agency
___
Xen
-in policy.
The XSM policy is not moved out of tools because that remains the
primary location for installing and configuring the policy.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
Changes from v2 (dropped acks and reviewed-by):
- Drop linker script changes, use python binar
t answer.
That's fine; I am planning on sending a v3 of this patch that drops
the use of objcopy for a python script converting the policy to an
array in a .c file. This also eliminates the linker script changes.
--
Daniel De Graaf
National Security Agency
___
of a problem. This would change if XSM were to be
enabled by default, because I would then expect "xsm enabled, flask disabled"
to become a more common case - and that does not require a policy.
--
Daniel De Graaf
National Security Agency
___
On 06/24/2016 01:40 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 01:34:29PM -0400, Daniel De Graaf wrote:
On 06/24/2016 12:50 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 05:30:32PM +0100, Julien Grall wrote:
Hello Daniel,
Please try to CC relevant maintainers on your
On 06/24/2016 12:50 PM, Konrad Rzeszutek Wilk wrote:
On Fri, Jun 24, 2016 at 05:30:32PM +0100, Julien Grall wrote:
Hello Daniel,
Please try to CC relevant maintainers on your patch. I would have missed it
if Andrew did not ping me on IRC.
On 20/06/16 15:04, Daniel De Graaf wrote:
This adds
On 06/23/2016 11:22 AM, Marek Marczykowski-Górecki wrote:
On Thu, Jun 23, 2016 at 11:00:42AM -0400, Daniel De Graaf wrote:
On 06/23/2016 09:25 AM, Marek Marczykowski-Górecki wrote:
[...]
Ok, after drawing a flowchart of the control in this function after your
change, on a piece of paper
t_action(XSM_DM_PRIV, current->domain, d);
This makes it clear that xenstore is the special case, and removes the
need for the one-off XSM_XS_PRIV constant.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
target_hack
};
allow $1 $2_target:hvm { getparam setparam trackdirtyvram hvmctl
irqlevel pciroute pcilevel cacheattr send_irq };
')
Jan
Yes, that is what I meant.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@l
etdomaininfo permission
will also need to be added to the device_model macro in xen.if.
--
Daniel De Graaf
National Security Agency
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
Since enabling XSM is required to enable FLASK, place the option for
FLASK below the one for XSM. In addition, since it does not make sense
to enable XSM without any XSM providers, and FLASK is the only XSM
provider, hide the option to disable FLASK under EXPERT.
Signed-off-by: Daniel De Graaf
On 06/20/2016 10:46 AM, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
Since enabling XSM is required to enable FLASK, place the option for
FLASK below the one for XSM. In addition, since it does not make sense
to enable XSM without any XSM providers, and FLASK is the only
On 06/20/2016 10:35 AM, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
This operation has no known users, and is primarily useful when an MLS
policy is in use (which has never been shipped with Xen). In addition,
the information it provides does not actually depend
On 06/20/2016 10:35 AM, Andrew Cooper wrote:
On 20/06/16 15:27, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require
refers to an
overall check in the HVM operation hypercall, which does not exist.
There is no reason to have an operation protected by two different
access checks, so I think that both the previous and patched code
are correct and the "also needs hvmctl" comment should be removed.
With t
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain; see the init-xenstore-domain tool for how this
type needs to be used.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Revie
When the all_system_role module is enabled, any domain type can be
created using the system_r role, which was the default. When it is
disabled, domains not using the default types (dom0_t and domU_t) must
use another role such as vm_r.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.
accessing another type.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
---
tools/flask/policy/modules/dom0.te | 1 -
tools/flask/policy/modules/xen.if | 7 +++
xen/xsm/flask/hooks.c
, and that can be placed in xsm_core.c.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
---
xen/arch/arm/xen.lds.S | 5 -
xen/arch/x86/xen.lds.S | 5 -
xen/include/xsm/xsm.h | 16
xen/xsm/flask/hooks.c | 4 +---
xen/xsm/xsm_core.c | 13 +
5
The access vectors defined here have never been used by xenstore.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Reviewed-by: Doug Goldstein <car...@cardoe.com>
---
tools/flask/policy/policy/acc
The only possible value of original_ops was _xsm_ops, and
unregister_xsm was never used.
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
---
xen/include
Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Reviewed-by: Doug Goldstein <car...@cardoe.com>
---
.../policy/policy/support/loadable_module.spt | 166 -
tools/flask/policy/policy/suppo
Changes from v1:
- Change c->context and c->sid from arrays to fields when shrinking
- Keep struct xen_flask_userlist in headers, but guard it with #ifs
- Split off Kconfig changes into their own patches
- Add patch 16 (AVC_STATS in Kconfig)
- Prevent free() of static data in xsm_dt_init
-in policy.
Enabling this option only builds the policy if checkpolicy is available
during compilation of the hypervisor; otherwise, it does nothing. The
XSM policy is not moved out of tools because that remains the primary
location for installing and configuring the policy.
Signed-off-by: Daniel De
1 - 100 of 321 matches
Mail list logo