subject:"\[Xen\-devel\] \[PATCH v2 00\/17\] XSM\/FLASK updates for 4.8"

Re: [Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

2016-06-27 Thread Andrew Cooper

On 21/06/16 16:24, Andrew Cooper wrote:
> On 20/06/16 15:04, Daniel De Graaf wrote:
>> Changes from v1:
>>  - Change c->context and c->sid from arrays to fields when shrinking
>>  - Keep struct xen_flask_userlist in headers, but guard it with #ifs
>>  - Split off Kconfig changes into their own patches
>>  - Add patch 16 (AVC_STATS in Kconfig)
>>  - Prevent free() of static data in xsm_dt_init
>>
>> FLASK policy updates:
>>  [PATCH 01/17] flask/policy: split into modules
>>  [PATCH 02/17] flask/policy: split out rules for system_r
>>  [PATCH 03/17] flask/policy: move user definitions and constraints
>>  [PATCH 04/17] flask/policy: remove unused support for binary modules
>>  [PATCH 05/17] flask/policy: xenstore stubdom policy
>>  [PATCH 06/17] flask/policy: remove unused example
>>
>> Hypervisor updates to the FLASK security server:
>>  [PATCH 07/17] flask: unify {get,set}vcpucontext permissions
>>  [PATCH 08/17] flask: remove unused secondary context in ocontext
>>  [PATCH 09/17] flask: remove unused AVC callback functions
>>  [PATCH 10/17] flask: remove xen_flask_userlist operation
>>  [PATCH 11/17] flask: improve unknown permission handling
>>
>> Hypervisor updates to the XSM framework (and its config):
>>  [PATCH 12/17] xen/xsm: remove .xsm_initcall.init section
>>  [PATCH 13/17] xen: fix FLASK dependency in Kconfig
>>  [PATCH 14/17] xsm: annotate setup functions with __init
>>  [PATCH 15/17] xsm: clean up unregistration
>>  [PATCH 16/17] xen: Make FLASK_AVC_STATS kconfig option visible
>>  [PATCH 17/17] xsm: add a default policy to .init.data
> I have committed the first two sections.  Patch 12 requires an ARM ack,
> and patch 13 has some outstanding discussion.

In the interest of getting this work more widely tested, I have pushed
the remaining patches, now that acks have appeared.

~Andrew

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

2016-06-21 Thread Andrew Cooper

On 20/06/16 15:04, Daniel De Graaf wrote:
> Changes from v1:
>  - Change c->context and c->sid from arrays to fields when shrinking
>  - Keep struct xen_flask_userlist in headers, but guard it with #ifs
>  - Split off Kconfig changes into their own patches
>  - Add patch 16 (AVC_STATS in Kconfig)
>  - Prevent free() of static data in xsm_dt_init
>
> FLASK policy updates:
>  [PATCH 01/17] flask/policy: split into modules
>  [PATCH 02/17] flask/policy: split out rules for system_r
>  [PATCH 03/17] flask/policy: move user definitions and constraints
>  [PATCH 04/17] flask/policy: remove unused support for binary modules
>  [PATCH 05/17] flask/policy: xenstore stubdom policy
>  [PATCH 06/17] flask/policy: remove unused example
>
> Hypervisor updates to the FLASK security server:
>  [PATCH 07/17] flask: unify {get,set}vcpucontext permissions
>  [PATCH 08/17] flask: remove unused secondary context in ocontext
>  [PATCH 09/17] flask: remove unused AVC callback functions
>  [PATCH 10/17] flask: remove xen_flask_userlist operation
>  [PATCH 11/17] flask: improve unknown permission handling
>
> Hypervisor updates to the XSM framework (and its config):
>  [PATCH 12/17] xen/xsm: remove .xsm_initcall.init section
>  [PATCH 13/17] xen: fix FLASK dependency in Kconfig
>  [PATCH 14/17] xsm: annotate setup functions with __init
>  [PATCH 15/17] xsm: clean up unregistration
>  [PATCH 16/17] xen: Make FLASK_AVC_STATS kconfig option visible
>  [PATCH 17/17] xsm: add a default policy to .init.data

I have committed the first two sections.  Patch 12 requires an ARM ack,
and patch 13 has some outstanding discussion.

~Andrew

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

[Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

2016-06-20 Thread Daniel De Graaf

Changes from v1:
 - Change c->context and c->sid from arrays to fields when shrinking
 - Keep struct xen_flask_userlist in headers, but guard it with #ifs
 - Split off Kconfig changes into their own patches
 - Add patch 16 (AVC_STATS in Kconfig)
 - Prevent free() of static data in xsm_dt_init

FLASK policy updates:
 [PATCH 01/17] flask/policy: split into modules
 [PATCH 02/17] flask/policy: split out rules for system_r
 [PATCH 03/17] flask/policy: move user definitions and constraints
 [PATCH 04/17] flask/policy: remove unused support for binary modules
 [PATCH 05/17] flask/policy: xenstore stubdom policy
 [PATCH 06/17] flask/policy: remove unused example

Hypervisor updates to the FLASK security server:
 [PATCH 07/17] flask: unify {get,set}vcpucontext permissions
 [PATCH 08/17] flask: remove unused secondary context in ocontext
 [PATCH 09/17] flask: remove unused AVC callback functions
 [PATCH 10/17] flask: remove xen_flask_userlist operation
 [PATCH 11/17] flask: improve unknown permission handling

Hypervisor updates to the XSM framework (and its config):
 [PATCH 12/17] xen/xsm: remove .xsm_initcall.init section
 [PATCH 13/17] xen: fix FLASK dependency in Kconfig
 [PATCH 14/17] xsm: annotate setup functions with __init
 [PATCH 15/17] xsm: clean up unregistration
 [PATCH 16/17] xen: Make FLASK_AVC_STATS kconfig option visible
 [PATCH 17/17] xsm: add a default policy to .init.data

___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

Re: [Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

[Xen-devel] [PATCH v2 00/17] XSM/FLASK updates for 4.8

3 matches

Site Navigation

Mail list logo

Footer information