On Wed, Apr 06, 2016 at 03:35:59PM -0400, Daniel De Graaf wrote: > The previous default of "permissive" is meant for developing or > debugging a disaggregated system. However, this default makes it too > easy to accidentally boot a machine in this state, which does not place > any restrictions on guests. This is not suitable for normal systems > because any guest can perform any operation (including operations like > rebooting the machine, kexec, and reading or writing another domain's > memory). > > This change will cause the boot to fail if you do not specify an XSM > policy during boot; if you need to load a policy from dom0, use the > "flask=late" boot parameter. > > Original patch by Konrad Rzeszutek Wilk <konrad.w...@oracle.com>; modified > to also change the default value of flask_enforcing so that the policy > is not still in permissive mode. This also removes the (no longer > documented) command line argument directly changing that variable since > it has been superseded by the flask= parameter. > > Signed-off-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Reviewed and applied. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
