On 06/20/2016 10:35 AM, Doug Goldstein wrote:
On 6/20/16 9:04 AM, Daniel De Graaf wrote:
This operation has no known users, and is primarily useful when an MLS
policy is in use (which has never been shipped with Xen). In addition,
the information it provides does not actually depend on hypervisor
state (only on the XSM policy), so an application that needs it could
compute the results without needing to involve the hypervisor.
So if I read this language correctly. Removing this does not affect
someone being able to build a MLS policy at a later date right?
Correct; that support is still there. This hypercall was used to
compute a list of reachable security contexts for a given user, which
is trivial in a non-MLS policy but more complex when one is being
used. This computation makes more sense on Linux (where creating
new contexts via "exec" is common) than on Xen (where normally a
domain cannot create another).
--
Daniel De Graaf
National Security Agency
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
