On 8/25/21 11:22 AM, Jan Beulich wrote: > On 05.08.2021 16:06, Daniel P. Smith wrote: >> On Linux when SELinux is put into permissive mode the descretionary access >> controls are still in place. Whereas for Xen when the enforcing state of >> flask >> is set to permissive, all operations for all domains would succeed, i.e. it >> does not fall back to the default access controls. To provide a means to >> mimic >> a similar but not equivalent behavior, a flask op is present to allow a >> one-time switch back to the default access controls, aka the "dummy policy". >> >> This patch removes this flask op to enforce a consistent XSM usage model >> that a >> reboot of Xen is required to change the XSM policy module in use. >> >> Signed-off-by: Daniel P. Smith <dpsm...@apertussolutions.com> > > The primary reason you remove this is - aiui - that with alternatives > patching there's technically not really a way back (would need to re- > patch every patched location, or every hook would need to check whether > state changed to disabled and if so chain on to the dummy function). > This became sufficiently clear to me only when looking at the next > patch. It would be nice if description also said why the change is > needed. As it stands to me the description reads at best like something > that people could have different views on (and initially I didn't mean > to reply here, for not being convinced of the removal of functionality > in the common case). > > Jan >
Ack, I can expand further. v/r, dps
