> From: Christopher Clark <christopher.w.cl...@gmail.com> > Subject: [PATCH v3 11/15] xsm, argo: XSM control for argo register > > XSM controls for argo ring registration with two distinct cases, where > the ring being registered is: > > 1) Single source: registering a ring for communication to receive messages > from a specified single other domain. > Default policy: allow. > > 2) Any source: registering a ring for communication to receive messages > from any, or all, other domains (ie. wildcard). > Default policy: deny, with runtime policy configuration via bootparam. > > The existing argo-mac boot parameter indicates administrator preference for > either permissive or strict access control, which will allow or deny > registration of any-sender rings. > > This commit modifies the signature of core XSM hook functions in order to > apply 'const' to arguments, needed in order for 'const' to be accepted in > signature of functions that invoke them. > > Signed-off-by: Christopher Clark <christopher.cla...@baesystems.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> While it does not need to be a part of this patch, somewhere in the series you should add a rule allowing these features to be used by guests in the default XSM policy; tools/flask/policy/modules/guest_features.te is where features like this have previously been handled. Since you're adding permissions one at a time, you could add the rules all at once or as a part of the patch adding the vector. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
