From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Benjamin Sanda <ben.sanda@dornerworks.com>
Cc: Keir Fraser <keir@xen.org>, Tim Deegan <tim@xen.org>,
Dario Faggioli <dario.faggioli@citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Paul Sujkov <psujkov@gmail.com>,
xen-devel@lists.xenproject.org
Subject: Re: [PATCH 1/6] Flask: Support for ARM xentrace
Date: Fri, 25 Mar 2016 15:27:32 -0400 [thread overview]
Message-ID: <20160325192732.GA14689@char.us.oracle.com> (raw)
In-Reply-To: <1458161499-15313-2-git-send-email-ben.sanda@dornerworks.com>
On Wed, Mar 16, 2016 at 01:51:34PM -0700, Benjamin Sanda wrote:
> From: bensanda <ben.sanda@dornerworks.com>
>
> Modified to provide support for xentrace on the ARM platform. Added flask credential to allow dom0 dom_xen mapping and write access for trace buffers.
So .. what does that mean?
Is that something xentrace requests? Why is this ARM specific?
Looking at xsm_sysctl and how the trace is setup it checks for
XEN__TBUFCONTROL?
But this is more specific?
>
> Signed-off-by: Benjamin Sanda <ben.sanda@dornerworks.com>
> ---
> tools/flask/policy/policy/modules/xen/xen.te | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
> index d35ae22..41d276a 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.te
> +++ b/tools/flask/policy/policy/modules/xen/xen.te
> @@ -90,6 +90,8 @@ allow dom0_t dom0_t:domain2 {
> };
> allow dom0_t dom0_t:resource { add remove };
>
> +allow dom0_t domxen_t:mmu { memorymap map_write };
> +
> # These permissions allow using the FLASK security server to compute access
> # checks locally, which could be used by a domain or service (such as xenstore)
> # that does not have its own security server to make access decisions based on
> --
> 2.7.2
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-25 19:27 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-16 20:51 [PATCH 0/6] xentrace/xenalyze support on ARM Benjamin Sanda
2016-03-16 20:51 ` [PATCH 1/6] Flask: Support for ARM xentrace Benjamin Sanda
2016-03-17 14:56 ` Julien Grall
2016-03-17 15:03 ` Julien Grall
2016-03-25 19:27 ` Konrad Rzeszutek Wilk [this message]
2016-03-28 15:52 ` Ben Sanda
2016-03-16 20:51 ` [PATCH 2/6] xenalyze: Support for ARM platform Benjamin Sanda
2016-03-16 20:59 ` Andrew Cooper
2016-03-17 10:39 ` George Dunlap
2016-03-16 20:51 ` [PATCH 3/6] xentrace: P2M lookup suport " Benjamin Sanda
2016-03-17 16:21 ` Julien Grall
2016-03-28 18:55 ` Ben Sanda
2016-03-30 18:38 ` Julien Grall
2016-03-16 20:51 ` [PATCH 4/6] xentrace: ARM platform DOMID_XEN mapping support Benjamin Sanda
2016-03-17 15:53 ` Julien Grall
2016-03-16 20:51 ` [PATCH 5/6] xentrace: Trace buffer support for ARM platform Benjamin Sanda
2016-03-16 20:51 ` [PATCH 6/6] xentrace: ARM platform timestamp support Benjamin Sanda
2016-03-25 19:31 ` Konrad Rzeszutek Wilk
2016-03-31 16:38 ` Stefano Stabellini
2016-03-31 16:44 ` Ben Sanda
2016-04-01 13:05 ` Stefano Stabellini
2016-03-17 15:00 ` [PATCH 0/6] xentrace/xenalyze support on ARM Julien Grall
2016-03-17 16:50 ` Ben Sanda
2016-03-17 17:01 ` Julien Grall
2016-03-17 17:04 ` Ben Sanda
2016-03-18 17:12 ` Wei Liu
2016-03-17 17:23 ` George Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160325192732.GA14689@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=andrew.cooper3@citrix.com \
--cc=ben.sanda@dornerworks.com \
--cc=dario.faggioli@citrix.com \
--cc=george.dunlap@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=psujkov@gmail.com \
--cc=tim@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.