From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ed White Subject: Re: [PATCH v2 12/12] x86/altp2m: XSM hooks for altp2m HVM ops Date: Fri, 26 Jun 2015 12:35:10 -0700 Message-ID: <558DA96E.3090704@intel.com> References: <1434999372-3688-1-git-send-email-edmund.h.white@intel.com> <1434999372-3688-13-git-send-email-edmund.h.white@intel.com> <558DA6D0.9050702@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <558DA6D0.9050702@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Daniel De Graaf , xen-devel@lists.xen.org Cc: Ravi Sahita , Wei Liu , Ian Jackson , Tim Deegan , Jan Beulich , Andrew Cooper , tlengyel@novetta.com List-Id: xen-devel@lists.xenproject.org On 06/26/2015 12:24 PM, Daniel De Graaf wrote: > On 06/22/2015 02:56 PM, Ed White wrote: >> From: Ravi Sahita >> >> Signed-off-by: Ravi Sahita > > One comment, below. > > [...] >> diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if >> index f4cde11..c95109f 100644 >> --- a/tools/flask/policy/policy/modules/xen/xen.if >> +++ b/tools/flask/policy/policy/modules/xen/xen.if >> @@ -8,7 +8,7 @@ >> define(`declare_domain_common', ` >> allow $1 $2:grant { query setup }; >> allow $1 $2:mmu { adjust physmap map_read map_write stat pinpage updatemp mmuext_op }; >> - allow $1 $2:hvm { getparam setparam }; >> + allow $1 $2:hvm { getparam setparam altp2mhvm altp2mhvm_op }; >> allow $1 $2:domain2 get_vnumainfo; >> ') > > This allows any domain to enable altp2m on itself; I think you meant to > only allow altp2mhvm_op here, requiring a privileged domain to first > enable the feature on a domain before anyone can use it. > We certainly don't want to unconditionally disallow that. We want the policy to offer the ability to choose whether it's allowed or not. Does the patch do that? Ed