From: Doug Goldstein <cardoe@cardoe.com>
To: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
dgdegra@tycho.nsa.gov, xen-devel@lists.xenproject.org,
andrew.cooper3@citrix.com, Machon Gregory <mbgrego@tycho.nsa.gov>
Subject: Re: XSM permissive by default.
Date: Tue, 8 Mar 2016 20:11:31 -0600 [thread overview]
Message-ID: <56DF8653.9060705@cardoe.com> (raw)
In-Reply-To: <20160309015100.GA5420@localhost.localdomain>
[-- Attachment #1.1.1: Type: text/plain, Size: 1338 bytes --]
On 3/8/16 7:51 PM, Konrad Rzeszutek Wilk wrote:
> Hey,
>
> I was wondering if it we should change the default flask_bootparam
> option from permissive to disabled?
>
> The reason being is that I was startled to see that my xSplice
> code was able to patch the hypervisor from within an PV guest!
>
> Further testing showed that I could do 'xl debug-keys R' from
> within the guests. This being possible with released 4.6 if I have
> XSM enabled.
>
> All of this is due to the fact that I had forgotten to load the policy,
> but Xen just told me:
>
> Flask: Access controls disabled until policy is loaded.
>
> which is an understatement. I somehow had expected that if no
> policy was loaded it would revert to the dummy one which has the
> same permission as the non-XSM build. Ha! What a surprise..
That's certainly been my assumption as well.
>
> Now that the XSM is enabled via config it becomes much more
> easy to enable it..
>
> Or perhaps change the code to flask so that if there are any
> errors loading the policy it uses the dummy one?
>
To me that's what that error message from flask meant so I think that's
the most sane default. Being in a worse state than if you had built
without it.
Machon, Something to consider for the Yocto builds as well.
--
Doug Goldstein
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-03-09 2:11 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-09 1:51 XSM permissive by default Konrad Rzeszutek Wilk
2016-03-09 2:11 ` Doug Goldstein [this message]
2016-03-09 13:24 ` Andrew Cooper
2016-03-09 21:17 ` Konrad Rzeszutek Wilk
2016-03-09 22:09 ` Daniel De Graaf
2016-03-10 2:40 ` Doug Goldstein
2016-03-10 17:10 ` Konrad Rzeszutek Wilk
2016-03-10 17:34 ` Doug Goldstein
2016-03-10 17:44 ` Andrew Cooper
2016-03-10 18:30 ` [PATCH] flask: change default state to enforcing Daniel De Graaf
2016-03-10 19:12 ` Konrad Rzeszutek Wilk
2016-03-10 19:37 ` Daniel De Graaf
2016-03-15 14:48 ` Anshul Makkar
2016-03-11 9:07 ` Jan Beulich
2016-03-11 14:58 ` Konrad Rzeszutek Wilk
2016-03-11 15:39 ` Daniel De Graaf
2016-03-11 15:43 ` Jan Beulich
2016-03-11 15:51 ` Daniel De Graaf
2016-04-04 17:12 ` XSM permissive by default Ian Jackson
2016-04-05 8:03 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DF8653.9060705@cardoe.com \
--to=cardoe@cardoe.com \
--cc=andrew.cooper3@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=konrad.wilk@oracle.com \
--cc=mbgrego@tycho.nsa.gov \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.