From: David Palmer <dwpalmer.xense@gmail.com>
To: Reiner Sailer <sailer@us.ibm.com>
Cc: xen-devel@lists.xensource.com, Stefan Berger <stefanb@us.ibm.com>,
xense-devel@lists.xensource.com
Subject: Re: [Xense-devel] [PATCH] ACM: adding get_ssid command and cleanup
Date: Fri, 2 Sep 2005 11:41:28 -0700 [thread overview]
Message-ID: <7d415b2805090211411f117b03@mail.gmail.com> (raw)
In-Reply-To: <OF93EA0DFA.6835D1D3-ON85257070.001074DC-85257070.0012EDAD@us.ibm.com>
[-- Attachment #1.1: Type: text/plain, Size: 2094 bytes --]
Reiner,
I've looked over the code. As input, it takes either an SSID or a DomainID.
If given a DomainID, it looks up the domain's SSID. It then returns two
arrays of 0's and 1's. One array is a row from the STE-Type matrix and the
other is a row from the ChWall-Type matrix corresponding to the given SSID.
My question then: What constitutes a legitimate use vs. a clear abuse of
this information?
For example, lets say I create a domain that manages a resource. When
another domain connects, the resource domain checks for a specific type
using get_ssid() on the subject's DomainID and indexes one of the arrays
with the type number. If the type is set, then it provides the "Privileged"
interface with the other domain. If it is not set, then it provides the
"Unprivileged" interface with the domain. Is this legitimate or an abuse of
the function? Why or why not?
Dave
On 9/1/05, Reiner Sailer <sailer@us.ibm.com> wrote:
>
>
> This patch:
>
> * adds a get_ssid ACM command that allows privileged domains to retrieve
> types for either a given ssid reference or a given domain id (of a running
> domain); this command can be used to extend access control into device
> domains, e.g., to control network traffic currently moving through Domain
> 0 uncontrolled by the ACM policy
>
> * adds a script getlabel.sh that allows users inside Dom0 to retrieve the
> label for a given ssid reference or a given domain id (multiple labels might
> map onto a single ssid reference)
>
> * cleans up label-related code in tools/security by merging common
> functions into labelfuncs.sh
>
> * cleans up ACM code related to above changes (eventually approximating a
> common coding style)
>
> Comments welcome.
>
> Thanks
> Reiner
>
> Signed-off-by Reiner Sailer <sailer@us.ibm.com>
> Signed-off by Stefan Berger <stefanb@us.ibm.com>
>
>
>
> _______________________________________________
> Xense-devel mailing list
> Xense-devel@lists.xensource.com
> http://lists.xensource.com/xense-devel
>
>
>
>
[-- Attachment #1.2: Type: text/html, Size: 3275 bytes --]
[-- Attachment #2: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next prev parent reply other threads:[~2005-09-02 18:41 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-02 3:26 [PATCH] ACM: adding get_ssid command and cleanup Reiner Sailer
2005-09-02 18:41 ` David Palmer [this message]
2005-09-03 2:53 ` [Xense-devel] " Reiner Sailer
2005-09-03 16:49 ` David Palmer
2005-09-03 20:16 ` Reiner Sailer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7d415b2805090211411f117b03@mail.gmail.com \
--to=dwpalmer.xense@gmail.com \
--cc=sailer@us.ibm.com \
--cc=stefanb@us.ibm.com \
--cc=xen-devel@lists.xensource.com \
--cc=xense-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.