From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ian Campbell <ian.campbell@citrix.com>
Subject: Re: [PATCH] libxl: assigned a default ssid_label (XSM
 label) to guests
Date: Mon, 18 May 2015 11:56:33 +0100
Message-ID: <1431946593.4944.36.camel@citrix.com>
References: <1431599625-9572-1-git-send-email-ian.campbell@citrix.com>
	<55548553.7060700@citrix.com> <1431604483.13579.60.camel@citrix.com>
	<55552B0E.8050807@tycho.nsa.gov> <1431682741.8943.45.camel@citrix.com>
	<55562846.8030703@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <55562846.8030703@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Julien Grall <julien.grall@citrix.com>, wei.liu2@citrix.com, ian.jackson@eu.citrix.com, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Fri, 2015-05-15 at 13:09 -0400, Daniel De Graaf wrote:
> > I'd be inclined to go the other way and either have a default ssid for
> > the DM or to fail if one isn't given (the latter would probably happen
> > anyway due to enforcement?).
> 
> Yes, it would probably fail at xc_domain_set_target in enforcing mode.
> 
> > Sounds like the default ssidref should be either ~= domU_t of domHVM_t
> > depending on the type of domain? (domU_t is really domPV_t?)
> 
> The domU_t type also works for HVM domains with the device model in dom0.
> 
> Looking at the problem again, I think a second initial SID for the device
> model would be preferable, removing domHVM_t completely.  There are already
> other example types in the policy for domains that do not use a device model
> (isolated_domU_t is probably the best example), and the result more closely
> matches the permissions used in the hypervisor without XSM enabled.

I'm aroundabout half sure what you are proposing here, but I trust it
makes sense ;-).

I think for now I will investigate using a default ssid for all domains,
which AIUI from above will work out of the box with PV guests and HVM
ones which have qemu in dom0.

For the stubdom case I think I'll leave it to you to change the default
policy, at which point I'll be happy to extend things to a default ssid
for stubdom too.

Ian.