From: Tim Deegan <tim@xen.org>
To: Jan Beulich <JBeulich@suse.com>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>,
keir@xen.org, xen-devel@lists.xen.org
Subject: Re: [PATCH v5] Merge IS_PRIV checks into XSM hooks
Date: Mon, 19 Nov 2012 10:26:47 +0000 [thread overview]
Message-ID: <20121119102647.GA31411@ocelot.phlegethon.org> (raw)
In-Reply-To: <50AA0DCE02000078000A9972@nat28.tlf.novell.com>
At 09:45 +0000 on 19 Nov (1353318334), Jan Beulich wrote:
> As to getting the series applied, I suppose that'll be a little difficult,
> as it mixes changes to various parts of the tree, and hence no
> single maintainer would generally be able to apply the whole series
> without respective other parts fully acked by the corresponding
> maintainers. Is there a way to either indicate eventual fully
> standalone patches, or order/split it so that at least tools side and
> hypervisor side changes are separated from one another, or mixed
> patches all go at the beginning or end of the series?
This whole series makes me very uncomfortable. I can see its usefulness,
and as a supporter of disaggregations I like the idea of fine-grained
control, but it really does obscure the security checks, and makes it
less likely that people implementing new operations will get their
security checks right.
Since there are only a small number of default checks (IS_PRIV,
IS_PRIV_FOR, self-only, ???), I wonder whether they could be explicitly
included in the xsm invocation (as some sort of 'enum
xsm-default-policy' argument), to make it clear what's going on without
the reader having to grobble around in xsm files?
Cheers,
Tim.
next prev parent reply other threads:[~2012-11-19 10:26 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-16 18:28 [PATCH v5] Merge IS_PRIV checks into XSM hooks Daniel De Graaf
2012-11-16 18:28 ` [PATCH 01/19] libxl: introduce XSM relabel on build Daniel De Graaf
2012-11-19 10:42 ` Ian Campbell
2012-11-20 16:38 ` Daniel De Graaf
2012-11-16 18:28 ` [PATCH 02/19] flask/policy: Add domain relabel example Daniel De Graaf
2012-11-19 10:46 ` Ian Campbell
2012-11-20 17:26 ` Daniel De Graaf
2012-11-16 18:28 ` [PATCH 03/19] arch/x86: add distinct XSM hooks for map/unmap Daniel De Graaf
2012-11-19 8:59 ` Jan Beulich
2012-11-19 14:53 ` Daniel De Graaf
2012-11-20 16:39 ` Jan Beulich
2012-11-16 18:28 ` [PATCH 04/19] xsm/flask: Add checks on the domain performing the set_target operation Daniel De Graaf
2012-11-16 18:28 ` [PATCH 05/19] xsm: Use the dummy XSM module if XSM is disabled Daniel De Graaf
2012-11-16 18:28 ` [PATCH 06/19] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-11-19 9:08 ` Jan Beulich
2012-11-19 14:59 ` Daniel De Graaf
2012-11-19 15:43 ` Jan Beulich
2012-11-19 11:00 ` Ian Campbell
2012-11-19 15:16 ` Daniel De Graaf
2012-11-16 18:28 ` [PATCH 07/19] xen: avoid calling rcu_lock_*target_domain when an XSM hook exists Daniel De Graaf
2012-11-16 18:28 ` [PATCH 08/19] arch/x86: convert platform_hypercall to use XSM Daniel De Graaf
2012-11-16 18:28 ` [PATCH 09/19] xen: lock target domain in do_domctl common code Daniel De Graaf
2012-11-19 9:24 ` Jan Beulich
2012-11-19 15:20 ` Daniel De Graaf
2012-11-20 16:40 ` Jan Beulich
2012-11-20 16:44 ` Daniel De Graaf
2012-11-20 16:53 ` Jan Beulich
2012-11-16 18:28 ` [PATCH 10/19] xen: convert do_domctl to use XSM Daniel De Graaf
2012-11-16 18:28 ` [PATCH 11/19] xen: convert do_sysctl " Daniel De Graaf
2012-11-16 18:28 ` [PATCH 12/19] xsm/flask: add missing hooks Daniel De Graaf
2012-11-16 18:28 ` [PATCH 13/19] xsm/flask: add distinct SIDs for self/target access Daniel De Graaf
2012-11-16 18:28 ` [PATCH 14/19] arch/x86: Add missing mem_sharing XSM hooks Daniel De Graaf
2012-11-16 18:28 ` [PATCH 15/19] arch/x86: use XSM hooks for get_pg_owner access checks Daniel De Graaf
2012-11-16 18:28 ` [PATCH 16/19] xen: Add XSM hook for XENMEM_exchange Daniel De Graaf
2012-11-16 18:28 ` [PATCH 17/19] tmem: add XSM hooks Daniel De Graaf
2012-11-16 18:28 ` [PATCH 18/19] xen/arch/*: add struct domain parameter to arch_do_domctl Daniel De Graaf
2012-11-16 18:28 ` [PATCH 19/19] flask: move policy headers into hypervisor Daniel De Graaf
2012-11-19 9:45 ` [PATCH v5] Merge IS_PRIV checks into XSM hooks Jan Beulich
2012-11-19 10:26 ` Tim Deegan [this message]
2012-11-19 15:49 ` Daniel De Graaf
2012-11-19 21:28 ` [PATCH RFC 0/5] XSM hook renames and cleanup Daniel De Graaf
2012-11-19 21:28 ` [PATCH 1/5] Remove XSM_DEFAULT macro Daniel De Graaf
2012-11-19 21:28 ` [PATCH 2/5] xen: domctl XSM hook removal Daniel De Graaf
2012-11-19 21:28 ` [PATCH 3/5] xen: sysctl " Daniel De Graaf
2012-11-19 21:28 ` [PATCH 4/5] xen: platform_hypercall " Daniel De Graaf
2012-11-19 21:28 ` [PATCH RFC 5/5] xen/xsm: include default hook action in name Daniel De Graaf
2012-11-20 8:07 ` [PATCH RFC 0/5] XSM hook renames and cleanup Jan Beulich
2012-11-20 14:51 ` Daniel De Graaf
2012-11-20 14:51 ` [PATCH 1/5] Remove XSM_DEFAULT macro Daniel De Graaf
2012-11-20 14:51 ` [PATCH 2/5] xen: domctl XSM hook removal Daniel De Graaf
2012-11-20 15:15 ` Jan Beulich
2012-11-20 14:51 ` [PATCH 3/5] xen: sysctl " Daniel De Graaf
2012-11-20 15:25 ` Jan Beulich
2012-11-20 15:34 ` Daniel De Graaf
2012-11-20 14:51 ` [PATCH 4/5] xen: platform_hypercall " Daniel De Graaf
2012-11-20 14:51 ` [PATCH RFC 5/5] xen/xsm: include default hook action in name Daniel De Graaf
2012-11-22 16:57 ` Tim Deegan
2012-11-23 16:42 ` Daniel De Graaf
2012-11-27 14:49 ` Tim Deegan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121119102647.GA31411@ocelot.phlegethon.org \
--to=tim@xen.org \
--cc=JBeulich@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).