From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Shakeel Butt <shakeel.butt@gmail.com>
Cc: xen-devel@lists.xen.org
Subject: Re: [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks
Date: Tue, 07 Aug 2012 14:20:43 -0400 [thread overview]
Message-ID: <50215C7B.1060509@tycho.nsa.gov> (raw)
In-Reply-To: <CAGj-7pWTrXYUM-pdM1zsFTy98krtzHw4ANGFKyTyxAiJ_pJn+A@mail.gmail.com>
On 08/07/2012 02:07 PM, Shakeel Butt wrote:
>> I wasn't intending to exclude the other uses of XSM that this series will
>> benefit; dom0 disaggregation is just the most obvious case that requires
>> the larger changes like removing IS_PRIV checks.
> I was just saying that this patch series is more beneficial than claimed.
>
>> Xenstore can already be split into its own stub domain (or domains, as in
>> the Xoar paper). The permissions model in Xenstore has a privileged bit
>> similar to IS_PRIV; extending XSM controls into Xenstore similar to how
>> SELinux controls were extended into DBus will address this.
>
> My real concern here was the use of is_initial_domain() in the xenbus driver
> code. For example I am running all Linux PV and one of them is XenStore
> domain, the xenbus driver needs to do something different than
> is_initial_domain(),
> maybe something like is_xenstore_domain() [not saying this is right
> way to do it].
> Please correct me if I am wrong.
>
> thanks,
> Shakeel
>
The method in upstream Linux is more complete than this: if the domain
is started with xenstore information in the shared page, it will use it
(which happens when a domain builder is used to launch dom0 and xenstore
stub domains at the same time); otherwise, there is an ioctl that can
be used in dom0 to tell it about a newly launched xenstore stub domain.
The combination of these eliminates any need for an is_xenstore_domain()
function.
--
Daniel De Graaf
National Security Agency
prev parent reply other threads:[~2012-08-07 18:20 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-06 14:32 [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks Daniel De Graaf
2012-08-06 14:32 ` [PATCH 01/18] xsm/flask: remove inherited class attributes Daniel De Graaf
2012-08-06 14:32 ` [PATCH 02/18] xsm/flask: remove unneeded create_sid field Daniel De Graaf
2012-08-06 14:32 ` [PATCH 03/18] xsm/flask: add domain relabel support Daniel De Graaf
2012-08-06 14:32 ` [PATCH 04/18] libxl: introduce XSM relabel on build Daniel De Graaf
2012-08-06 14:32 ` [PATCH 05/18] flask/policy: Add domain relabel example Daniel De Graaf
2012-08-06 14:32 ` [PATCH 06/18] xsm, arch/x86: add distinct XSM hooks for map/unmap Daniel De Graaf
2012-08-06 14:32 ` [PATCH 07/18] arch/x86: add missing XSM checks to XENPF_ commands Daniel De Graaf
2012-08-06 14:57 ` Jan Beulich
2012-08-06 15:06 ` Daniel De Graaf
2012-08-06 14:32 ` [PATCH 08/18] xen: Add DOMID_SELF support to rcu_lock_domain_by_id Daniel De Graaf
2012-08-06 15:07 ` Jan Beulich
2012-08-06 15:19 ` Daniel De Graaf
2012-08-06 15:50 ` Jan Beulich
2012-08-06 16:38 ` Daniel De Graaf
2012-08-07 7:00 ` Jan Beulich
2012-08-06 14:32 ` [PATCH 09/18] xsm/flask: Add checks on the domain performing the set_target operation Daniel De Graaf
2012-08-06 14:32 ` [PATCH 10/18] xsm: Add IS_PRIV checks to dummy XSM module Daniel De Graaf
2012-08-06 14:32 ` [PATCH 11/18] xen: use XSM instead of IS_PRIV where duplicated Daniel De Graaf
2012-08-06 15:18 ` Jan Beulich
2012-08-06 15:25 ` Daniel De Graaf
2012-08-06 15:53 ` Jan Beulich
2012-08-06 14:32 ` [PATCH 12/18] xsm: Add missing domctl and mem_sharing hooks Daniel De Graaf
2012-08-06 18:53 ` Keir Fraser
2012-08-06 19:30 ` Daniel De Graaf
2012-08-06 14:32 ` [PATCH 13/18] tmem: Add access control check Daniel De Graaf
2012-08-06 14:32 ` [PATCH 14/18] xsm: remove unneeded xsm_call macro Daniel De Graaf
2012-08-06 14:32 ` [PATCH 15/18] xsm/flask: add distinct SIDs for self/target access Daniel De Graaf
2012-08-06 14:32 ` [PATCH 16/18] arch/x86: use XSM hooks for get_pg_owner access checks Daniel De Graaf
2012-08-06 15:26 ` Jan Beulich
2012-08-06 16:29 ` Daniel De Graaf
2012-08-07 6:55 ` Jan Beulich
2012-08-07 13:44 ` Daniel De Graaf
2012-08-07 13:56 ` Jan Beulich
2012-08-06 14:32 ` [PATCH 17/18] xen: Add XSM hook for XENMEM_exchange Daniel De Graaf
2012-08-06 14:32 ` [PATCH 18/18] xen: remove rcu_lock_target_domain_by_id Daniel De Graaf
2012-08-07 5:12 ` [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks Shakeel Butt
2012-08-07 17:46 ` Daniel De Graaf
2012-08-07 18:07 ` Shakeel Butt
2012-08-07 18:06 ` Konrad Rzeszutek Wilk
2012-08-07 18:20 ` Daniel De Graaf [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50215C7B.1060509@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=shakeel.butt@gmail.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).