From: Julien Grall <julien.grall@citrix.com>
To: Ian Campbell <ian.campbell@citrix.com>,
Julien Grall <julien.grall@citrix.com>
Cc: ian.jackson@eu.citrix.com,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
wei.liu2@citrix.com, xen-devel@lists.xen.org
Subject: Re: [PATCH] libxl: assigned a default ssid_label (XSM label) to guests
Date: Thu, 14 May 2015 15:18:26 +0100 [thread overview]
Message-ID: <5554AEB2.3050806@citrix.com> (raw)
In-Reply-To: <1431604483.13579.60.camel@citrix.com>
On 14/05/15 12:54, Ian Campbell wrote:
> On Thu, 2015-05-14 at 12:21 +0100, Julien Grall wrote:
>> Hi Ian,
>>
>> On 14/05/15 11:33, Ian Campbell wrote:
>>> system_u:system_r:domU_t is defined in the default policy and makes as
>>> much sense as anything for a default.
>>
>> So you rule out the possibility to run an unlabelled domain? This is
>> possible if the policy explicitly authorized it. That's a significant
>> change in the libxl behavior.
>
> I didn't realise this was a possibility, wouldn't such a domain be
> system_u:system_r:unlabeled_t> or something?
I'm not sure how unlabeled works. I will let Daniel answer to this.
> Note that this won't override a label which is just '' (i.e. an empty
> string rather than NULL). I don't know if that results in the behaviour
> you want.
IIRC, NULL means unlabeled. '' would be translated as an invalid ssid
and throw an error.
Regards,
--
Julien Grall
next prev parent reply other threads:[~2015-05-14 14:18 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 10:33 [PATCH] libxl: assigned a default ssid_label (XSM label) to guests Ian Campbell
2015-05-14 11:21 ` Julien Grall
2015-05-14 11:54 ` Ian Campbell
2015-05-14 14:18 ` Julien Grall [this message]
2015-05-14 23:09 ` Daniel De Graaf
2015-05-15 9:39 ` Ian Campbell
2015-05-15 17:09 ` Daniel De Graaf
2015-05-18 10:56 ` Ian Campbell
2015-05-18 12:38 ` Ian Campbell
2015-05-18 22:37 ` Daniel De Graaf
2015-05-19 10:43 ` Ian Campbell
2015-05-14 11:58 ` Wei Liu
2015-05-14 12:32 ` Ian Campbell
2015-05-14 12:39 ` Wei Liu
2015-05-14 14:05 ` Julien Grall
2015-05-14 14:11 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5554AEB2.3050806@citrix.com \
--to=julien.grall@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).