|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v5] Merge IS_PRIV checks into XSM hooks
At 09:45 +0000 on 19 Nov (1353318334), Jan Beulich wrote: > As to getting the series applied, I suppose that'll be a little difficult, > as it mixes changes to various parts of the tree, and hence no > single maintainer would generally be able to apply the whole series > without respective other parts fully acked by the corresponding > maintainers. Is there a way to either indicate eventual fully > standalone patches, or order/split it so that at least tools side and > hypervisor side changes are separated from one another, or mixed > patches all go at the beginning or end of the series? This whole series makes me very uncomfortable. I can see its usefulness, and as a supporter of disaggregations I like the idea of fine-grained control, but it really does obscure the security checks, and makes it less likely that people implementing new operations will get their security checks right. Since there are only a small number of default checks (IS_PRIV, IS_PRIV_FOR, self-only, ???), I wonder whether they could be explicitly included in the xsm invocation (as some sort of 'enum xsm-default-policy' argument), to make it clear what's going on without the reader having to grobble around in xsm files? Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |