[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 11/14] flask/policy: allow domU to use previously-mapped I/O-memory

To: Arianna Avanzini <avanzini.arianna@xxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Date: Wed, 3 Sep 2014 12:21:36 +0100
Cc: paolo.valente@xxxxxxxxxx, keir@xxxxxxx, stefano.stabellini@xxxxxxxxxxxxx, Ian.Jackson@xxxxxxxxxxxxx, dario.faggioli@xxxxxxxxxx, tim@xxxxxxx, xen-devel@xxxxxxxxxxxxx, julien.grall@xxxxxxxxxx, etrudeau@xxxxxxxxxxxx, JBeulich@xxxxxxxx, andrew.cooper3@xxxxxxxxxx, viktor.kleinik@xxxxxxxxxxxxxxx, andrii.tseglytskyi@xxxxxxxxxxxxxxx
Delivery-date: Wed, 03 Sep 2014 11:21:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Sat, 2014-08-30 at 18:29 +0200, Arianna Avanzini wrote:
> From: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
> 
> This commit allows the domU to access previously-mapped I/O-memory
> even if XSM is enabled and FLASK is enforced.

CCing Daniel (XSM maintainer).

I think this is probably OK, but I'm no XSM expert.

(If I were writing the ocmmit message I would have said something like
"Update the example XSM policy to allow...")

> 
> Signed-off-by: Andrii Tseglytskyi <andrii.tseglytskyi@xxxxxxxxxxxxxxx>
> Signed-off-by: Arianna Avanzini <avanzini.arianna@xxxxxxxxx>
> Cc: Dario Faggioli <dario.faggioli@xxxxxxxxxx>
> Cc: Paolo Valente <paolo.valente@xxxxxxxxxx>
> Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
> Cc: Julien Grall <julien.grall@xxxxxxxxxx>
> Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
> Cc: Jan Beulich <JBeulich@xxxxxxxx>
> Cc: Keir Fraser <keir@xxxxxxx>
> Cc: Tim Deegan <tim@xxxxxxx>
> Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Cc: Eric Trudeau <etrudeau@xxxxxxxxxxxx>
> Cc: Viktor Kleinik <viktor.kleinik@xxxxxxxxxxxxxxx>
> ---
>  tools/flask/policy/policy/modules/xen/xen.te | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/tools/flask/policy/policy/modules/xen/xen.te 
> b/tools/flask/policy/policy/modules/xen/xen.te
> index bb59fe8..34b5bfa 100644
> --- a/tools/flask/policy/policy/modules/xen/xen.te
> +++ b/tools/flask/policy/policy/modules/xen/xen.te
> @@ -107,6 +107,7 @@ admin_device(dom0_t, device_t)
>  admin_device(dom0_t, irq_t)
>  admin_device(dom0_t, ioport_t)
>  admin_device(dom0_t, iomem_t)
> +admin_device(domU_t, iomem_t)
>  
>  domain_comms(dom0_t, dom0_t)
>  



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v12 11/14] flask/policy: allow domU to use previously-mapped I/O-memory
  - From: Daniel De Graaf

Prev by Date: [Xen-devel] [PATCH V2 5/5] xen: Handle resumed instruction based on previous mem_event reply
Next by Date: Re: [Xen-devel] [PATCH v12 10/14] xsm/flask: avoid spurious error messages when mapping I/O-memory
Previous by thread: [Xen-devel] [PATCH V2 1/5] xen: Emulate with no writes
Next by thread: Re: [Xen-devel] [PATCH v12 11/14] flask/policy: allow domU to use previously-mapped I/O-memory
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.