|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Questions about the in-tree Flask policy
On Mon, Sep 22, 2014 at 04:23:01PM -0400, Daniel De Graaf wrote: [...] > >I tried to look at the policy file(s), only to find out that there's a > >bunch of files that have excessive amount of information. I'm certainly > >not an XSM expert and have no intention to become one at the moment. :-) > > True, and you shouldn't have to be an expert to report errors (your current > report was exactly what was needed to fix the policy). > > In the future, any AVC denied messages in the output when under normal test > operation (i.e. not when a VM is misbehaving) should be treated as a bug in > the XSM policy even when it doesn't cause real failures. Usually, the answer Cool, this is exactly what I needed to know. :-) > is to add the permission to the proper part of the policy, and the denial > will cause operations to break (like the above errors). In some other cases, > such as cacheflush, the process continues but was not able to perform an > important operation. If this is something that can be easily added to the > test script as a failure condition, that would be helpful (but this is > certainly not a prerequisite for adding the tests in the first place). > Off the top of my head I couldn't figure out a quick way to add in this kind of failure condition. Let's leave it for the moment. Wei. > -- > Daniel De Graaf > National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |