|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 2/2] flask: create unified "flask=" boot parameter
>>> On 03.03.15 at 18:00, <dgdegra@xxxxxxxxxxxxx> wrote: > --- a/docs/misc/xsm-flask.txt > +++ b/docs/misc/xsm-flask.txt > @@ -400,28 +400,26 @@ may require multiple passes to find all required ranges. > Additional notes on XSM:FLASK > ----------------------------- > > -1) xen command line parameters > - > - a) flask_enforcing > - > - The default value for flask_enforcing is '0'. This parameter causes > the > - platform to boot in permissive mode which means that the policy is > loaded > - but not enforced. This mode is often helpful for developing new > systems > - and policies as the policy violations are reported on the xen console > and > - may be viewed in dom0 through 'xl dmesg'. > - > - To boot the platform into enforcing mode, which means that the policy is > - loaded and enforced, append 'flask_enforcing=1' on the grub line. > - > - This parameter may also be changed through the flask hypercall. > - > - b) flask_enabled > - > - The default value for flask_enabled is '1'. This parameter causes the > - platform to enable the FLASK security module under the XSM framework. > - The parameter may be enabled/disabled only once per boot. If the > parameter > - is set to '0', only a reboot can re-enable flask. When flask_enabled > is '0' > - the DUMMY module is enforced. > - > - This parameter may also be changed through the flask hypercall. But may > - only be performed once per boot. > +The xen command line accepts these values for the "flask=" parameter: > + > + * permissive [default] > + This is intended for development and is not suitable for use with > untrusted > + guests. If a policy is provided by the bootloader, it will be loaded; > + errors will be reported to the ring buffer but will not prevent booting. > + The policy can be changed to enforcing mode using "xl setenforce". > + * force or enforcing > + This requires a security policy to be provided by the bootloader and > will > + enable enforcing prior to the creation of domain 0. If a valid policy > is > + not provided, the hypervisor will not continue booting. > + * late > + This disabled loading of the security policy from the bootloader. FLASK > + will be enabled but will not enforce access controls until a policy is > + loaded by a domain using "xl loadpolicy" or similar commands. Once a > + policy is loaded, FLASK will run in enforcing mode unless "xl > setenforce" > + has disabled this. > + * disabled > + This causes the XSM framework to revert to the dummy module. The dummy > + module provides the same security policy as is used when compiling the > + hypervisor without support for XSM. The xsm_op hypercall can be used to > + switch to this mode after boot, but there is no way to re-enable FLASK > + once the dummy module is loaded. Rather than editing this here, I think this would better be moved into xen-command-line.markdown. In any event you'll want to update that file for the option rename. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |