[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] XSM permissive by default.



Hey,

I was wondering if it we should change the default flask_bootparam
option from permissive to disabled?

The reason being is that I was startled to see that my xSplice
code was able to patch the hypervisor from within an PV guest!

Further testing showed that I could do 'xl debug-keys R' from
within the guests. This being possible with released 4.6 if I have
XSM enabled.

All of this is due to the fact that I had forgotten to load the policy,
but Xen just told me:

Flask:  Access controls disabled until policy is loaded.

which is an understatement. I somehow had expected that if no
policy was loaded it would revert to the dummy one which has the
same permission as the non-XSM build. Ha! What a surprise..

Now that the XSM is enabled via config it becomes much more
easy to enable it..

Or perhaps change the code to flask so that if there are any
errors loading the policy it uses the dummy one?

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.