|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 11/17] flask: improve unknown permission handling
On 6/20/16 9:04 AM, Daniel De Graaf wrote: > When an unknown domctl, sysctl, or other operation is encountered in the > FLASK security server, use the allow_unknown bit in the security policy > to decide if the permission should be allowed or denied. This allows > new operations to be tested without needing to immediately add security > checks; however, it is not flexible enough to avoid adding the actual > permission checks. An error message is printed to the hypervisor > console when this fallback is encountered. > > This patch will allow operations that are not handled by the existing > hooks only if the policy was compiled with "checkpolicy -U allow". In > previous releases, this bit did nothing, and the default remains to deny > the unknown operations. > > Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Reviewed-by: Doug Goldstein <cardoe@xxxxxxxxxx> -- Doug Goldstein Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |