Xen project Mailing List

Re: Xen XSM/FLASK policy, grub defaults, etc.

To: George Dunlap <George.Dunlap@xxxxxxxxxx>

From: Ian Jackson <ian.jackson@xxxxxxxxxx>

Date: Mon, 1 Jun 2020 15:05:22 +0100

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Jürgen Groß <jgross@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, "cjwatson@xxxxxxxxxx" <cjwatson@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Mon, 01 Jun 2020 14:05:38 +0000

Ironport-sdr: vKrbtZoTEaGsAp+FDXIM5zE2w1ao9mmNZbEahv6IwLPK08ItENm+RpnF9+7U8IV1wH+gDTON+L Xv7CAeoBpgzY45phJsx1CfsLeSKuzxRuKiKVOvW0EumEYl8TAxFjo0H8zEEOHQwPURRr7gobpt OcHrRl0QAjHGIemis3Gd3dlxe+BVNHjFYprrOs6Zsz7ZvNiok/5egN0E1mN7oG9Lu9qHG39wA6 hxEWVRPhoetS8lRusDNW+RcHCf/Aau0E8aYAY4qT5BAuxISpAGEbEmmLvOXUr1L7Nt6SAA8IMJ M6o=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

George Dunlap writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."): > The options proposed have included: Thanks for summarising! > 1. Making the tools not generate a FLASK policy unless FLASK is enabled in > the hypervisor being built. This is flaky because there’s no necessary > connection between the two builds. ... > Ultimately, I have the feeling that #1, although somewhat awkward, is going > to be the best solution: packagers can arrange that FLASK policies only be > installed when FLASK policies are created. People doing self-builds based on > distro packages will be covered; people doing home-grown self-builds with > non-default FLASK settings will need to take extra care to make sure the > tools do the right thing. For these home-grown self-builds, making `flask=enforcing' the default boot entry will make the resulting entry not boot. So ISTM that `flask=enforcing' cannot be in the default boot entry unless it's *known* that FLASK is enabled in the hypervisor. (Right now update-grub does not make the XSM entries the default, but clearly it would be better for it to do so if FLASK is enabled.) Adding the /boot/<xen>.config fallback to update-grub now risks accidentally going back to non-FLASK booting at some future point when the xen packager decides not to ship the .config any more... Ian.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.