[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/7] xsm: remove the ability to disable flask


  • To: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 25 Aug 2021 17:22:01 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1jamq7kIFPsK2yXCSnXY/MegsCtho4PXbPCRV8muJgU=; b=Wb6p58TlyacXsR72TvO2moXo+bX/QreoEAjHIUfLgoxyTY0yEyXQ+/8SSuUGYHabKkMBsPCHKSCdaNCG7FXx9sVYD9/LQUrRMtti+t7YCuvBqB2Z/q3Dz1PlqlNSOWwzE7FBOURWlWhIMq2vV9fRE8D4UqigvCVeKYvC9LKnhj9F65+8zZ1U7NYXR0oG6BES3USdkTjEF/quTYKffbAtW6KOEjUFyR9TCD7ON/NCIuonKJ5y64N3VwpiwuKW9pZMweGB80kvFoSHS30Mla32oWjDz2Ws0rPQ2+aFFaYEbf60Mb1tNzcQQnTSlRJ+bvyw7SH5//htFBIx/uw2MRL4Og==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O/oDtUOPVQ3oRhnSNabd4cr7KiuTB+Jlg/fUR3kseZAfofEezGBz+/jhWyRBFLII0e/eoVzkJ+tsac4FALPssoQtUBfZ9dCq/ck2XQE45bv74DVuVbZRgxe++aBEdad8sRnjkYaZ7Rx/o3I+Wd90X5/QeN3pMwCALED5gIhbxIIIDYUFLJ+antt+fCFUZPEo5l8a5qoM2UbhgP2lEOQpZb1aEqrTaNEGOVrfz7ivn01ngSvl+oLUPgYwc4dWFv3Y0FTGyFrzUAUo1CrCp86KQUGVV6RENr5ZPVhp4srxw4N3o2JDO67PPR8vknWENyF+1lNE3O6r3sg3imn+RJONww==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Wed, 25 Aug 2021 15:22:17 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 05.08.2021 16:06, Daniel P. Smith wrote:
> On Linux when SELinux is put into permissive mode the descretionary access
> controls are still in place. Whereas for Xen when the enforcing state of flask
> is set to permissive, all operations for all domains would succeed, i.e. it
> does not fall back to the default access controls. To provide a means to mimic
> a similar but not equivalent behavior, a flask op is present to allow a
> one-time switch back to the default access controls, aka the "dummy policy".
> 
> This patch removes this flask op to enforce a consistent XSM usage model that 
> a
> reboot of Xen is required to change the XSM policy module in use.
> 
> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

The primary reason you remove this is - aiui - that with alternatives
patching there's technically not really a way back (would need to re-
patch every patched location, or every hook would need to check whether
state changed to disabled and if so chain on to the dummy function).
This became sufficiently clear to me only when looking at the next
patch. It would be nice if description also said why the change is
needed. As it stands to me the description reads at best like something
that people could have different views on (and initially I didn't mean
to reply here, for not being convinced of the removal of functionality
in the common case).

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.