[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/7] xen/xsm: make getdomaininfo xsm dummy checks more stringent

  • To: Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 6 Dec 2024 08:05:32 -0500
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1733490335; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=fJGFNkT53OGu1EkwfQiiz2VIKpzaEEezUdD09cwRUbE=; b=XM376aTAvH3xh0YzZNLrstO3YWyQTBk5lTWcq3ocKUVLshXuhFL/EeUK8F9AHqnKvPovGq5IKnH4RggSVpfkO2Ozl5asecwLwRQedgGEsR0hCQI8E6wrCtR6EGXYikqjNKmGSF1vF4JBDzHqY7U/0wIcE4H4LKkiyhy8bTJ8JCg=
  • Arc-seal: i=1; a=rsa-sha256; t=1733490335; cv=none; d=zohomail.com; s=zohoarc; b=KoaIfVbklUbOk7hw23ynvy17UZqkFvpy3WM8NGPjJ2WePiCRnYXox89EJVgCLnp2pmYJV5LnZ8+NU1iCOBBTw/CMZVj0ffEWzDH+Pm9qdcM6rIZ92rK14PfHOD27pYLiUANxSXHcIRUjkVoYPcE6TK4bPyPv/68JneO4YafvR3I=
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • Delivery-date: Fri, 06 Dec 2024 13:05:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 12/6/24 08:02, Juergen Gross wrote:

Today the dummy XSM privilege checks for getdomaininfo are less
stringent than possible: they basically rely on the general
sysctl/domctl entry check to do all tests and then do the test with
the XSM_HOOK privilege, which is an "allow all" default.

Instead of XSM_HOOK use XSM_XS_PRIV, which is the privilege really
wanted. Note that this test is still wider than the sysctl entry test,
but there is now easy way to make both domctl and sysctl happy at the
same time.

Signed-off-by: Juergen Gross <jgross@xxxxxxxx>


Acked-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.