|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] xsm_op() polymorphism
On Dec 10, 2007 2:41 PM, John Levon <levon@xxxxxxxxxxxxxxxxx> wrote:
>
> If I'm reading the code right, then the xsm_op() hypercall is "untyped"
> in the sense that you have to know why XSM is loaded before you can
> interpret any of the contents (that is, the first argument points
> directly to a flask op or acm op structure). This seems less than ideal
> - can't we work out a way to make the struct self-identifying?
>
It depends on what you are concerned about. There are the magic
numbers that are used right now to identify policy modules on boot but
could become embedded as the first word of the xsm op structure. This
would help the hypervisor be consistent with user-space - if that's
what you are concerned about. It was not the intent to make the
hypervisor runtime agile wrt a given security module except to not
prevent a security module from runtime disablement - for obvious
reasons more flexibility here is fraught with consistency problems.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|