I've got some trouble with XSM/flask recently.
Basically, it blocks stuffs when not enforced, which is not (?) supposed to
The problem is actually pretty simple when looking at the code.
As an example, here is a function from xen/xsm/flask/hooks.c :
static int flask_hvm_param(struct domain *d, unsigned long op)
switch ( op )
perm = HVM__SETPARAM;
perm = HVM__GETPARAM;
return domain_has_perm(current->domain, d, SECCLASS_HVM, perm);
As it is pretty obvious, if "op" is not "HVMOP_set_param" or
"HVMOP_get_param", XSM will deny the action, even if we are in permissive mode.
It is currently a problem for us because, for this particular function
at least, we use other values of "op" (for dirty bit tracking).
I think in that case, flask should just print a warning and return 0
when in permissive mode.
The only other solution I see is to make sure every possible values are
treated by flask, and that it's maintained that way, which is probably a
So my question is : is there something that should be done about that? Is the
current behaviour mandatory for some reason I didn't think about?
XenClient Lead Software Developpment Engineer
Xen-devel mailing list