|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] xsm/flask: Handle policy load failures properly
>>> On 24.02.15 at 16:53, <dgdegra@xxxxxxxxxxxxx> wrote:
> On 02/24/2015 05:11 AM, Jan Beulich wrote:
>>>>> On 23.02.15 at 20:00, <dgdegra@xxxxxxxxxxxxx> wrote:
>>> @@ -530,6 +531,10 @@ static int flask_security_load(struct xen_flask_load
>>> *load)
>>> if ( ret )
>>> goto out;
>>>
>>> + if ( !is_reload )
>>> + printk("Flask: Starting in %s mode.\n",
>>> + flask_enforcing ? "enforcing" : "permissive");
>>
>> Do you really need this message here and ...
>
> This one is only shown if you are doing a late policy load, and...
>
>>
>>> @@ -1643,14 +1641,17 @@ static __init int flask_init(void)
>>> if ( register_xsm(&flask_ops) )
>>> panic("Flask: Unable to register with XSM");
>>>
>>> - ret = security_load_policy(policy_buffer, policy_size);
>>> + if ( policy_size == 0 )
>>> + {
>>> + printk("Flask: Access controls disabled until policy is
>>> loaded.\n");
>>> + return;
>>> + }
>>>
>>> - if ( flask_enforcing )
>>> - printk("Flask: Starting in enforcing mode.\n");
>>> - else
>>> - printk("Flask: Starting in permissive mode.\n");
>>> + if ( security_load_policy(policy_buffer, policy_size) )
>>> + panic("Flask: Unable to load XSM policy");
>>>
>>> - return ret;
>>> + printk("Flask: Starting in %s mode.\n",
>>> + flask_enforcing ? "enforcing" : "permissive");
>>
>> ... here again?
>
> This one is only shown if doing a policy load via the bootloader.
Perhaps the wording of them then should be at least slightly
different, so that by seeing just the message alone one can know
which path was taken? E.g. have the former say "Continuing in ..."?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |