Xen project Mailing List

Re: [Xen-devel] Ping: Re: Flask default policy mismatch vs dummy

From: "DeGraaf, Daniel G" <dgdegra@xxxxxxx>

Date: Fri, 26 Oct 2018 21:41:12 +0000

Accept-language: en-US

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Fri, 26 Oct 2018 21:41:33 +0000

Ironport-phdr: 9a23:uH3WUBe1x2wImXr0W+qhiM8SlGMj4u6mDksu8pMizoh2WeGdxc26YBCN2/xhgRfzUJnB7Loc0qyK6/+mATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfbF/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNwUX2pBWttaWTJHDI2ycoADC/MNMfhEo4X4oVYFsBmwChS2BO73yjFGmGL43bE03eoiCwHG3RAvEd0Bv3nPsNX6L6MfXfypwKXUzzjOae5d1zfn6IjPdxAsuf+AU7xufsTQ00kgDRnKjluIpYf4MT2azOINs2mF4OpkSOmhimAroBx2rzeyyccjl5fGho0Pyl/e7ih5xp01KseiRE50Zt6kDoJduieHPIV1WsMvW3xktDogxrEYpJK2fDIGxIo5yxPdcfCLbouF7g/7WOqMPTt0nmxpdK+/ihqo70StxO/xWtOq3FpXsCZJisTAu3EJ2hDJ9MSKSvRw8l2g1DqV2A3f9+dJKl0um6XBMZ4u2Lswm4IWsUTEAyD5hl37jLSTdkU44uio7PnnYqn+qp+cKYB0jgb+P7wplMKiA+o2LBECUWmZ9+ihzbHs80L3TalWgvEoiKXWrJfaJd4DpqKjBQ9VyZws5wywDzehztQUhXgHLFRbdxKbl4XlJk3CLOrmAfuig1mgiilny+7EM7H7H5nALWXPnK/kfbln6k5czAQzzcpY55JRErwOPf3zVVLvu9zXFB82KRe5w+D8CNpnzI8eVmWPArGBPKPIrVCI/v4vI/WLZIINtzfyNf4l6+fzgnAnh18SY62p0IATaHC5BfRmP16ZbWDjg9gfF2cGpA0+TPbliFeaSz5ce26yX74g5jE8EI+oCZrOSZ6wgLyF3Se0Ap1Wa3tdClCRCnfnaZ+IVOsLaCKXOsVhiCALVaC9S4890hGjrBX1y7x6IerO5CIZu4jv28Ry5+3UjRE96yZ0AsqG3m6RTmF0gnkIRz453axlvUN9zVKDguBEhKkXN9VVr9lETwM7Pp6Th7hYId3vXgPKfv+SVU2rBN6hBGdidN8px84yZBM3F9qugx/Z1gK2ErQVkPqNH5Vy/aXClTClK8lxxnnc3YE9nlImRY1JLmTgialhoVv9HYnMxg+1momwfK0SmGbh/WGCwG7GkwsQBAJ/XajKR3k3YFDf69v++BWRHPeVFb07P14Zmoa5IaxQZ4is1A8eSQ==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AdRtdEuR45uIuDSnSn68DllzGoN6OA==

Thread-topic: Ping: Re: Flask default policy mismatch vs dummy

> -----Original Message----- > From: Jan Beulich <JBeulich@xxxxxxxx> > Sent: Friday, October 26, 2018 7:16 AM > To: Daniel de Graaf <dgdegra@xxxxxxxxxxxxx> > Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; xen-devel@xxxxxxxxxxxxx > Subject: [Non-DoD Source] Ping: Re: Flask default policy mismatch vs dummy > > >>> On 11.10.18 at 13:40, <JBeulich@xxxxxxxx> wrote: > >>>> On 11.10.18 at 10:05, <andrew.cooper3@xxxxxxxxxx> wrote: > >> Found while looking at some OSSTest logs. > >> > >> Oct 9 14:03:09.579037 (XEN) avc: denied { setup } for domid=0 > >> scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:xen_t > >> tclass=resource > >> Oct 9 14:03:09.590863 [ 0.522193] Failed to report MMCONFIG reservation > >> state for PCI MMCONFIG 0000 [bus 00-7f] to hypervisor (-13) > >> > >> If someone has some tuits, please feel free. If not, I'll see what I > >> can do when I've got some time. > > > > How about this? > > > > Jan > > Daniel, do you have any thoughts here? > > Thanks, Jan This looks like a missing allow rule in the policy for dom0; something like: allow dom0_t xen_t: resource setup; in dom0.te at the end near the admin_device() statements. I'm not at my Linux system at the moment, otherwise I'd make a patch. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.