|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Network driver domain broken
On Mon, Mar 7, 2022 at 11:10 AM Andrea Stevanato <andrea.stevanato@xxxxxxxxxxxxxxx> wrote: > > On 3/7/2022 5:07 PM, Jason Andryuk wrote: > > On Mon, Mar 7, 2022 at 10:00 AM Andrea Stevanato > > <andrea.stevanato@xxxxxxxxxxxxxxx> wrote: > >> (XEN) XSM Framework v1.0.0 initialized > >> (XEN) Initialising XSM SILO mode > > > > Yes, SILO mode is running. > > > >> # cat /boot/xen-4.14.3-pre.config | grep XSM > >> CONFIG_XSM=y > >> CONFIG_XSM_FLASK=y > >> CONFIG_XSM_FLASK_AVC_STATS=y > >> # CONFIG_XSM_FLASK_POLICY is not set > >> CONFIG_XSM_SILO=y > >> # CONFIG_XSM_DUMMY_DEFAULT is not set > >> # CONFIG_XSM_FLASK_DEFAULT is not set > >> CONFIG_XSM_SILO_DEFAULT=y > >> > >> This is the default configuration shipped with petalinux. From the > >> help menuconfig, it seems that this XSM SILO deny communication > >> between unprivileged VMs. > > > > You could try adding xsm=dummy to your hypervisor command line to turn > > off SILO and allow the guests to communicate. > > I changed it to FLASK adding flask=late to hypervisor the command line. > Which one should I choose? SILO + xsm=dummy or FLASK + flask=late/disabled? > What are the differences? xsm=dummy is the "default" policy. Basically, it's allowing dom0 to make privileged hypercalls and guests to make non-privileged hypercalls. flask without a policy may be allowing everything, which means guests can make privileged hypercalls. flask with a policy lets you define what is or isn't allowed. xsm=dummy is probably better for you than flask without a policy (assuming it works :). Regards, Jason
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |