[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] Adds starting the idle domain privileged

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 20 Apr 2022 17:04:05 -0400
Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650474158; h=Content-Transfer-Encoding:Cc:Date:From:MIME-Version:Message-ID:Subject:To; bh=+AF6PHlDwTTK1l0rIrxR4mBCwLUshmplkl+DA05lAQ0=; b=CXhvOhMbUk3+NWyi0qCIRThAWpUQfZCrBJBa7BjvPeCHDq+mm0HOPLJjPXcZdxfAk9d1wHTOK8a9LCgNxvx8r2n1Vy+JA6TMjLBKBV9HNNtjmUjApEt5MOD+iUv89Y1UsxWDxVHjf8QzYb1H8WiOSu/h3rtUZuUe4jqibAGSxSI=
Arc-seal: i=1; a=rsa-sha256; t=1650474158; cv=none; d=zohomail.com; s=zohoarc; b=S4dDeJGdViW9gJkSXaXTBfY5V3tnpROHw8CNZvpcy6hlzDaludOzV5tI/RgzFuyBBSbAsY3gQTt23PVnm6lSv4PFoXrdwdKqLZps4ds6yidcBQ8amVav9q4WWfNLNeTEP6iAGLQb828y1lGW4aBtQ1aMGRILEhxj/q78/2TR9Hc=
Cc: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>, scott.davis@xxxxxxxxxx, jandryuk@xxxxxxxxx
Delivery-date: Wed, 20 Apr 2022 17:02:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This series makes it so that the idle domain is started privileged under the
default policy, which the SILO policy inherits, and under the flask policy. It
then introduces a new one-way XSM hook, xsm_transition_running, that is hooked
by an XSM policy to transition the idle domain to its running privilege level.

Daniel P. Smith (2):
  xsm: create idle domain privieged and demote after setup
  flask: implement xsm_transtion_running

 tools/flask/policy/modules/xen.if      |  6 ++++++
 tools/flask/policy/modules/xen.te      |  1 +
 tools/flask/policy/policy/initial_sids |  1 +
 xen/arch/arm/setup.c                   |  6 ++++++
 xen/arch/x86/setup.c                   |  6 ++++++
 xen/common/sched/core.c                |  7 ++++++-
 xen/include/xsm/dummy.h                | 12 ++++++++++++
 xen/include/xsm/xsm.h                  |  6 ++++++
 xen/xsm/dummy.c                        |  1 +
 xen/xsm/flask/hooks.c                  | 21 ++++++++++++++++++++-
 xen/xsm/flask/policy/initial_sids      |  1 +
 11 files changed, 66 insertions(+), 2 deletions(-)

-- 
2.20.1

Follow-Ups:
- [PATCH 2/2] flask: implement xsm_transtion_running
  - From: Daniel P. Smith
- [PATCH 1/2] xsm: create idle domain privieged and demote after setup
  - From: Daniel P. Smith

Prev by Date: [linux-linus test] 169560: tolerable FAIL - PUSHED
Next by Date: [PATCH 1/2] xsm: create idle domain privieged and demote after setup
Previous by thread: [linux-linus test] 169560: tolerable FAIL - PUSHED
Next by thread: [PATCH 1/2] xsm: create idle domain privieged and demote after setup
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.