[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/2] flask: implement xsm_set_system_active

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 25 Apr 2022 12:42:02 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1650904972; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=fdPdl1eYR2TgNCzIg4GWQ8agZHJt3bxu/2KlgAWoj+0=; b=EHl1h23WA0SY8CwLbQUkq5UxlTy2PoOPMVwmEcdf/zDVy8rJKhdd4GTxkbi89BtumiPOuU7kEp/+wjdrYa3xYwQAP+b6dEq8Zl+VgvJvPg7qZ8z7jVIUaF9a/aFez5YwBGFRy41GTNA4/q6F4toj35QWzbtuu/UQ7vJO+gvUrZY=
  • Arc-seal: i=1; a=rsa-sha256; t=1650904972; cv=none; d=zohomail.com; s=zohoarc; b=GOZuL7rHmbOLcLD18zgWFg8YXScDUFvS8LClTmJEE6CNiQvrd7QApmLutrqWOCajaM7MTHEsljL9i05CD1+076/fHrcmErzm9lkHqDFt1JDnmbktLI4BxxOpSv3rn+mNf0duPHtEgEjgV2PPs99Wzm2ScAszNEXN2aAkrYRNLkI=
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Scott Davis <scott.davis@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Mon, 25 Apr 2022 16:43:00 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 4/22/22 12:58, Jason Andryuk wrote:
> On Fri, Apr 22, 2022 at 12:35 PM Daniel P. Smith
> <dpsmith@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> This commit implements full support for starting the idle domain privileged 
>> by
>> introducing a new flask label xenboot_t which the idle domain is labeled with
>> at creation.  It then provides the implementation for the XSM hook
>> xsm_set_system_active to relabel the idle domain to the existing xen_t flask
>> label.
>>
>> In the reference flask policy a new macro, xen_build_domain(target), is
>> introduced for creating policies for dom0less/hyperlaunch allowing the
>> hypervisor to create and assign the necessary resources for domain
>> construction.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
>> ---
> 
>> @@ -188,8 +188,12 @@ static int cf_check flask_domain_alloc_security(struct 
>> domain *d)
>>
>>  static int cf_check flask_set_system_active(void)
>>  {
>> +    struct domain_security_struct *dsec;
>>      struct domain *d = current->domain;
>>
>> +    dsec = d->ssid;
>> +    ASSERT( dsec->sid == SECINITSID_XENBOOT);
> 
> Extra space before dsec.

Ack.

> With that fixed,
> Reviewed-by: Jason Andryuk <jandryuk@xxxxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.