[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] SUPPORT.md: split XSM from Flask

  • To: "Jan Beulich" <jbeulich@xxxxxxxx>
  • From: Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 30 Jul 2024 08:31:03 -0400
  • Arc-authentication-results: i=1; mx.zohomail.com; dkim=pass header.i=apertussolutions.com; spf=pass smtp.mailfrom=dpsmith@xxxxxxxxxxxxxxxxxxxx; dmarc=pass header.from=<dpsmith@xxxxxxxxxxxxxxxxxxxx>
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1722342669; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=cvlg50xaFD2o0cJz53Xj8OtdSE306ZvU7oCopCMp1Gs=; b=n5IC93js5BAs7hW61GT7Hi1B3N9pqmiVTOIbrSnqjM8VUUiNaUtsppc36M5KZHVX1sEZFL0i/bBS+AOFvJcrDMWGsMtjdsvTHCGSy8cyqGmLtGe2XC7GZBPq6URIyvLgkdlj3p2LsUwgKEPEdC2BoMpeCF1wA97m5b+rpZzgshI=
  • Arc-seal: i=1; a=rsa-sha256; t=1722342669; cv=none; d=zohomail.com; s=zohoarc; b=Y0/N8YyMTs8ZjF0NNSKwdnhQv0c80A0Y6uaICWaKRnLOu1/07r4YBLBBNVq2UFKRHyF2a5uJU8Vr/MU6FnvXptiHd6FjbxVRFvrlxDmKDCn5Or8SbkwcqMOXCZ1Xqa0LLss8UEqHsb1fvWEdaSwst0x3Oay+ibkZKxTboR287FU=
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Julien Grall" <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>
  • Delivery-date: Tue, 30 Jul 2024 12:31:32 +0000
  • Importance: Medium
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
---- On Tue, 30 Jul 2024 08:04:09 -0400 Jan Beulich  wrote ---

 > On 30.07.2024 13:37, Daniel Smith wrote: 
 > > ---- On Tue, 30 Jul 2024 06:57:08 -0400 Jan Beulich  wrote --- 
 > > 
 > >  > XSM is a generic framework, which in particular is also used by SILO. 
 > >  > With this it can't really be experimental: Arm enables SILO by default. 
 > >  > 
 > >  > Signed-off-by: Jan Beulich jbeulich@xxxxxxxx> 
 > >  > 
 > >  > --- a/SUPPORT.md 
 > >  > +++ b/SUPPORT.md 
 > >  > @@ -768,13 +768,20 @@ Compile time disabled for ARM by default 
 > >  > 
 > >  >  Status, x86: Supported, not security supported 
 > >  > 
 > >  > -### XSM & FLASK 
 > >  > +### XSM 
 > >  > + 
 > >  > +    Status: Supported 
 > >  > + 
 > >  > +See below for use with FLASK and SILO.  The dummy implementation is 
 > > covered here 
 > >  > +as well. 
 > >  > + 
 > >  > +### XSM + FLASK 
 > > 
 > > To me it would make more sense to say XSM FLASK Policy than XSM + FLASK. 
 >  
 > I thought about using "policy", but then deemed that wrong. The "Flask 
 > policy" is what you load into Flask. Whereas here we're talking about the 
 > code actually carrying out what such a policy says. 
 
The main issue I have is the "+", so I checked how the different security 
models/policies are referenced under LSM. The documentation I reviwed lists 
them as modules or security modules, e.g. AppArmor module. How about one of 
these combinations, FLASK Module, XSM FLASK Module, or FLASK XSM Module? And 
similar for SILO.

dps

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.