| Message ID | 20220531145646.10062-1-dpsmith@apertussolutions.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Adds starting the idle domain privileged | expand |
Hi, It seems that this series is stale for a while with author's action needed for Patch#1 [1] (and probably also need ack from flask maintainer for [2]). So this email is a gentle reminder about this series. Thanks! [1] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-2-dpsmith@apertussolutions.com/ [2] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-3-dpsmith@apertussolutions.com/ Kind regards, Henry > -----Original Message----- > From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of > Daniel P. Smith > Subject: [PATCH v8 0/2] Adds starting the idle domain privileged > > This series makes it so that the idle domain is started privileged under the > default policy, which the SILO policy inherits, and under the flask policy. It > then introduces a new one-way XSM hook, xsm_transition_running, that is > hooked > by an XSM policy to transition the idle domain to its running privilege level. > > Changes in v8: > - adjusted panic messages in arm and x86 setup.c to be less than 80cols > - fixed comment line that went over 80col > - added line in patch #1 commit message to clarify the need is for domain > creation > > Changes in v7: > - adjusted error message in default and flask xsm_set_system_active hooks > - merged panic messages in arm and x86 setup.c to a single line > > Changes in v6: > - readded the setting of is_privileged in flask_set_system_active() > - clarified comment on is_privileged in flask_set_system_active() > - added ASSERT on is_privileged and self_sid in flask_set_system_active() > - fixed err code returned on Arm for xsm_set_system_active() panic > message > > Changes in v5: > - dropped setting is_privileged in flask_set_system_active() > - added err code returned by xsm_set_system_active() to panic message > > Changes in v4: > - reworded patch 1 commit messaged > - fixed whitespace to coding style > - fixed comment to coding style > > Changes in v3: > - renamed *_transition_running() to *_set_system_active() > - changed the XSM hook set_system_active() from void to int return > - added ASSERT check for the expected privilege level each XSM policy > expected > - replaced a check against is_privileged in each arch with checking the > return > value from the call to xsm_set_system_active() > > Changes in v2: > - renamed flask_domain_runtime_security() to flask_transition_running() > - added the missed assignment of self_sid > > Daniel P. Smith (2): > xsm: create idle domain privileged and demote after setup > flask: implement xsm_set_system_active > > tools/flask/policy/modules/xen.if | 6 +++++ > tools/flask/policy/modules/xen.te | 1 + > tools/flask/policy/policy/initial_sids | 1 + > xen/arch/arm/setup.c | 3 +++ > xen/arch/x86/setup.c | 4 ++++ > xen/common/sched/core.c | 7 +++++- > xen/include/xsm/dummy.h | 17 ++++++++++++++ > xen/include/xsm/xsm.h | 6 +++++ > xen/xsm/dummy.c | 1 + > xen/xsm/flask/hooks.c | 32 +++++++++++++++++++++++++- > xen/xsm/flask/policy/initial_sids | 1 + > 11 files changed, 77 insertions(+), 2 deletions(-) > > -- > 2.20.1 >