1. Patchew
  2. Xen
  3. View series

RE: [PATCH v8 0/2] Adds starting the idle domain privileged

Henry Wang posted 2 patches 1 year, 10 months ago
Only 0 patches received!
RE: [PATCH v8 0/2] Adds starting the idle domain privileged
Posted by Henry Wang 1 year, 10 months ago 
Hi,

It seems that this series is stale for a while with author's action needed for
Patch#1 [1] (and probably also need ack from flask maintainer for [2]). So this email
is a gentle reminder about this series. Thanks!

[1] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-2-dpsmith@apertussolutions.com/
[2] https://patchwork.kernel.org/project/xen-devel/patch/20220531145646.10062-3-dpsmith@apertussolutions.com/

Kind regards,
Henry

> -----Original Message-----
> From: Xen-devel <xen-devel-bounces@lists.xenproject.org> On Behalf Of
> Daniel P. Smith
> Subject: [PATCH v8 0/2] Adds starting the idle domain privileged
> 
> This series makes it so that the idle domain is started privileged under the
> default policy, which the SILO policy inherits, and under the flask policy. It
> then introduces a new one-way XSM hook, xsm_transition_running, that is
> hooked
> by an XSM policy to transition the idle domain to its running privilege level.
> 
> Changes in v8:
> - adjusted panic messages in arm and x86 setup.c to be less than 80cols
> - fixed comment line that went over 80col
> - added line in patch #1 commit message to clarify the need is for domain
>   creation
> 
> Changes in v7:
> - adjusted error message in default and flask xsm_set_system_active hooks
> - merged panic messages in arm and x86 setup.c to a single line
> 
> Changes in v6:
> - readded the setting of is_privileged in flask_set_system_active()
> - clarified comment on is_privileged in flask_set_system_active()
> - added ASSERT on is_privileged and self_sid in flask_set_system_active()
> - fixed err code returned on Arm for xsm_set_system_active() panic
> message
> 
> Changes in v5:
> - dropped setting is_privileged in flask_set_system_active()
> - added err code returned by xsm_set_system_active() to panic message
> 
> Changes in v4:
> - reworded patch 1 commit messaged
> - fixed whitespace to coding style
> - fixed comment to coding style
> 
> Changes in v3:
> - renamed *_transition_running() to *_set_system_active()
> - changed the XSM hook set_system_active() from void to int return
> - added ASSERT check for the expected privilege level each XSM policy
> expected
> - replaced a check against is_privileged in each arch with checking the
> return
>   value from the call to xsm_set_system_active()
> 
> Changes in v2:
> - renamed flask_domain_runtime_security() to flask_transition_running()
> - added the missed assignment of self_sid
> 
> Daniel P. Smith (2):
>   xsm: create idle domain privileged and demote after setup
>   flask: implement xsm_set_system_active
> 
>  tools/flask/policy/modules/xen.if      |  6 +++++
>  tools/flask/policy/modules/xen.te      |  1 +
>  tools/flask/policy/policy/initial_sids |  1 +
>  xen/arch/arm/setup.c                   |  3 +++
>  xen/arch/x86/setup.c                   |  4 ++++
>  xen/common/sched/core.c                |  7 +++++-
>  xen/include/xsm/dummy.h                | 17 ++++++++++++++
>  xen/include/xsm/xsm.h                  |  6 +++++
>  xen/xsm/dummy.c                        |  1 +
>  xen/xsm/flask/hooks.c                  | 32 +++++++++++++++++++++++++-
>  xen/xsm/flask/policy/initial_sids      |  1 +
>  11 files changed, 77 insertions(+), 2 deletions(-)
> 
> --
> 2.20.1
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.