dgit.raspbian.org Git - xen.git/commit

author	Daniel De Graaf <dgdegra@tycho.nsa.gov>
	Wed, 6 Apr 2016 19:35:59 +0000 (15:35 -0400)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Fri, 8 Apr 2016 15:35:14 +0000 (11:35 -0400)
commit	30417631fb9600440a088c23f4470ea2e2676879
tree	ef536f29aace1ae97a17cc2ede4d35670e3055b2	tree \| snapshot
parent	0ebb6832f043ecfc6a3dcab8a7ba5c4070901ab7	commit \| diff

flask: change default state to enforcing

The previous default of "permissive" is meant for developing or
debugging a disaggregated system.  However, this default makes it too
easy to accidentally boot a machine in this state, which does not place
any restrictions on guests.  This is not suitable for normal systems
because any guest can perform any operation (including operations like
rebooting the machine, kexec, and reading or writing another domain's
memory).

This change will cause the boot to fail if you do not specify an XSM
policy during boot; if you need to load a policy from dom0, use the
"flask=late" boot parameter.

Original patch by Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>; modified
to also change the default value of flask_enforcing so that the policy
is not still in permissive mode.  This also removes the (no longer
documented) command line argument directly changing that variable since
it has been superseded by the flask= parameter.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

docs/misc/xen-command-line.markdown		diff \| blob \| history
docs/misc/xsm-flask.txt		diff \| blob \| history
xen/xsm/flask/flask_op.c		diff \| blob \| history
xen/xsm/flask/hooks.c		diff \| blob \| history