XSM/Flask iomem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

XSM/Flask iomem

nicolas.poirot
Hi,

I just noticed from a bad behaviour of my installation and the security_iterate_iomem_sids
function that the iomem ranges have to be sorted in the device_contexts file.
The flask load policy takes iomem ranges declaration as it comes but the sid attribution
and check function expects the list of iomem ocontexts to be sorted.
My file didn't comply with this statement which ended to use the default iomem sid instead
of computing one before checking the permission.

This doesn't seem to be documented anywhere in the xen release 4.11.0.

Thanks.

Nicolas
1


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: XSM/Flask iomem

George Dunlap
[Moving to xen-devel]

Daniel,

Any comments on this one?

 -George
On Wed, Sep 26, 2018 at 12:41 PM <[hidden email]> wrote:

>
> Hi,
>
> I just noticed from a bad behaviour of my installation and the security_iterate_iomem_sids
> function that the iomem ranges have to be sorted in the device_contexts file.
> The flask load policy takes iomem ranges declaration as it comes but the sid attribution
> and check function expects the list of iomem ocontexts to be sorted.
> My file didn't comply with this statement which ended to use the default iomem sid instead
> of computing one before checking the permission.
>
> This doesn't seem to be documented anywhere in the xen release 4.11.0.
>
> Thanks.
>
> Nicolas
> 1
>
>
> _______________________________________________
> Xen-users mailing list
> [hidden email]
> https://lists.xenproject.org/mailman/listinfo/xen-users

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users