WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM

from [Derek Murray] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM
From: Derek Murray <Derek.Murray@xxxxxxxxxxxx>
Date: Wed, 9 May 2007 15:04:35 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 09 May 2007 07:05:06 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1178574070.6520.87.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1178574070.6520.87.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I'm interested in whether this code could be used to supersede IS_PRIV (dom), particularly when doing an mmu_update operation.
As far as I can see, the xsm_mmu_normal_update() hook is called after set_foreigndom(). set_foreigndom() will fail if the calling domain is not privileged (!IS_PRIV(current->domain)) and the operation specifies a different domain as the foreigndom.
For disaggregation of the domain builder, we would like to be able to delegate this privilege to a small, trusted domain (domB): it seems to me that XSM would be the cleanest way to do this. Would it therefore be possible to add a hook in set_foreigndom() on the ! IS_PRIV(d) branch, or is there some security consequence that I am overlooking? 

Regards,

Derek Murray.

On 7 May 2007, at 22:41, George S. Coker, II wrote:


Updates in this patch set include:
    - adaptation to new create secure interface for domain_create
    - cleanup of xsm enable/disable framework through xsm_call macro
    - ifdef architecture/config specific hooks

Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
<xsm-050707-xen-15011.diff>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] iptables filtering when bridging, David
Next by Date:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Keir Fraser
Previous by Thread:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Mark Williamson
Next by Thread:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy