WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: [PATCH] [ACM/Xen] Fix policy buffer layout changed with

To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH] [ACM/Xen] Fix policy buffer layout changed with XSM
From: Stefan Berger <stefanb@xxxxxxxxxx>
Date: Tue, 4 Sep 2007 15:45:24 -0400
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxxxxxxxx>
Delivery-date: Wed, 05 Sep 2007 08:18:42 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1188931491.4372.254.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 09/04/2007 02:44:51 PM:

> On Tue, 2007-09-04 at 14:37 -0400, Stefan Berger wrote:
> >
> > "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx> wrote on 09/04/2007
> > 02:29:10 PM:
> >
> > > On Tue, 2007-09-04 at 10:57 -0400, Stefan Berger wrote:
> > > > This fixes a regression due to changes in the policy buffer layout
> > > > submitted by the XSM module.
> > > >
> > >
> > > Hi Stefan,
> > >
> > > This was done to make the ACM magic number the first word in the
> > policy
> > > file.  This seemed to be the logical choice to afford ACM the
> > greatest
> > > flexibility for loading policies under XSM.  In principal, under
> > XSM, a
> > > security module could be capable of loading and parsing policies
> > over a
> > > range of policy versions.
> >
> > Did you adapt the tools to generate a binary policy in that form?
>
> Yes, I did, so actually there would be more changes required should we
> go forward.  I apologize for the confusion.
>
> >
> > >
> > > Your patch reverts the ACM module to the original form where the
> > first
> > > word of the policy file is the policy version - which could change
> > over
> > > time.  This is the general problem of magic numbers.
> >
> > Yes, I changed it back because it was broken, at least it did not
> > accept the policy I tried to load.
> >
> If you recompile your policy everything *should* work fine.  If not, let
> me know and I'll make it right.
>
The problem is just that nothing triggers previously compiled policies to be recompiled and now those policies don't work anymore.


  Stefan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel