[Xen-devel] Re: [PATCH] [ACM/Xen] Fix policy buffer layout changed with XSM

[Stefan Berger <stefanb@xxxxxxxxxx>]

"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
wrote on 09/04/2007 02:44:51 PM:

> On Tue, 2007-09-04 at 14:37 -0400, Stefan Berger wrote:
> > 
> > "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
wrote on 09/04/2007
> > 02:29:10 PM:
> > 
> > > On Tue, 2007-09-04 at 10:57 -0400, Stefan Berger wrote:
> > > > This fixes a regression due to changes in the policy
buffer layout
> > > > submitted by the XSM module.
> > > > 
> > > 
> > > Hi Stefan,
> > > 
> > > This was done to make the ACM magic number the first word
in the
> > policy
> > > file.  This seemed to be the logical choice to afford
ACM the
> > greatest
> > > flexibility for loading policies under XSM.  In principal,
under
> > XSM, a
> > > security module could be capable of loading and parsing
policies
> > over a
> > > range of policy versions. 
> > 
> > Did you adapt the tools to generate a binary policy in that form?
> 
> Yes, I did, so actually there would be more changes required should
we
> go forward.  I apologize for the confusion.
> 
> > 
> > > 
> > > Your patch reverts the ACM module to the original form where
the
> > first
> > > word of the policy file is the policy version - which could
change
> > over
> > > time.  This is the general problem of magic numbers.
> > 
> > Yes, I changed it back because it was broken, at least it did
not
> > accept the policy I tried to load. 
> > 
> If you recompile your policy everything *should* work fine.  If
not, let
> me know and I'll make it right.
> 
The problem is just that nothing triggers previously compiled policies
to be recompiled and now those policies don't work anymore.

  Stefan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel