From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH RFC] flask: move policy header sources into
 hypervisor
Date: Wed, 10 Oct 2012 11:32:59 -0400
Message-ID: <5075952B.7050309@tycho.nsa.gov>
References: <1349801565.21847.228.camel@zakaz.uk.xensource.com>
	<1349807513-10923-1-git-send-email-dgdegra@tycho.nsa.gov>
	<1349858695.3610.158.camel@Abyss> <50758038.6050009@tycho.nsa.gov>
	<1349879988.3610.194.camel@Abyss>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1349879988.3610.194.camel@Abyss>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Dario Faggioli <dario.faggioli@citrix.com>
Cc: Marcus Granado <Marcus.Granado@eu.citrix.com>, "andre.przywara@amd.com" <andre.przywara@amd.com>, Ian Campbell <Ian.Campbell@citrix.com>, "anil@recoil.org" <anil@recoil.org>, George Dunlap <George.Dunlap@eu.citrix.com>, Andrew Cooper <Andrew.Cooper3@citrix.com>, "juergen.gross@ts.fujitsu.com" <juergen.gross@ts.fujitsu.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, "JBeulich@suse.com" <JBeulich@suse.com>, "msw@amazon.com" <msw@amazon.com>, "Keir (Xen.org)" <keir@xen.org>
List-Id: xen-devel@lists.xenproject.org

On 10/10/2012 10:39 AM, Dario Faggioli wrote:
[...]
>> A more general note on the topic of what XSM permissions to use: 
>> normally, each domctl has its own permission, and so adding new domctls
>> would be done by adding a new permission to the access_vectors file
>> (which is the source of av_perm_to_string.h). However, for this case, it
>> seems rather unlikely that one would want to allow access to vcpu
>> affinity and deny node affinity, so using the same permission for both 
>> accesses is the best solution.
>>
> Yes, exactly.
> 
> Moreover, looking at xen/xsm/flask/include/av_permissions.h where
> DOMAIN__{GET,SET}VCPUAFFINITY are, I got thee impression that there is
> no more space left for DOMAIN__* permissions, as they already go from
> 0x00000001UL to 0x80000000UL... Is that so?

Yes. My XSM patch series expands this by adding SECCLASS_DOMAIN2 to address
this (and that part is already in 4.3). This solution can be applied to any
XSM classes needing more than 32 permission bits.

-- 
Daniel De Graaf
National Security Agency