[PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Andrew Cooper]

Future changes will introduce a new SILO mode, which is intended to be useful
for cloud and enterprise setups where all domUs are unprivileged and have no
buisness communicating directly.

This was discussed at XenSummit, but I'll leave further details to the series
which introduces it.  However, to begin with, clean up the XSM namespacing to
better separate XSM and FLASK.

No functional change.

Andrew Cooper (2):
  xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
  xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

 xen/common/Kconfig          | 12 ++++++------
 xen/include/Makefile        |  2 +-
 xen/include/xen/sched.h     |  2 +-
 xen/include/xsm/xsm.h       | 10 +++++-----
 xen/xsm/Makefile            |  2 +-
 xen/xsm/flask/Makefile      |  2 +-
 xen/xsm/flask/avc.c         |  4 ++--
 xen/xsm/flask/flask_op.c    |  4 ++--
 xen/xsm/flask/gen-policy.py |  4 ++--
 xen/xsm/flask/include/avc.h |  2 +-
 xen/xsm/xsm_core.c          |  6 +++---
 11 files changed, 25 insertions(+), 25 deletions(-)

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

[Andrew Cooper]

Flask is one single XSM module, and another is about to be introduced.
Properly namespace the symbols for clarity.

No functional change.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Tim Deegan <tim@xen.org>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Sergey Dyasli <sergey.dyasli@citrix.com>
CC: Xin Li <xin.li@citrix.com>
CC: Ming Lu <ming.lu@citrix.com>
---
 xen/common/Kconfig          | 6 +++---
 xen/include/Makefile        | 2 +-
 xen/include/xen/sched.h     | 2 +-
 xen/include/xsm/xsm.h       | 4 ++--
 xen/xsm/Makefile            | 2 +-
 xen/xsm/flask/avc.c         | 4 ++--
 xen/xsm/flask/flask_op.c    | 4 ++--
 xen/xsm/flask/include/avc.h | 2 +-
 8 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 9043dce..0f15f72 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -103,7 +103,7 @@ config XSM
 
 	  If unsure, say N.
 
-config FLASK
+config XSM_FLASK
 	def_bool y
 	prompt "FLux Advanced Security Kernel support" if EXPERT = "y"
 	depends on XSM
@@ -116,10 +116,10 @@ config FLASK
 
 	  If unsure, say Y.
 
-config FLASK_AVC_STATS
+config XSM_FLASK_AVC_STATS
 	def_bool y
 	prompt "Maintain statistics on the FLASK access vector cache" if EXPERT = "y"
-	depends on FLASK
+	depends on XSM_FLASK
 	---help---
 	  Maintain counters on the access vector cache that can be viewed using
 	  the FLASK_AVC_CACHESTATS sub-op of the xsm_op hypercall.  Disabling
diff --git a/xen/include/Makefile b/xen/include/Makefile
index 8762ab3..417442a 100644
--- a/xen/include/Makefile
+++ b/xen/include/Makefile
@@ -30,7 +30,7 @@ headers-$(CONFIG_X86)     += compat/hvm/dm_op.h
 headers-$(CONFIG_X86)     += compat/hvm/hvm_op.h
 headers-$(CONFIG_X86)     += compat/hvm/hvm_vcpu.h
 headers-y                 += compat/arch-$(compat-arch-y).h compat/pmu.h compat/xlat.h
-headers-$(CONFIG_FLASK)   += compat/xsm/flask_op.h
+headers-$(CONFIG_XSM_FLASK) += compat/xsm/flask_op.h
 
 cppflags-y                := -include public/xen-compat.h -DXEN_GENERATING_COMPAT_HEADERS
 cppflags-$(CONFIG_X86)    += -m32
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 99d2af2..1e1d600 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -122,7 +122,7 @@ struct evtchn
          */
         void *generic;
 #endif
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
         /*
          * Inlining the contents of the structure for FLASK avoids unneeded
          * allocations, and on 64-bit platforms with only FLASK enabled,
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f0c6fc7..1be3d63 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -24,7 +24,7 @@ DEFINE_XEN_GUEST_HANDLE(xsm_op_t);
 /* policy magic number (defined by XSM_MAGIC) */
 typedef u32 xsm_magic_t;
 
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
 #define XSM_MAGIC 0xf97cff8c
 #else
 #define XSM_MAGIC 0x0
@@ -720,7 +720,7 @@ extern int register_xsm(struct xsm_operations *ops);
 extern struct xsm_operations dummy_xsm_ops;
 extern void xsm_fixup_ops(struct xsm_operations *ops);
 
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
 extern void flask_init(const void *policy_buffer, size_t policy_size);
 #else
 static inline void flask_init(const void *policy_buffer, size_t policy_size)
diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index 3252c46..8bb4a24 100644
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -2,4 +2,4 @@ obj-y += xsm_core.o
 obj-$(CONFIG_XSM) += xsm_policy.o
 obj-$(CONFIG_XSM) += dummy.o
 
-subdir-$(CONFIG_FLASK) += flask
+subdir-$(CONFIG_XSM_FLASK) += flask
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index a3e6108..640c708 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -56,7 +56,7 @@ const struct selinux_class_perm selinux_class_perm = {
 #define AVC_DEF_CACHE_THRESHOLD        512
 #define AVC_CACHE_RECLAIM        16
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 #define avc_cache_stats_incr(field)                 \
 do {                                \
     __get_cpu_var(avc_cache_stats).field++;        \
@@ -89,7 +89,7 @@ struct avc_cache {
 /* Exported via Flask hypercall */
 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 03baa28..1c4decc 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -425,7 +425,7 @@ static int flask_security_make_bools(void)
     return ret;
 }
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 
 static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
 {
@@ -713,7 +713,7 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
         rv = avc_get_hash_stats(&op.u.hash_stats);
         break;
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
     case FLASK_AVC_CACHESTATS:
         rv = flask_security_avc_cachestats(&op.u.cache_stats);
         break;
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index bfc69f4..4046516 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -95,7 +95,7 @@ struct xen_flask_hash_stats;
 int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
 extern unsigned int avc_cache_threshold;
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[PATCH 2/2] xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

[Andrew Cooper]

The embedded policy is specific flask, so update the infrastructure to reflect
this.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Jan Beulich <JBeulich@suse.com>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Tim Deegan <tim@xen.org>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Sergey Dyasli <sergey.dyasli@citrix.com>
CC: Xin Li <xin.li@citrix.com>
CC: Ming Lu <ming.lu@citrix.com>
---
 xen/common/Kconfig          | 6 +++---
 xen/include/xsm/xsm.h       | 6 +++---
 xen/xsm/flask/Makefile      | 2 +-
 xen/xsm/flask/gen-policy.py | 4 ++--
 xen/xsm/xsm_core.c          | 6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 0f15f72..068c320 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -127,10 +127,10 @@ config XSM_FLASK_AVC_STATS
 
 	  If unsure, say Y.
 
-config XSM_POLICY
-	bool "Compile Xen with a built-in security policy"
+config XSM_FLASK_POLICY
+	bool "Compile Xen with a built-in FLASK security policy"
 	default y if HAS_CHECKPOLICY = "y"
-	depends on XSM
+	depends on XSM_FLASK
 	---help---
 	  This includes a default XSM policy in the hypervisor so that the
 	  bootloader does not need to load a policy to get sane behavior from an
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index 1be3d63..70e7a68 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -728,9 +728,9 @@ static inline void flask_init(const void *policy_buffer, size_t policy_size)
 }
 #endif
 
-#ifdef CONFIG_XSM_POLICY
-extern const unsigned char xsm_init_policy[];
-extern const unsigned int xsm_init_policy_size;
+#ifdef CONFIG_XSM_FLASK_POLICY
+extern const unsigned char xsm_init_flask_policy[];
+extern const unsigned int xsm_init_flask_policy_size;
 #endif
 
 #else /* CONFIG_XSM */
diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile
index e22ed7c..f5ffab1 100644
--- a/xen/xsm/flask/Makefile
+++ b/xen/xsm/flask/Makefile
@@ -27,7 +27,7 @@ $(FLASK_H_FILES): $(FLASK_H_DEPEND)
 $(AV_H_FILES): $(AV_H_DEPEND)
 	$(CONFIG_SHELL) policy/mkaccess_vector.sh $(AWK) $(AV_H_DEPEND)
 
-obj-$(CONFIG_XSM_POLICY) += policy.o
+obj-$(CONFIG_XSM_FLASK_POLICY) += policy.o
 
 FLASK_BUILD_DIR := $(CURDIR)
 POLICY_SRC := $(FLASK_BUILD_DIR)/xenpolicy-$(XEN_FULLVERSION)
diff --git a/xen/xsm/flask/gen-policy.py b/xen/xsm/flask/gen-policy.py
index 5168d6e..64a79d6 100644
--- a/xen/xsm/flask/gen-policy.py
+++ b/xen/xsm/flask/gen-policy.py
@@ -8,7 +8,7 @@ sys.stdout.write("""
 #include <xen/init.h>
 #include <xsm/xsm.h>
 
-const unsigned char xsm_init_policy[] __initconst = {
+const unsigned char xsm_init_flask_policy[] __initconst = {
 """)
 
 for char in sys.stdin.read():
@@ -19,5 +19,5 @@ for char in sys.stdin.read():
 
 sys.stdout.write("""
 };
-const unsigned int __initconst xsm_init_policy_size = %d;
+const unsigned int __initconst xsm_init_flask_policy_size = %d;
 """ % policy_size)
diff --git a/xen/xsm/xsm_core.c b/xen/xsm/xsm_core.c
index 949dfcf..cddcf7a 100644
--- a/xen/xsm/xsm_core.c
+++ b/xen/xsm/xsm_core.c
@@ -42,11 +42,11 @@ static inline int verify(struct xsm_operations *ops)
 
 static int __init xsm_core_init(const void *policy_buffer, size_t policy_size)
 {
-#ifdef CONFIG_XSM_POLICY
+#ifdef CONFIG_XSM_FLASK_POLICY
     if ( policy_size == 0 )
     {
-        policy_buffer = xsm_init_policy;
-        policy_size = xsm_init_policy_size;
+        policy_buffer = xsm_init_flask_policy;
+        policy_size = xsm_init_flask_policy_size;
     }
 #endif
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Jan Beulich]

>>> On 26.06.18 at 13:09, <andrew.cooper3@citrix.com> wrote:
> Future changes will introduce a new SILO mode, which is intended to be useful
> for cloud and enterprise setups where all domUs are unprivileged and have no
> buisness communicating directly.
> 
> This was discussed at XenSummit, but I'll leave further details to the series
> which introduces it.  However, to begin with, clean up the XSM namespacing to
> better separate XSM and FLASK.
> 
> No functional change.
> 
> Andrew Cooper (2):
>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

I don't particularly mind the change, but I also don't view it as
particularly useful: For the first patch I'd see the point if you
meant to introduce some CONFIG_ABC_FLASK, but that's not how
I understand the description there. For the second I don't see
the point of retaining XSM in the name.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Andrew Cooper]

On 26/06/18 13:04, Jan Beulich wrote:
>>>> On 26.06.18 at 13:09, <andrew.cooper3@citrix.com> wrote:
>> Future changes will introduce a new SILO mode, which is intended to be useful
>> for cloud and enterprise setups where all domUs are unprivileged and have no
>> buisness communicating directly.
>>
>> This was discussed at XenSummit, but I'll leave further details to the series
>> which introduces it.  However, to begin with, clean up the XSM namespacing to
>> better separate XSM and FLASK.
>>
>> No functional change.
>>
>> Andrew Cooper (2):
>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
> I don't particularly mind the change, but I also don't view it as
> particularly useful: For the first patch I'd see the point if you
> meant to introduce some CONFIG_ABC_FLASK, but that's not how
> I understand the description there. For the second I don't see
> the point of retaining XSM in the name.

XSM != Flask, and this is the naming confusion trying to be rectified.

CONFIG_XSM_SILO is going to be the introduced new mode.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Jan Beulich]

>>> On 26.06.18 at 14:42, <andrew.cooper3@citrix.com> wrote:
> On 26/06/18 13:04, Jan Beulich wrote:
>>>>> On 26.06.18 at 13:09, <andrew.cooper3@citrix.com> wrote:
>>> Future changes will introduce a new SILO mode, which is intended to be useful
>>> for cloud and enterprise setups where all domUs are unprivileged and have no
>>> buisness communicating directly.
>>>
>>> This was discussed at XenSummit, but I'll leave further details to the series
>>> which introduces it.  However, to begin with, clean up the XSM namespacing to
>>> better separate XSM and FLASK.
>>>
>>> No functional change.
>>>
>>> Andrew Cooper (2):
>>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
>> I don't particularly mind the change, but I also don't view it as
>> particularly useful: For the first patch I'd see the point if you
>> meant to introduce some CONFIG_ABC_FLASK, but that's not how
>> I understand the description there. For the second I don't see
>> the point of retaining XSM in the name.
> 
> XSM != Flask, and this is the naming confusion trying to be rectified.

But why is FLASK alone not meaningful enough?

> CONFIG_XSM_SILO is going to be the introduced new mode.

And then SILO alone here?

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Doug Goldstein]

On Tue, Jun 26, 2018 at 07:16:08AM -0600, Jan Beulich wrote:
> >>> On 26.06.18 at 14:42, <andrew.cooper3@citrix.com> wrote:
> > On 26/06/18 13:04, Jan Beulich wrote:
> >>>>> On 26.06.18 at 13:09, <andrew.cooper3@citrix.com> wrote:
> >>> Future changes will introduce a new SILO mode, which is intended to be useful
> >>> for cloud and enterprise setups where all domUs are unprivileged and have no
> >>> buisness communicating directly.
> >>>
> >>> This was discussed at XenSummit, but I'll leave further details to the series
> >>> which introduces it.  However, to begin with, clean up the XSM namespacing to
> >>> better separate XSM and FLASK.
> >>>
> >>> No functional change.
> >>>
> >>> Andrew Cooper (2):
> >>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
> >>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
> >> I don't particularly mind the change, but I also don't view it as
> >> particularly useful: For the first patch I'd see the point if you
> >> meant to introduce some CONFIG_ABC_FLASK, but that's not how
> >> I understand the description there. For the second I don't see
> >> the point of retaining XSM in the name.
> > 
> > XSM != Flask, and this is the naming confusion trying to be rectified.
> 
> But why is FLASK alone not meaningful enough?

Thoughout the code and docs there are conflations between XSM and FLASK
when they're distict pieces of code. FLASK is akin to SELinux while XSM
is akin to the LSM in Linux. To use the Linux paradigms their config
options are:

CONFIG_SECURITY - enables LSMs
CONFIG_SECURITY_SELINUX - enables SELinux

We're going to have similar menus to allow someone to select a different
XSM implmentation.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

[Doug Goldstein]

On Tue, Jun 26, 2018 at 12:09:07PM +0100, Andrew Cooper wrote:
> Flask is one single XSM module, and another is about to be introduced.
> Properly namespace the symbols for clarity.
> 
> No functional change.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/2] xen/xsm: Rename CONFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

[Doug Goldstein]

On Tue, Jun 26, 2018 at 12:09:08PM +0100, Andrew Cooper wrote:
> The embedded policy is specific flask, so update the infrastructure to reflect
> this.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

The subject has a typo 'CONIFIG' -> 'CONFIG', with that fixed:

Reviewed-by: Doug Goldstein <cardoe@cardoe.com>

> diff --git a/xen/common/Kconfig b/xen/common/Kconfig
> index 0f15f72..068c320 100644
> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -127,10 +127,10 @@ config XSM_FLASK_AVC_STATS
>  
>  	  If unsure, say Y.
>  
> -config XSM_POLICY
> -	bool "Compile Xen with a built-in security policy"

(for Jan): This is what I'm talking about about the conflating the two.
This isn't a XSM policy or a XSM security policy. Its specifically a
FLASK security policy. The rest of this diff fixes that in numerous
places.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Andrew Cooper]

On 26/06/2018 14:16, Jan Beulich wrote:
>>>> On 26.06.18 at 14:42, <andrew.cooper3@citrix.com> wrote:
>> On 26/06/18 13:04, Jan Beulich wrote:
>>>>>> On 26.06.18 at 13:09, <andrew.cooper3@citrix.com> wrote:
>>>> Future changes will introduce a new SILO mode, which is intended to be useful
>>>> for cloud and enterprise setups where all domUs are unprivileged and have no
>>>> buisness communicating directly.
>>>>
>>>> This was discussed at XenSummit, but I'll leave further details to the series
>>>> which introduces it.  However, to begin with, clean up the XSM namespacing to
>>>> better separate XSM and FLASK.
>>>>
>>>> No functional change.
>>>>
>>>> Andrew Cooper (2):
>>>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
>>> I don't particularly mind the change, but I also don't view it as
>>> particularly useful: For the first patch I'd see the point if you
>>> meant to introduce some CONFIG_ABC_FLASK, but that's not how
>>> I understand the description there. For the second I don't see
>>> the point of retaining XSM in the name.
>> XSM != Flask, and this is the naming confusion trying to be rectified.
> But why is FLASK alone not meaningful enough?
>
>> CONFIG_XSM_SILO is going to be the introduced new mode.
> And then SILO alone here?

FLASK and SILO alone are meaningful to the core maintainers/developers,
but only because they're aware (even if only tangentially) of all the
development work going on.

By namespacing with an XSM, it is far clearer as to the hierarchy of
named features.  This particular rename came about as a direct result of
my observation of a room full of confused developers as to exactly where
the split of various features lay.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Andrew Cooper]

On 26/06/18 12:09, Andrew Cooper wrote:
> Future changes will introduce a new SILO mode, which is intended to be useful
> for cloud and enterprise setups where all domUs are unprivileged and have no
> buisness communicating directly.
>
> This was discussed at XenSummit, but I'll leave further details to the series
> which introduces it.  However, to begin with, clean up the XSM namespacing to
> better separate XSM and FLASK.
>
> No functional change.
>
> Andrew Cooper (2):
>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

Ping "The Rest" in lieu of Daniel.  This series is blocking the
functional XSM SILO work.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Jan Beulich]

>>> On 16.08.18 at 14:46, <andrew.cooper3@citrix.com> wrote:
> On 26/06/18 12:09, Andrew Cooper wrote:
>> Future changes will introduce a new SILO mode, which is intended to be useful
>> for cloud and enterprise setups where all domUs are unprivileged and have no
>> buisness communicating directly.
>>
>> This was discussed at XenSummit, but I'll leave further details to the series
>> which introduces it.  However, to begin with, clean up the XSM namespacing to
>> better separate XSM and FLASK.
>>
>> No functional change.
>>
>> Andrew Cooper (2):
>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
> 
> Ping "The Rest" in lieu of Daniel.  This series is blocking the
> functional XSM SILO work.

Iirc I had given some comments, regarding the (too long) names.
The changes are mechanical enough that I don't think there's
much else to say.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Andrew Cooper]

On 16/08/18 13:56, Jan Beulich wrote:
>>>> On 16.08.18 at 14:46, <andrew.cooper3@citrix.com> wrote:
>> On 26/06/18 12:09, Andrew Cooper wrote:
>>> Future changes will introduce a new SILO mode, which is intended to be useful
>>> for cloud and enterprise setups where all domUs are unprivileged and have no
>>> buisness communicating directly.
>>>
>>> This was discussed at XenSummit, but I'll leave further details to the series
>>> which introduces it.  However, to begin with, clean up the XSM namespacing to
>>> better separate XSM and FLASK.
>>>
>>> No functional change.
>>>
>>> Andrew Cooper (2):
>>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
>> Ping "The Rest" in lieu of Daniel.  This series is blocking the
>> functional XSM SILO work.
> Iirc I had given some comments, regarding the (too long) names.
> The changes are mechanical enough that I don't think there's
> much else to say.

And I justified why the current naming is IMO wrong and why it wants to
be suitably namespaced.

Hence the ping to unblock this series.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 0/2] xen/xsm: Cleanup in preparation for XSM SILO mode

[Jan Beulich]

>>> On 16.08.18 at 15:18, <andrew.cooper3@citrix.com> wrote:
> On 16/08/18 13:56, Jan Beulich wrote:
>>>>> On 16.08.18 at 14:46, <andrew.cooper3@citrix.com> wrote:
>>> On 26/06/18 12:09, Andrew Cooper wrote:
>>>> Future changes will introduce a new SILO mode, which is intended to be 
> useful
>>>> for cloud and enterprise setups where all domUs are unprivileged and have no
>>>> buisness communicating directly.
>>>>
>>>> This was discussed at XenSummit, but I'll leave further details to the 
> series
>>>> which introduces it.  However, to begin with, clean up the XSM namespacing 
> to
>>>> better separate XSM and FLASK.
>>>>
>>>> No functional change.
>>>>
>>>> Andrew Cooper (2):
>>>>   xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*
>>>>   xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY
>>> Ping "The Rest" in lieu of Daniel.  This series is blocking the
>>> functional XSM SILO work.
>> Iirc I had given some comments, regarding the (too long) names.
>> The changes are mechanical enough that I don't think there's
>> much else to say.
> 
> And I justified why the current naming is IMO wrong and why it wants to
> be suitably namespaced.

But I didn't object to the rename (and name spacing) in general,
I've merely suggested that shorter (still properly name spaced)
names would do as well.

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

[Daniel De Graaf]

On 06/26/2018 07:09 AM, Andrew Cooper wrote:
> Flask is one single XSM module, and another is about to be introduced.
> Properly namespace the symbols for clarity.
> 
> No functional change.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/2] xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

[Daniel De Graaf]

On 06/26/2018 07:09 AM, Andrew Cooper wrote:
> The embedded policy is specific flask, so update the infrastructure to reflect
> this.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

This one actually has a history of being shared between FLASK and ACM (the
now-removed alternative to FLASK in earlier versions of Xen).  However, the
current policy generation is very specific to FLASK, and it would be useful
to allow multiple security modules to each have their own default policy.

Overall, I think it's a useful change.  Is there a reason you chose the
prefix "xsm_init_flask" over "xsm_flask_init"?  The latter may be more
amenable to grepping.

Either way,

Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [PATCH 2/2] xen/xsm: Rename CONIFIG_XSM_POLICY to CONFIG_XSM_FLASK_POLICY

[Andrew Cooper]

On 17/08/18 19:57, Daniel De Graaf wrote:
> On 06/26/2018 07:09 AM, Andrew Cooper wrote:
>> The embedded policy is specific flask, so update the infrastructure
>> to reflect
>> this.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
> This one actually has a history of being shared between FLASK and ACM
> (the
> now-removed alternative to FLASK in earlier versions of Xen). 
> However, the
> current policy generation is very specific to FLASK, and it would be
> useful
> to allow multiple security modules to each have their own default policy.
>
> Overall, I think it's a useful change.  Is there a reason you chose the
> prefix "xsm_init_flask" over "xsm_flask_init"?  The latter may be more
> amenable to grepping.
>
> Either way,
>
> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

This was some sed to begin with, which is why they ended up like that. 
I will make those adjustments.

Thanks,

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel