[PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

[PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

[Anshul Makkar]

Signed-off-by: Anshul Makkar <anshul.makkar@citrix.com>
---
 * Resending the patch due to incomplete subject in the previous patch.

 docs/misc/xsm-flask.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index 62f15dd..bf8bb6e 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -9,8 +9,8 @@ controls over Xen domains, allowing the policy writer to define what
 interactions between domains, devices, and the hypervisor are permitted.
 
 Some examples of what FLASK can do:
- - Prevent two domains from communicating via event channels or grants
- - Control which domains can use device passthrough (and which devices)
+ - Prevent two domains types from communicating via event channels or grants
+ - Control which type of domains can use device passthrough (and which devices)
  - Restrict or audit operations performed by privileged domains
  - Prevent a privileged domain from arbitrarily mapping pages from other domains
 
@@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy".
 The example policy included with Xen demonstrates most of the features of FLASK
 that can be used without dom0 disaggregation. The main types for domUs are:
 
- - domU_t is a domain that can communicate with any other domU_t
+ - domU_t is a domain type that can communicate with any other domU_t types.
  - isolated_domU_t can only communicate with dom0
  - prot_domU_t is a domain type whose creation can be disabled with a boolean
- - nomigrate_t is a domain that must be created via the nomigrate_t_building
+ - nomigrate_t is a domain type that must be created via the nomigrate_t_building
    type, and whose memory cannot be read by dom0 once created
 
 HVM domains with stubdomain device models also need a type for the stub domain.
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

[Doug Goldstein]

[-- Attachment #1.1.1: Type: text/plain, Size: 2406 bytes --]

On 7/19/16 4:05 AM, Anshul Makkar wrote:
> Signed-off-by: Anshul Makkar <anshul.makkar@citrix.com>
> ---
>  * Resending the patch due to incomplete subject in the previous patch.
> 
>  docs/misc/xsm-flask.txt | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> ---
> diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
> index 62f15dd..bf8bb6e 100644
> --- a/docs/misc/xsm-flask.txt
> +++ b/docs/misc/xsm-flask.txt
> @@ -9,8 +9,8 @@ controls over Xen domains, allowing the policy writer to define what
>  interactions between domains, devices, and the hypervisor are permitted.
>  
>  Some examples of what FLASK can do:
> - - Prevent two domains from communicating via event channels or grants
> - - Control which domains can use device passthrough (and which devices)
> + - Prevent two domains types from communicating via event channels or grants
> + - Control which type of domains can use device passthrough (and which devices)

I disagree with this snippet. This is an example of what you can do with
FLASK. You can use flask to do those two actions. Adding the word
"types" in there takes it from being a concrete example to being more
ambiguous.

>   - Restrict or audit operations performed by privileged domains
>   - Prevent a privileged domain from arbitrarily mapping pages from other domains
>  
> @@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy".
>  The example policy included with Xen demonstrates most of the features of FLASK
>  that can be used without dom0 disaggregation. The main types for domUs are:
>  
> - - domU_t is a domain that can communicate with any other domU_t
> + - domU_t is a domain type that can communicate with any other domU_t types.

"A domain labeled with domU_t can communicate with any other domain
labeled with type domU_t."

>   - isolated_domU_t can only communicate with dom0
>   - prot_domU_t is a domain type whose creation can be disabled with a boolean
> - - nomigrate_t is a domain that must be created via the nomigrate_t_building
> + - nomigrate_t is a domain type that must be created via the nomigrate_t_building
>     type, and whose memory cannot be read by dom0 once created

"A domain labeled with nomigeate_t is a domain that"

>  
>  HVM domains with stubdomain device models also need a type for the stub domain.
> 


-- 
Doug Goldstein


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]

[-- Attachment #2: Type: text/plain, Size: 127 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

[anshul makkar]

On 19/07/16 14:30, Doug Goldstein wrote:
> On 7/19/16 4:05 AM, Anshul Makkar wrote:
>> Signed-off-by: Anshul Makkar <anshul.makkar@citrix.com>
>> ---
>>   * Resending the patch due to incomplete subject in the previous patch.
>>
>>   docs/misc/xsm-flask.txt | 8 ++++----
>>   1 file changed, 4 insertions(+), 4 deletions(-)
>> ---
>> diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
>> index 62f15dd..bf8bb6e 100644
>>   Some examples of what FLASK can do:
>> - - Prevent two domains from communicating via event channels or grants
>> - - Control which domains can use device passthrough (and which devices)
>> + - Prevent two domains types from communicating via event channels or grants
>> + - Control which type of domains can use device passthrough (and which devices)
>
> I disagree with this snippet. This is an example of what you can do with
> FLASK. You can use flask to do those two actions. Adding the word
> "types" in there takes it from being a concrete example to being more
> ambiguous.
"Prevent domains belonging to different types to communicate via event 
channels or grants". Does this sounds better.

I think that its important to use the word "type" so that user doesn't 
get a wrong impression that the policy is per domain, while in actual 
its per type.
>
>>    - Restrict or audit operations performed by privileged domains
>>    - Prevent a privileged domain from arbitrarily mapping pages from other domains
>>
>> @@ -160,10 +160,10 @@ the policy can be reloaded using "xl loadpolicy".
>>   The example policy included with Xen demonstrates most of the features of FLASK
>>   that can be used without dom0 disaggregation. The main types for domUs are:
>>
>> - - domU_t is a domain that can communicate with any other domU_t
>> + - domU_t is a domain type that can communicate with any other domU_t types.
>
> "A domain labeled with domU_t can communicate with any other domain
> labeled with type domU_t."
Rephrasing is fine.
>
>>    - isolated_domU_t can only communicate with dom0
>>    - prot_domU_t is a domain type whose creation can be disabled with a boolean
>> - - nomigrate_t is a domain that must be created via the nomigrate_t_building
>> + - nomigrate_t is a domain type that must be created via the nomigrate_t_building
>>      type, and whose memory cannot be read by dom0 once created
>
> "A domain labeled with nomigeate_t is a domain that"
Rephrasing is fine.
>
>>
>>   HVM domains with stubdomain device models also need a type for the stub domain.
>>
>
>


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

[Daniel De Graaf]

On 07/19/2016 11:21 AM, anshul makkar wrote:
> On 19/07/16 14:30, Doug Goldstein wrote:
>> On 7/19/16 4:05 AM, Anshul Makkar wrote:
>>> Signed-off-by: Anshul Makkar <anshul.makkar@citrix.com>
>>> ---
>>>   * Resending the patch due to incomplete subject in the previous patch.
>>>
>>>   docs/misc/xsm-flask.txt | 8 ++++----
>>>   1 file changed, 4 insertions(+), 4 deletions(-)
>>> ---
>>> diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
>>> index 62f15dd..bf8bb6e 100644
>>>   Some examples of what FLASK can do:
>>> - - Prevent two domains from communicating via event channels or grants
>>> - - Control which domains can use device passthrough (and which devices)
>>> + - Prevent two domains types from communicating via event channels or grants
>>> + - Control which type of domains can use device passthrough (and which devices)
>>
>> I disagree with this snippet. This is an example of what you can do with
>> FLASK. You can use flask to do those two actions. Adding the word
>> "types" in there takes it from being a concrete example to being more
>> ambiguous.
> "Prevent domains belonging to different types to communicate via event channels or grants". Does this sounds better.
>
> I think that its important to use the word "type" so that user doesn't get a wrong impression that the policy is per domain, while in actual its per type.

I think it would be clearer to leave the examples as is, but add a sentence to the
following paragraph about how the policy is written based on types.

For the other changes, I agree Doug's rewording is a bit clearer than the original.

-- 
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel