From mboxrd@z Thu Jan 1 00:00:00 1970 From: Doug Goldstein Subject: Re: [PATCH 17/17] xsm: add a default policy to .init.data Date: Mon, 20 Jun 2016 09:52:22 -0500 Message-ID: References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> <1466431466-28055-18-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4373915437440766597==" Return-path: In-Reply-To: <1466431466-28055-18-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Daniel De Graaf , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4373915437440766597== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xESxueKKPKnGKdKclHNfi8Qi91Pf1vadj" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xESxueKKPKnGKdKclHNfi8Qi91Pf1vadj Content-Type: multipart/mixed; boundary="NtOChvrEM77MMaXwR1WVt1k8PnLUVmqHV" From: Doug Goldstein To: Daniel De Graaf , xen-devel@lists.xen.org Message-ID: Subject: Re: [Xen-devel] [PATCH 17/17] xsm: add a default policy to .init.data References: <1466431466-28055-1-git-send-email-dgdegra@tycho.nsa.gov> <1466431466-28055-18-git-send-email-dgdegra@tycho.nsa.gov> In-Reply-To: <1466431466-28055-18-git-send-email-dgdegra@tycho.nsa.gov> --NtOChvrEM77MMaXwR1WVt1k8PnLUVmqHV Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 6/20/16 9:04 AM, Daniel De Graaf wrote: > This adds a Kconfig option and support for including the XSM policy fro= m > tools/flask/policy in the hypervisor so that the bootloader does not > need to provide a policy to get sane behavior from an XSM-enabled > hypervisor. The policy provided by the bootloader, if present, will > override the built-in policy. >=20 > Enabling this option only builds the policy if checkpolicy is available= > during compilation of the hypervisor; otherwise, it does nothing. The > XSM policy is not moved out of tools because that remains the primary > location for installing and configuring the policy. >=20 > Signed-off-by: Daniel De Graaf > Reviewed-by: Konrad Rzeszutek Wilk Reviewed-by: Doug Goldstein --=20 Doug Goldstein --NtOChvrEM77MMaXwR1WVt1k8PnLUVmqHV-- --xESxueKKPKnGKdKclHNfi8Qi91Pf1vadj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0 iQJ8BAEBCgBmBQJXaAMmXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUN+0P/1Oe4g4JaEJlZy0NHekOMPTx E6AOz/aulswiYd4oDalX5YnyCD7V+UY4R9AYmweH6c7yMe66HMvL8UEYCt22vvvz IjOulwzUqPUXbbhau9JRA+0zyu/ROe70wXE04n/qAImL1RO8l0jyl6r/O8Znh+Y9 X8texNXgc5zjYTMIFQmbQUgm0KpiYJaKPHf6pmzWRIMcQq+NQYIq/SZoXh14nnf6 jT4zR2PAOOo2o1GHU2E8ahBzxVOwWwO77kWUbE3f9vWBboa+dif5eLDer8Xm68oX PVC91yj4XvSmYqoCJ4U8y8SLW6BskEGfI7rqy8BzG4UQ49AfzoYP9clNEICeuzkL 0aDrnGieTJnU1JByGW70EnX8T83o7xIa73T7/LxVmOYdRF0RhhXfPCJKm+x5ccW/ 0sWwe+sYDfm9wmoe/EBtrZSeHCLfwRBPPkcThSjmUkonSYe23DXvs0nOMw10Uug3 oGGcen5TZlcvEotNjkjEF3pMjtoKrSfGkfDUUjksTwwDYi9I05On76AUznGvxPUl nTzRZjcH4hcn8nbrjvyfPoip9pom2/a132X2zuSwdWV/Q5TX6BpY8MhjFPsn8O3t oDYfkAfxPeXvFAUS4p1nn+f9vKJFt4k77P4Mb7C8041igSeNDvEImZRbxvbSYhM6 OR4UnYfplhyV/WG8D8l1 =orOD -----END PGP SIGNATURE----- --xESxueKKPKnGKdKclHNfi8Qi91Pf1vadj-- --===============4373915437440766597== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwOi8vbGlzdHMueGVuLm9y Zy94ZW4tZGV2ZWwK --===============4373915437440766597==--