] [PATCH] flask: change default state to enforcing
On Thu, Mar 10, 2016 at 01:30:29PM -0500, Daniel De Graaf wrote:
I've added Ian and Jan on the email as scripts/get_maintainer.pl spits out
their names (Oddly not yours?)
> The previous default of "permissive" is meant
On 03/11/2016 10:43 AM, Jan Beulich wrote:
On 11.03.16 at 16:39, wrote:
On 03/11/2016 04:07 AM, Jan Beulich wrote:
On 10.03.16 at 19:30, wrote:
This change will cause the boot to fail if you do not specify an XSM
policy during boot; if you need to load a policy from dom0, use the
"flask=late
>>> On 11.03.16 at 16:39, wrote:
> On 03/11/2016 04:07 AM, Jan Beulich wrote:
> On 10.03.16 at 19:30, wrote:
>>> This change will cause the boot to fail if you do not specify an XSM
>>> policy during boot; if you need to load a policy from dom0, use the
>>> "flask=late" boot parameter.
>>
>>
On 03/11/2016 04:07 AM, Jan Beulich wrote:
On 10.03.16 at 19:30, wrote:
This change will cause the boot to fail if you do not specify an XSM
policy during boot; if you need to load a policy from dom0, use the
"flask=late" boot parameter.
And what mode is the system in until that happens? From
On Fri, Mar 11, 2016 at 02:07:11AM -0700, Jan Beulich wrote:
> >>> On 10.03.16 at 19:30, wrote:
> > This change will cause the boot to fail if you do not specify an XSM
> > policy during boot; if you need to load a policy from dom0, use the
> > "flask=late" boot parameter.
>
> And what mode is th
>>> On 10.03.16 at 19:30, wrote:
> This change will cause the boot to fail if you do not specify an XSM
> policy during boot; if you need to load a policy from dom0, use the
> "flask=late" boot parameter.
And what mode is the system in until that happens? From the
command line doc, I understand i
On 03/10/2016 02:12 PM, Konrad Rzeszutek Wilk wrote:
On Thu, Mar 10, 2016 at 01:30:29PM -0500, Daniel De Graaf wrote:
I've added Ian and Jan on the email as scripts/get_maintainer.pl spits out
their names (Oddly not yours?)
The previous default of "permissive" is meant for developing or
debuggi
On Thu, Mar 10, 2016 at 01:30:29PM -0500, Daniel De Graaf wrote:
I've added Ian and Jan on the email as scripts/get_maintainer.pl spits out
their names (Oddly not yours?)
> The previous default of "permissive" is meant for developing or
> debugging a disaggregated system. However, this default ma
The previous default of "permissive" is meant for developing or
debugging a disaggregated system. However, this default makes it too
easy to accidentally boot a machine in this state, which does not place
any restrictions on guests. This is not suitable for normal systems
because any guest can pe
