On 04/12/14 11:12, George Dunlap wrote:
> On 12/04/2014 10:37 AM, David Vrabel wrote:
>> On 03/12/14 18:42, Andrew Cooper wrote:
>>>
>>> XSA-37 was only an XSA because the rules at the time were unclear as
>>> whether it was an issue or not. At the same time, the rules were
>>> clarified to state
On 12/04/2014 10:37 AM, David Vrabel wrote:
> On 03/12/14 18:42, Andrew Cooper wrote:
>>
>> XSA-37 was only an XSA because the rules at the time were unclear as
>> whether it was an issue or not. At the same time, the rules were
>> clarified to state that issues in a debug build only are not secur
On 03/12/14 18:42, Andrew Cooper wrote:
>
> XSA-37 was only an XSA because the rules at the time were unclear as
> whether it was an issue or not. At the same time, the rules were
> clarified to state that issues in a debug build only are not security
> issues.
Given that we occasionally ask our
On 03/12/14 18:37, Daniel De Graaf wrote:
> On 11/27/2014 10:33 AM, Andrew Cooper wrote:
>> On 27/11/14 15:23, George Dunlap wrote:
>>> On Tue, Nov 25, 2014 at 6:05 PM, Daniel De Graaf
>>> wrote:
When an unknown domctl, sysctl, or other operation is encountered
in the
FLASK security
On 11/27/2014 10:33 AM, Andrew Cooper wrote:
On 27/11/14 15:23, George Dunlap wrote:
On Tue, Nov 25, 2014 at 6:05 PM, Daniel De Graaf wrote:
When an unknown domctl, sysctl, or other operation is encountered in the
FLASK security server, use the allow_unknown bit in the security policy
(set by
On 27/11/14 15:23, George Dunlap wrote:
> On Tue, Nov 25, 2014 at 6:05 PM, Daniel De Graaf
> wrote:
>> When an unknown domctl, sysctl, or other operation is encountered in the
>> FLASK security server, use the allow_unknown bit in the security policy
>> (set by running checkpolicy -U allow) to de
On Tue, Nov 25, 2014 at 6:05 PM, Daniel De Graaf wrote:
> When an unknown domctl, sysctl, or other operation is encountered in the
> FLASK security server, use the allow_unknown bit in the security policy
> (set by running checkpolicy -U allow) to decide if the permission should
> be allowed or de
>>> On 25.11.14 at 19:05, wrote:
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -135,6 +135,19 @@ static int get_irq_sid(int irq, u32 *sid, struct
> avc_audit_data *ad)
> return 0;
> }
>
> +static int avc_unknown_permission(const char* name, int id)
const char *name
>
