On Mon, Nov 24, 2014 at 10:05 PM, Daniel De Graaf <dgde...@tycho.nsa.gov> wrote: >> I do. The error is >> (XEN) flask_domctl: Unknown op 72 >> >> Incidentally, Flask is running in permissive mode. >> >> Michael Young >> > > This means that the new domctl needs to be added to the switch statement > in flask/hooks.c. This error is triggered in permissive mode because it > is a code error rather than a policy error (which is what permissive mode > is intended to debug).
If that's the case, should we make that a BUG_ON()? Or at least an ASSERT() (which will only bug when compiled with debug=y), followed by allow if in permissive mode, and deny if in enforcing mode? Having it default deny, even in permissive mode, breaks the "principle of least surprise", I think. :-) -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
