On 01.07.2022 00:35, Stefano Stabellini wrote: > On Wed, 29 Jun 2022, Daniel P. Smith wrote: >> This series makes it so that the idle domain is started privileged under the >> default policy, which the SILO policy inherits, and under the flask policy. >> It >> then introduces a new one-way XSM hook, xsm_transition_running, that is >> hooked >> by an XSM policy to transition the idle domain to its running privilege >> level. >> >> Patch 3 is an important one, as first it addresses the issue raised under an >> RFC late last year by Jason Andryuk regarding the awkward entanglement of >> flask_domain_alloc_security() and flask_domain_create(). Second, it helps >> articulate why it is that the hypervisor should go through the access control >> checks, even when it is doing the action itself. The issue at hand is not >> that >> the hypervisor could be influenced to go around these check. The issue is >> these >> checks provides a configurable way to express the execution flow that the >> hypervisor should enforce. Specifically with this change, it is now possible >> for an owner of a dom0less or hyperlaunch system to express a policy where >> the >> hypervisor will enforce that no dom0 will be constructed, regardless of what >> boot construction details were provided to it. Likewise, an owner that does >> not >> want to see dom0less or hyperlaunch to be used can enforce that the >> hypervisor >> will only construct a dom0 domain. This can all be accomplished without the >> need to rebuild the hypervisor with these features enabled or disabled. > > > It looks like this patch series is fully acked except: > - in theory we need an ack from Daniel for flask > - there is a very small change to sched that would need an ack from > George/Dario
I don't think I've seen any R-b for the last patch. Jan
