Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: X

As far as I can see, the xsm_mmu_normal_update() hook is called afterset_foreigndom(). set_foreigndom() will fail if the calling domain isnot privileged (!IS_PRIV(current->domain)) and the operationspecifies a different domain as the foreigndom.

For disaggregation of the domain builder, we would like to be able todelegate this privilege to a small, trusted domain (domB): it seemsto me that XSM would be the cleanest way to do this. Would ittherefore be possible to add a hook in set_foreigndom() on the !IS_PRIV(d) branch, or is there some security consequence that I amoverlooking?


Regards,

Derek Murray.

On 7 May 2007, at 22:41, George S. Coker, II wrote:

Updates in this patch set include:
    - adaptation to new create secure interface for domain_create
    - cleanup of xsm enable/disable framework through xsm_call macro
    - ifdef architecture/config specific hooks

Signed-off-by: George Coker <gscoker@xxxxxxxxxxxxxx>
<xsm-050707-xen-15011.diff>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-devel] [RFC] [0/4] User-space grants for Console and XenStore, Isaku Yamahata

Next by Date:

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Keir Fraser

Previous by Thread:

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Mark Williamson

Next by Thread:

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Keir Fraser

Indexes:

[Date] [Thread] [Top] [All Lists]