| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
For now hardcode /etc w/o a prefix as there are hardcoded
config paths in the code which would break otherwise.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you use -MMD -MF then the correct .o filename is written to the
.*.d file as the compiler driver arranges everything. This was done
in 19010:275abe1c5d24 for the hypervisor.
In this patch we do the same elsewhere in the xen-unstable tree,
particularly tools/. Specifically:
* Change tools/Rules.mk to add -MMD -MF ... to CFLAGS and set DEPS.
* Remove -Wp,-MD... from every other Makefile
* Remove setting of DEPS from every other Makefile
* Ensure that every Makefile says -include $(DEPS)
* Ensure that every Makefile's clean target removes $(DEPS)
Some Makefiles were already halfway there, but often for a different
variable name eg PROG_DEP. The variable name is now standardised in
Rules.mk as DEPS.
I have done a test build with this change, on Debian etch.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
| |
guest to work
This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
| |
This fix gets to the default Flask/XSM policy gets a simple guest VM
(Ramdisk only, no VIF) running.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The patch includes a policy for xen that can be booted into
enforcing mode and supports creation and management of
paravirtualized guests. The policy follows the dom0/domU usage
model, extension to other models or the addition of management or IO
permissions should be much more straightforward now. The option
flask_enforcing=1 can be passed on the xen line in grub to boot
into enforcing mode.
- The policy provides a basic policy for booting the platform and
creating a domU with the label system_u:object_r:domU_t. The policy
can be easily extended to support new types by modifying the xen.te
source file.
- The policy includes some basic macros which may be helpful in
extending the policy.
- The policy is compatible with and requires the most recent XSM
patch, xsm-flask-io-sysctl-hooks-090308.diff.
- The policy is not built as part of the make all as it requires the
SELinux policy compiler which may/may not be installed on all
systems. Users must go into the tools/flask/policy directory and
explicitly compile the policy.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses a number of argument handling bugs in the flask_op hypercall
in the XSM:Flask module. Thanks to Rafal Wojtczuk at McAfee for
reporting the issues and Tim Deegan at Citrix for providing an
initial patch.
This patch addresses the following issues:
- bounds checking and validation on input arguments to flask_op
- updated ABI/API, size and cmd are now uint32_t
- updated userspace tools and libraries to account for ABI/API
changes
- implemented all copies using from/to guest, better portability
- implemented upper bounds checking on op->cmd, op->size
- implemented sanity checking on op->size and op->buf
- implemented bit vector for checking from/to usage on op->cmd
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
|
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
|
|
|
| |
This patch merges the two versions of public header generation
currently used in the build into one.
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
|
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|