| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
It's not needed unless you are including headers in the current
directory _and_ you can't use "" instead of <> because the headers are
to be installed.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
It's not needed unless you are linking against a library in the
current directory.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
Several places include it in CFLAGS even though it is never defined. A
few others use it as nothing more than a gathering point for
CFLAGS. Get rid of it.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
| |
Otherwise make can search the path relative to certain standard paths
such as /usr/include (e.g., the line '-include $(XEN_ROOT)/.config' in
Config.mk suffers from this).
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At some point, it seems that someone manually added Flask permission
definitions to one header file without updating the corresponding
policy configuration or the other related table. The end result is
that we can get uninterpretable AVC messages like this:
# xl dmesg | grep avc
(XEN) avc: denied { 0x4000000 } for domid=0
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t
tclass=domain
Fix this by updating the flask config and regenerating the headers
from it. In the future, this can be further improved by integrating
the automatic generation of the headers into the build process as is
presently done in SELinux.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linker command lines are order-sensitive.
Move linker options -Lfoo -lfoo from LDFLAGS to LDLIBS and place this new
variable after the objects to link. This resolves build errors in xenpagin
and blktap with recent toolchains.
rename SHLIB_CFLAGS to SHLIB_LDFLAGS
rename LDFLAGS_* to LDLIBS_*
move LDFLAGS usage after CFLAGS in CC calls
remove stale comments in xenpaging Makefile
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch eliminate the global variables in libxenctrl (used for
logging and error reporting).
Instead the information which was in the global variables is now in a
new xc_interface* opaque structure, which xc_interface open returns
instead of the raw file descriptor; furthermore, logging is done via
xentoollog.
There are three new parameters to xc_interface_open to control the
logging, but existing callers can just pass "0" for all three to get
the old behaviour.
All libxc callers have been adjusted accordingly.
Also update QEMU_TAG for corresponding qemu change.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a few places in the tree the Makefiles have constructs like this:
one_file another_file:
$(COMMAND_WHICH_GENERATES_BOTH_AT_ONCE)
This is wrong, because make will run _two copies_ of the same command
at once. This generally causes races and hard-to-reproduce build
failures.
Notably, `make -j4' at the top level will build stubdom libxc twice
simultaneously!
In this patch we replace the occurrences of this construct with the
correct idiom:
one_file: another_file
another_file:
$(COMMAND_WHICH_GENERATES_BOTH_AT_ONCE)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch exposes the flask_access, flask_avc_cachestats,
flask_avc_hashstats, flask_getavc_threshold, flask_setavc_threshold,
and flask_policyvers functions to user-space. A python wrapper was
created for the flask_access function to facilitate policy based
user-space access control decisions. flask.h was renamed to libflask.h
to remove a naming conflict.
Signed-off-by : Machon Gregory <mbgrego@tycho.ncsc.mil>
|
| |
|
|
|
|
| |
...to reflect the variables being passed in.
Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the ability to add and delete ocontexts dynamically on a running
system. Two new commands have been added to the xsm hypercall, add
and delete ocontext. Twelve new library functions have been
implemented that use the hypercall commands to label and unlabel
pirqs, PCI devices, I/O ports and memory. The base policy has been
updated so dom0 has the ability to use the hypercall commands by
default. Items added to the list will not be present next time the
system reloads. They will need to be added to the static policy.
Signed-off-by : George Coker <gscoker@alpha.ncsc.mil>
Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for Xen ocontext records to enable device polices. The
default policy will not be changed and instructions have been added to
enable the new functionality. Examples on how to use the new policy
language have been added but commented out. The newest version of
checkpolicy (>= 2.0.20) and libsepol (>= 2.0.39) is needed in order to
compile it. Devices can be labeled and enforced using the following
new commands; pirqcon, iomemcon, ioportcon and pcidevicecon.
Signed-off-by : George Coker <gscoker@alpha.ncsc.mil>
Signed-off-by : Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
|
| |
|
|
|
|
|
|
| |
This patch exposes the getenforce and setenforce functionality for the
Flask XSM module.
Signed-off-by : Machon Gregory <mbgrego@tycho.ncsc.mil>
Signed-off-by : George S. Coker, II <gscoker@alpha.ncsc.mil>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original xen policy infrastructure was based off of an early
version of refpolicy. Because of this there was a lot of cruft that
does not apply to building a policy for xen. This patch does several
things. First it cleans up the makefile as to remove many unnecessary
build targets. Second it fixes an issue that the policy build process
wasn't handling interface files properly. Third it pulls in the MLS
suppport functions from current ref policy and makes use of
them. Finally it updates the xen policy with new rules to address
changes in xen since the policy was last worked on, and provides
several new abstractions for creating domains.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
|
| |
|
|
|
|
|
|
|
|
| |
This is a back-port of the latest SELinux code to Xen, adjusted
for Xen coding style and interfaces. Unneeded functionality such
as most object context config data, handle_unknown, MLS field
defaulting, etc has been omitted.
Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>
|
| |
|
|
|
|
|
| |
For now hardcode /etc w/o a prefix as there are hardcoded
config paths in the code which would break otherwise.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you use -MMD -MF then the correct .o filename is written to the
.*.d file as the compiler driver arranges everything. This was done
in 19010:275abe1c5d24 for the hypervisor.
In this patch we do the same elsewhere in the xen-unstable tree,
particularly tools/. Specifically:
* Change tools/Rules.mk to add -MMD -MF ... to CFLAGS and set DEPS.
* Remove -Wp,-MD... from every other Makefile
* Remove setting of DEPS from every other Makefile
* Ensure that every Makefile says -include $(DEPS)
* Ensure that every Makefile's clean target removes $(DEPS)
Some Makefiles were already halfway there, but often for a different
variable name eg PROG_DEP. The variable name is now standardised in
Rules.mk as DEPS.
I have done a test build with this change, on Debian etch.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
guest to work
This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
|
| |
This fix gets to the default Flask/XSM policy gets a simple guest VM
(Ramdisk only, no VIF) running.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- The patch includes a policy for xen that can be booted into
enforcing mode and supports creation and management of
paravirtualized guests. The policy follows the dom0/domU usage
model, extension to other models or the addition of management or IO
permissions should be much more straightforward now. The option
flask_enforcing=1 can be passed on the xen line in grub to boot
into enforcing mode.
- The policy provides a basic policy for booting the platform and
creating a domU with the label system_u:object_r:domU_t. The policy
can be easily extended to support new types by modifying the xen.te
source file.
- The policy includes some basic macros which may be helpful in
extending the policy.
- The policy is compatible with and requires the most recent XSM
patch, xsm-flask-io-sysctl-hooks-090308.diff.
- The policy is not built as part of the make all as it requires the
SELinux policy compiler which may/may not be installed on all
systems. Users must go into the tools/flask/policy directory and
explicitly compile the policy.
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses a number of argument handling bugs in the flask_op hypercall
in the XSM:Flask module. Thanks to Rafal Wojtczuk at McAfee for
reporting the issues and Tim Deegan at Citrix for providing an
initial patch.
This patch addresses the following issues:
- bounds checking and validation on input arguments to flask_op
- updated ABI/API, size and cmd are now uint32_t
- updated userspace tools and libraries to account for ABI/API
changes
- implemented all copies using from/to guest, better portability
- implemented upper bounds checking on op->cmd, op->size
- implemented sanity checking on op->size and op->buf
- implemented bit vector for checking from/to usage on op->cmd
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
| |
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
|
|
|
| |
This patch merges the two versions of public header generation
currently used in the build into one.
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
| |
Signed-off-by: Bastian Blank <waldi@debian.org>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
| |
Signed-off-by: John Levon <john.levon@sun.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
| |
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
|
|
Signed-off-by: George Coker <gscoker@alpha.ncsc.mil>
|
