n***@bertin.fr
2018-09-26 11:40:32 UTC
Hi,
I just noticed from a bad behaviour of my installation and the security_iterate_iomem_sids
function that the iomem ranges have to be sorted in the device_contexts file.
The flask load policy takes iomem ranges declaration as it comes but the sid attribution
and check function expects the list of iomem ocontexts to be sorted.
My file didn't comply with this statement which ended to use the default iomem sid instead
of computing one before checking the permission.
This doesn't seem to be documented anywhere in the xen release 4.11.0.
Thanks.
Nicolas
1
I just noticed from a bad behaviour of my installation and the security_iterate_iomem_sids
function that the iomem ranges have to be sorted in the device_contexts file.
The flask load policy takes iomem ranges declaration as it comes but the sid attribution
and check function expects the list of iomem ocontexts to be sorted.
My file didn't comply with this statement which ended to use the default iomem sid instead
of computing one before checking the permission.
This doesn't seem to be documented anywhere in the xen release 4.11.0.
Thanks.
Nicolas
1