search for: flask

I have just committed the patch below. Ian. # HG changeset patch # User Ian Jackson <Ian.Jackson@eu.citrix.com> # Date 1323712783 0 # Node ID 7ca56cca09ade16645fb4806be2c5b2b0bc3332b # Parent 7e90178b8bbfd2f78e8f4c6d593a2fb233350f41 flask: add tools/flask/utils/flask-label-pci to .hgignore This was apparently forgotten in 24353:448c48326d6b Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com> diff -r 7e90178b8bbf -r c995cdcc3700 .hgignore --- a/.hgignore Mon Dec...

...ic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm: Add security label to IRQ debug output MSI interrupt fixes: [PATCH 03/10] xsm/flask: Use PCI device label for PCI-MSI IRQs [PATCH 04/10] xsm: Add xsm_map_domain_pirq hook [PATCH 05/10] xsm: Use mapped IRQ not PIRQ in unmap_domain_pirq Cleanup: [PATCH 06/10] xsm/flask: Improve error reporting for ocontexts [PATCH 07/10] xsm/flask: Remove useless back pointers [PATCH 08/10] flask/p...

These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to buil...

Renato, Kristof, I confirm this is due to the latest Flask --- Flask-0.11 was released this weekend --- and for some unknown (to me at least) reason, although LNT's requirements.txt pins Flask to version 0.10.1, pip installs Flask-0.11. Forcing Flask to 0.10.1 gets the situation back to normal. Reading pip's documentation makes me think it's...

- This minor patch implements the missing stub function security_label_to_details in the dummy module. This stub function is necessary to create domains with network interfaces for modules that do not implement the security_label_to_details function. Signed-off-by: George Coker <gscoker@alpha.ncsc.mil> _______________________________________________ Xen-devel mailing list

...not know how to fix that --- I would otherwise I've committed a fix. I've been able to hack it locally exploiting the very same lit limitation then the one we're stumbling on (i.e it does not resolve dependency correctly and only pick-up the first constraint). You need to make sure the Flask constraint is seen first, even before using the requirements.txt so on the command line before loading the requirements.txt. > -----Original Message----- > From: Renato Golin [mailto:renato.golin at linaro.org] > Sent: 30 May 2016 20:42 > To: Arnaud De Grandmaison > Cc: Kristof Bey...

Daniel, Tobias, Renato and myself have been looking a little bit at the potential underlying reason for why http://llvm.org/perf/ is instable, and have found some clues. I want to share them here to give people with more experience in the frameworks used by LNT (flask, sqlalchemy, wsgi, .) a chance to check if our reasoning below seems plausible. Daniel noticed the following backtrace in the log after http://llvm.org/perf started giving "Internal Server Error" again: 2015-05-08 22:57:05,309 ERROR: Exception on /db_default/v4/nts/287/graph [GET] [i...

Hi Renato, We're also seeing this on internal bots. My first guess is that it was triggered by the Flask package getting updated at Pypi on 29th of May, see https://pypi.python.org/pypi/Flask. I haven't investigated further at this point. Thanks, Kristof On 29 May 2016, at 14:28, Renato Golin <renato.golin at linaro.org<mailto:renato.golin at linaro.org>> wrote: Folks, Its seems...

Folks, Its seems that the latest master restart has introduced a failure in *many* test-suite bots: File "/home/buildslave/buildslave/clang-cmake-aarch64-full/test/lnt/lnt/server/ui/decorators.py", line 6, in <module> frontend = flask.Module(__name__) AttributeError: 'module' object has no attribute 'Module' http://lab.llvm.org:8011/builders/clang-cmake-aarch64-quick/builds/7433 http://lab.llvm.org:8011/builders/clang-cmake-aarch64-full/builds/2208 http://lab.llvm.org:8011/builders/clang-native-arm-lnt/builds/...

The FLASK security checks for resource ranges were not implemented correctly - only the permissions on the endpoints of a range were checked, instead of all items contained in the range. This would allow certain resources (I/O ports, I/O memory) to be used by domains in contravention to security policy. Thi...

On 30 May 2016 at 12:25, Arnaud De Grandmaison <Arnaud.DeGrandmaison at arm.com> wrote: > I confirm this is due to the latest Flask --- Flask-0.11 was released this > weekend --- and for some unknown (to me at least) reason, although LNT's > requirements.txt pins Flask to version 0.10.1, pip installs Flask-0.11. > Forcing Flask to 0.10.1 gets the situation back to normal. Do you know where to change that in LNT? I...

This adds two more permissions to the default Flask policy to get a VM with a network interface to work. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/fla...

# HG changeset patch # User Olaf Hering <olaf@aepfle.de> # Date 1328707901 -3600 # Node ID b730f1f980bdc1edcebf7dbbbb5253ccafcd8c04 # Parent 3574f4d67843733ccaabab5f8ebb859c99d7314a remove references to removed libflask from setup.py Build in SLES11 SP1/2 fails after libflask removal. > building ''flask'' extension > error: ../../tools/flask/libflask/libflask.so: No such file or directory > make[3]: *** [install] Error 1 > make[3]: Leaving directory `/usr/src/packages/BUILD/xen-4.2.24...

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command and libxl header when the Flask XSM is in use. Adheres to the changes made by the patch to remove exposure of libxenctrl/libxenstore headers via libxl.h. tools/libxl/libxl_flask.c | 71 ++++++++++++++++++ tools/libxl/Makefile | 2 tools/libxl/libxl.c | 1 tools/libxl/libxl.h | 8 ++ tools...

...not know how to fix that --- I would otherwise I've committed a fix. I've been able to hack it locally exploiting the very same lit limitation then the one we're stumbling on (i.e it does not resolve dependency correctly and only pick-up the first constraint). You need to make sure the Flask constraint is seen first, even before using the requirements.txt so on the command line before loading the requirements.txt. -----Original Message----- From: Renato Golin [mailto:renato.golin at linaro.org] Sent: 30 May 2016 20:42 To: Arnaud De Grandmaison Cc: Kristof Beyls; nd; llvm-dev at lists...

I notice that the Flask / ACM security module support has been enabled in the latest Debian Xen packages. I'm afraid I think this is a mistake. In our opinion this code is of very poor quality. It is certainly ill-tested and not widely used. We (Xensource/Citrix) have received more than one serious vulnerability r...

Adds support for assigning a label to domains, obtaining and setting the current enforcing mode, and loading a policy with xl command when the Flask XSM is in use. libxl.c | 1 libxl.idl | 3 - xl.h | 3 + xl_cmdimpl.c | 171 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- xl_cmdtable.c | 18 +++++- 5 files changed, 187 insertions(+), 9 deletions(-) Signed-off-by: mbgrego@tycho.ncsc.mil --...

...- I would otherwise I've committed a fix. >> >> I've been able to hack it locally exploiting the very same lit limitation then the one we're stumbling on (i.e it does not resolve dependency correctly and only pick-up the first constraint). >> You need to make sure the Flask constraint is seen first, even before using the requirements.txt so on the command line before loading the requirements.txt. >> >> >>> -----Original Message----- >>> From: Renato Golin [mailto:renato.golin at linaro.org] >>> Sent: 30 May 2016 20:42 >>&...

Hello all, I am trying to get a xenstore/oxenstore (oxenstore is mirage based) stubdom to get to work on Xen 4.2.1. I know that I need to set XSM/FLASK rules and so I have compiled 4.2.1 with XSM and FLASK. I already talked with Daniel de Graaf (on the mailinglists) and Steven Maresca on IRC about this thing. Daniel already wrote a XSM/FLASK ruleset in this thread: http://lists.xen.org/archives/html/xen-devel/2013-01/msg00956.html So he said tha...