This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Re: [PATCH] choose security model for ACM at built-time

To: aq <aquynh@xxxxxxxxx>
Subject: [Xen-devel] Re: [PATCH] choose security model for ACM at built-time
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Fri, 24 Jun 2005 17:13:04 +0100
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 24 Jun 2005 16:08:02 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <9cde8bff050624083345768b68@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <9cde8bff050624083345768b68@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 24 Jun 2005, at 16:33, aq wrote:

At the moment, there is a problem with ACM: it is impossible to set
ACM security model at built-time, so even with ACM is chosen to build,
the default policy is NULL, which is useless.

This patch propose a solution to this problem: build process will
generate a header file (include/public/acm_policy.h) based on the
value set in xen/Makefile or at command-line, and gets acm.h included

Looks fine, but:

Firstly, is the configured policy something that needs to be propagated to user tools (i.e., should the generated header reside within include/public or should it be in include/xen)?

Secondly, you missed conditional inclusion of acm/acm.o into the ALL_OBJS list in xen/Rules.mk. Also, the definition of ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk rather than the Makefile.

 -- Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>