Re: [Xen-devel] [PATCH 10/18] INSTALL: Mention kconfig

Doug Goldstein writes ("Re: [PATCH 10/18] INSTALL: Mention kconfig"):
> On Fri, Oct 05, 2018 at 06:29:09PM +0100, Ian Jackson wrote:
> > Firstly, add a reference to the documentation for the kconfig system.
> > 
> > Secondly, warn the user about the XEN_CONFIG_EXPERT problem.
> Reviewed-by: Doug Goldstein <cardoe@xxxxxxxxxx>


> > +Xen Hypervisor
> > +==============
> > +
> > +Xen itself is configured via a `kconfig' system borrowed from Linux.
> > +See docs/misc/kconfig.txt.
> > +
> > +Note that unlike with Linux, and contrary to that document, you cannot
> > +look at Kconfig files, or the default or generated config files etc.,
> > +to find available configuration options.  This is because it is only
> > +supported (and security supported) by the Xen Project, to change a
> > +small subset of the options.  Attempts to change other options will be
> > +silently overriden.  The only way to find which configuration options
> > +are available is to run `make menuconfig' or the like.
> > +
> > +You can counter-override this behaviour by setting XEN_CONFIG_EXPERT=y
> > +in your environment.  However, doing this is not supported and the
> > +resulting configurations do not receive security support.  If you set
> > +this varible there is nothing stopping you setting dangerously
> > +experimental combinations of features - not even any warnings.
> Not really true because the shim is supported and relies on

It sounds like you are saying that what I write above is not accurate.
I didn't intend it to cover any setting of XEN_CONFIG_EXPERT by the
Xen build system itself.

I'm not sure how that interacts wit your R-B either.  Normally a R-B
would imply approval of the contents.

>   but certainly better to make users aware than blindly
> hiding everything from them. I'd still argue that eventually we'll get
> rid of this because most distros build with XEN_CONFIG_EXPERT on and
> most Xen devs I know just have it set in their environment.

Well, yes.  I decided that documenting the situation was the best way
to throw light on it and possibly even get it changed.


