[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Xen XSM/FLASK policy, grub defaults, etc.



Ian Jackson writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."):
> George Dunlap writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."):
> > > On May 27, 2020, at 4:41 PM, Ian Jackson <ian.jackson@xxxxxxxxxx> wrote:
> > > 3. Failing that, Xen should provide some other mechanism which would
> > > enable something like update-grub to determine whether a particular
> > > hypervisor can sensibly be run with a policy file and flask=enforcing.
> > 
> > So you want update-grub to check whether *the Xen binary it’s creating 
> > entries for* has FLASK enabled.  We generally include the Xen config used 
> > to build the hypervisor — could we have it check for CONFIG_XSM_FLASK?
> 
> That would be a possibility.  Including kernel configs has gone out of
> fashion but I think most distros ship them.

I mean most distros ship *Xen* configs even if they don't ship *Linux*
ones.

Ian.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.