[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Xen XSM/FLASK policy, grub defaults, etc.
Ian Jackson writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."): > George Dunlap writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."): > > > On May 27, 2020, at 4:41 PM, Ian Jackson <ian.jackson@xxxxxxxxxx> wrote: > > > 3. Failing that, Xen should provide some other mechanism which would > > > enable something like update-grub to determine whether a particular > > > hypervisor can sensibly be run with a policy file and flask=enforcing. > > > > So you want update-grub to check whether *the Xen binary it’s creating > > entries for* has FLASK enabled. We generally include the Xen config used > > to build the hypervisor — could we have it check for CONFIG_XSM_FLASK? > > That would be a possibility. Including kernel configs has gone out of > fashion but I think most distros ship them. I mean most distros ship *Xen* configs even if they don't ship *Linux* ones. Ian.
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |