[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/6] xsm: enabling xsm to always be included

On 6/21/21 2:53 AM, Jan Beulich wrote:
On 18.06.2021 18:35, Daniel P. Smith wrote:
On 6/18/21 7:53 AM, Andrew Cooper wrote:
On 18/06/2021 00:39, Daniel P. Smith wrote:
@@ -250,9 +261,8 @@ config XSM_FLASK_POLICY
          If unsure, say Y.
config XSM_SILO
-       def_bool y
+       def_bool n

I'm not sure we want to alter the FLASK/SILO defaults.  SILO in
particular is mandatory on ARM, and without it, you're in a security
unsupported configuration.
The intent here is the default is the classic dom0 configuration. What
if I did,

def bool n
def bool y if ARM

Besides it needing to be with the order of the two lines flipped, if
Arm requires XSM_SILO, then I think it would better "select" it.

Ack, I realized that as I fixed it for the upcoming v2.

Correct me if I am wrong but if you do a "select" that means you are forcing the user to always have SILO built in, i.e. that makes it so the option cannot be disabled. There may be users who would prefer to only have Flask enabled on ARM and those users would not be able to turn SILO off.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.