[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

  • To: Anthony Perard <anthony.perard@xxxxxxxxxx>
  • From: George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Date: Fri, 16 Jul 2021 15:26:39 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vR9AZljpdMRupA8hFWDC2Fj58PR9L8gk21t5jCTph9c=; b=cXvbikkECcQ5HuCCj59X1KhtfM2k924YPKoU/MoULIi7aebgYwcjaR5fJBQL1CXyPblWZK+zNpOeJGcPA720YCLtlXxqA4wYjt9UpLx/LmAX3xycxQWGF7WwLHwDn9LJ5Zfuec3k3upqhF/1JYucyqfSLrpKcVbVPSGyP8fEWIQi3bO3lut8Z+XBBvYxSbcBklnXoqReXb8iGO/eB5gsBJlWR3MwLf/saMkuk+ouP7E24yU+IDVuWHL62cm2pXZe1MsBsGgMndWiZXgFO3NqBUN+llC0swxd+9EYB5Vne7EuRif2b+sagKSIozV7cNQj9vstWl7lmCyZQ3iaRjIzDw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oChI9cD6fdLGaptleoRPagavFc86z+njPKAroBC0u8GlUbZRHAVYg9R/ijJg17YWNv2XGQ070DvKt5SRX66zU5Z6OO4sat2fsn8jHDKunkvxEamnWRjKfaJH3eKzRuW+pEiBn192+YSINKWHwgYgL+k5ruNt2kMvFx6yhe3kOL1O8729MarOHyOUiFj7p03gTS6tU1kNKLJMXZehvlpJDw7Lb2GFsaft8dxkevtgdYBGSbLH/JRT0h6us4VCoPbXO43TKckscLxm7a0MozxRNfbudV2UrPBXp9HryGksbl5uKcMp5SwuNfdEJXYPQNp4kXzxaf5ir2f0BEEu9lFxkA==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Andrew Cooper" <Andrew.Cooper3@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, "Jan Beulich" <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 16 Jul 2021 15:26:52 +0000
  • Ironport-hdrordr: A9a23:PD1X0qhTBgzcD1g1Hsk3gPEIvnBQXh4ji2hC6mlwRA09TyX5ra 2TdZUgpHrJYVMqMk3I9uruBEDtex3hHP1OkOss1NWZPDUO0VHARO1fBOPZqAEIcBeOldK1u5 0AT0B/YueAd2STj6zBkXSF+wBL+qj6zEiq792usEuEVWtRGsVdB58SMHfiLqVxLjM2YqYRJd 6nyedsgSGvQngTZtTTPAh/YwCSz+e78q4PeHQ9dmca1DU=
  • Ironport-sdr: KC0PjbD5DrjgsFihdBHQICN3IdfUOGLOTX1TK/C8kYeBrCcXTnAhNGtrtqpDp8Ypl1AAFI/BWv JdrZd6R/3PeYn3uYGqzIRzzvbiQbPvW4ubUJjB8pqC0vpRb0luf7oXwd6SePtrb+q5oN1gcBqC ggmJfrRw8ndI8TAJ59fDYfQ8TCrWMV5S0ed5kVeb+20LptYG8PDDtrm9Q60o6VJP0ep7ZkkiZc 902f/gGWn8ss1IPZg2VAu05C+Vnf8jGgu+luJCtrQCWX3C/Rsnfs2LnQjkt1FOvnpgWROgs6t7 j0E=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHXeMzvUpPSASSz7E6vsns5WsIEC6tFvFWA
  • Thread-topic: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

> On Jul 14, 2021, at 5:17 PM, Anthony PERARD <anthony.perard@xxxxxxxxxx> wrote:
> 
> This will help prevent the CI loop from having build failures when
> `checkpolicy` isn't available, when doing "randconfig" jobs.

Hang on, just to clarify what’s going on here.

‘randconfig’ is setting CONFIG_XSM_FLASK_POLICY in the .config file; and then 
when the build happens, we error out because one of the required components 
isn’t there.

What this patch does is to make it so that if someone explicitly sets 
CONFIG_XSM_FLASK_POLICY=y, but doesn’t have checkpolicy, the build system will 
silently disable the policy behind their backs without telling them?

Or does the randconfig test run kConfig one more time, at which point *then* 
the .config will be disabled?

The former I think is broken; the latter I think is fine.

 -George

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.