[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available
- To: George Dunlap <George.Dunlap@xxxxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>
- From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- Date: Fri, 16 Jul 2021 17:14:54 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qi/0MKpUhsMWSdazeCCbRG7PbIrzbJG8w5alOwgNjUk=; b=WUDu7VDYl0K/vG9RoK2FJ5DIkijj9Qil4zgQkpiD3mVd+WKvAcuVVyzphoaI8ik0A1r8aPePINKbISCVPAuUSAez6NYQuNpeXb65cp7FZOvG9CpyNcwbqROCn7W9mzdmUJB9vq40zKuu1Ss2kZMzQZ0jJveE1Y17c6DjyiI09fEo5n8xnrGugfbCO/cCLs7cr5lRmCpqBAC7HBF3fxT1gli1e+i1jhsLGL3o1jTUPM8zV580KKBMShtMy57OP3JiJrwWtMPxtGgGmtdEYTaVm7Z4234nWV+SD03y1E8iCDlgdkch0v58VKBRt7PJoUTIGDOySqbJGGIcH7v8vr6ZSQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JUsxg0h3+JB9+WKq5fcS8VYvu8hN67U30oLKkUu1cVTuzIDyGYn+GTGqIcGrb33i+bRj1/vZ6z9+lvRJQcoI8TtXhtyWxZB4xPiKocg7aP9maNBNH55gjLLPi3DZVpzRTHsyirc9vLZaDN21jIiNArmmPmbJDJOAVmSccJaEY+ib/Xvh/yoRsHvSic9vGZhWIpVKWsy8sVpLgdXVkpoOk/lXE3DXANFpcfgM/XtE7tImhxAGwDr7JEVfG41ZiGdCnL4g9+AwPVt0SmJ+svZTAp3MwwDuW8z8WcMU5t9Hv0Q0MLdjseK3I4Dr/UiCNOXOFzcvkBQfqFk8Q6Qv98n/qw==
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "Ian Jackson" <iwj@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
- Delivery-date: Fri, 16 Jul 2021 16:15:18 +0000
- Ironport-hdrordr: A9a23:J63ZyaGbcZaVUV+LpLqEEseALOsnbusQ8zAXPiBKJCC9vPb5qy nOpoV+6faQslwssR4b9uxoVJPvfZq+z+8R3WByB8bAYOCOggLBQL2KhbGI/9SKIVydygcy78 Zdm6gVMqyMMbB55/yKnDVRxbwbsaa6GKPDv5ah8590JzsaDJ2Jd21Ce32m+ksdfnghObMJUK Cyy+BgvDSadXEefq2AdwM4t7iqnayzqHr+CyR2fyIa1A==
- Ironport-sdr: JjUiUbn8XNwQOAKzU+z1OlpTthx/Cr0yCJFA4Y4sVVaC3hNWNqFcqtCIJdFt4NRmrSHG7hs47x VdtcPahfNxo6Z3BFv6qgeRrFq68iJtaEAF4pc/Eny57MbmkmAjMCSf4UJ95SFrE9t4SpDNroo2 UWngoBDhtJsAaaMEUF4fX+KB6RIz27mHl0gA8ML7n8gzJltQbmKGbH5/wj76tRFzmzEwBWl+Ph LjGrkO2Aw+GWJDUi3RHWtkacDNkWDBgdIdnTBsOiCpcXGHTvnBCl93M7tqpvqjoMjID/iTltDN 00U=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16/07/2021 16:26, George Dunlap wrote:
>
>> On Jul 14, 2021, at 5:17 PM, Anthony PERARD <anthony.perard@xxxxxxxxxx>
>> wrote:
>>
>> This will help prevent the CI loop from having build failures when
>> `checkpolicy` isn't available, when doing "randconfig" jobs.
> Hang on, just to clarify what’s going on here.
>
> ‘randconfig’ is setting CONFIG_XSM_FLASK_POLICY in the .config file; and then
> when the build happens, we error out because one of the required components
> isn’t there.
>
> What this patch does is to make it so that if someone explicitly sets
> CONFIG_XSM_FLASK_POLICY=y, but doesn’t have checkpolicy, the build system
> will silently disable the policy behind their backs without telling them?
Yes, but that's how ~everything in the Xen and Linux build works currently.
What this new version will do is produce a config/build combo, with the
config reporting that CONFIG_XSM_FLASK_POLICY was not active.
This is a damnsignt better than the "old" way of doing feature checks in
the makefiles, where there is no trace that the build system disabled a
feature because your compiler was too old.
~Andrew
|
