Xen project Mailing List

Re: [XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

To: Anthony PERARD <anthony.perard@xxxxxxxxxx>

Date: Mon, 19 Jul 2021 09:37:06 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6e0nm1lyd2BQOWbe6B7Q1v5Kbuu4y1w05G4kiBgJpqk=; b=gxTSlgt96gQY/9CXUGkJbiQRDUbEJ1xnrdbUPbZP+zvE11h9X9NesJdVwk1vAfGmAfMWG/u0v9Qv9g6EsQaCrsoqyqBZcBKWfTFPmW89bc4smlC11Nw1eLC29cjEt+RHzgQdPhNXqJOlzNmpHZA59eUkhJmJFfTKS2Awusiczkh6FKtGcpCRrvMaoRF1/Nw4Z/b9kDa+tjA7kh2+bEwWT5XndB/v3IEv3a5r9aMtQaIud0SUmKsEpNNFH9feZqxsDSmgh8Xhfoz9VrHUrpXHny1h7sDL2Qw8hMaEZIjFESroh5RaLqmr66Y/sFXFsS94HDFfrtndDDjN2TQqhJtnOg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SAs+SARBxj29DMB8tBk2TSH7UjQs0BmN/+B11p4xqiH9yns6d9Wdqk/U470apDBzzz9qfJg+qoCsKk9gWbOypPuzF3H7mFqhdT9/cIJOrh9b0aNcE54l60A6Z5SkKU6OvZogCaUGQzFkInM9nIQaU0Fy7VQtBreIpqwqgzIIfX5nIgP2XX+xwSdxbSqsVeNC3rCVePLx+W2bL6ZiIeQK1JVacfgKN//Ci4Ve8Zeq9nSO+xo8gBQMdBDg32p/gRA/ARuWfuNnGeh9tRZ1fiHAx7TZfFeXalNS3BTHxQ6c8Lgj19GlKki6y2q7KU/O0a2NOwlqpO/G0ZG2YvfQrM+V+g==

Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Mon, 19 Jul 2021 07:37:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.07.2021 14:38, Anthony PERARD wrote: > This will help prevent the CI loop from having build failures when > `checkpolicy` isn't available, when doing "randconfig" jobs. > > Also, move the check out of Config.mk and into xen/ build system. > Nothing in tools/ is using that information as it's done by > ./configure. > > Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx> > --- > We might want to have a new Makefile for this kind of check that > Kconfig is going to use, just to keep the main Makefile a bit cleaner. > But maybe another time, if more are comming. > > v2: > - move check to Makefile I'm afraid I don't understand: > --- a/xen/Makefile > +++ b/xen/Makefile > @@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?= $(shell hostname) > PYTHON_INTERPRETER := $(word 1,$(shell which python3 python python2 > 2>/dev/null) python) > export PYTHON ?= $(PYTHON_INTERPRETER) > > +export CHECKPOLICY ?= checkpolicy > + > export BASEDIR := $(CURDIR) > export XEN_ROOT := $(BASEDIR)/.. > > @@ -156,6 +158,8 @@ CFLAGS += $(CLANG_FLAGS) > export CLANG_FLAGS > endif > > +export HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q > xen) While the setting indeed gets obtained in a Makefile now, ... > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -235,8 +235,8 @@ config XSM_FLASK_AVC_STATS > > config XSM_FLASK_POLICY > bool "Compile Xen with a built-in FLASK security policy" > - default y if "$(XEN_HAS_CHECKPOLICY)" = "y" > - depends on XSM_FLASK > + default y > + depends on XSM_FLASK && "$(HAS_CHECKPOLICY)" ... it's still used as a Kconfig dependency. This in particular does not address George's concern about a setting silently getting turned off behind the back of the person having enabled it (and this could happen at any time, not just during the initial build, where one might still remember to diff .config against .config.old). The minimal thing imo is some kind of warning then. Even better would be if the setting was left unchanged and the build would fail; a solution for randconfig would then still be needed of course. If we wanted to go this route, a tristate type for the values may be unavoidable, along the lines of what Jürgen has suggested. I wouldn't think of a global override though, but a distinction of the origin of each option's setting. This might be as simple as y vs Y for "positive" values and "# CONFIG_... is not set" present (for visible options) or absent (for options the user can't control) for "negative" ones. But yes, this would likely be an intrusive change _and_ it would not be clear how to transform existing .config-s, so is unlikely to be suitable for the immediate issue at hand. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.