* [PATCH OSSTEST] Debian: Support runvar to set flask mode
@ 2015-12-14 17:23 Ian Campbell
2015-12-14 18:58 ` Ian Jackson
0 siblings, 1 reply; 4+ messages in thread
From: Ian Campbell @ 2015-12-14 17:23 UTC (permalink / raw)
To: ian.jackson, xen-devel; +Cc: Ian Campbell
Currently it is hardcoding to enforcing but it might be useful to run with e.g.
permissive or even disabled (aka dummy mode)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
---
Osstest/Debian.pm | 10 ++++++++--
overlay/etc/grub.d/20_linux_xen | 4 +++-
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index 76171c0..52b8ebc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -201,8 +201,9 @@ sub setupboot_uboot ($$$$) {
my $set_flask_addr_r =
$flask_policy_addr_r ?
"setenv flask_policy_addr_r $flask_policy_addr_r" : "";
+ my $flaskmode = target_var($ho, 'flaskmode')//'enforcing';
- $xenhopt .= " flask=enforcing";
+ $xenhopt .= " flask=${flaskmode}";
$flask_commands = <<END;
${set_flask_addr_r}
@@ -604,7 +605,9 @@ END
$v =~ s/^\s*([\'\"])(.*)\1\s*$/$2/;
$k{$k}= $v;
}
- next if m/^GRUB_CMDLINE_(?:XEN|LINUX(?:_XEN_REPLACE)?(?:_DEFAULT)?).*\=|^GRUB_DEFAULT.*\=/;
+ next if m/^GRUB_CMDLINE_(?:XEN|LINUX(?:_XEN_REPLACE)?(?:_DEFAULT)?).*\=/;
+ next if m/^GRUB_DEFAULT.*\=/;
+ next if m/^export GRUB_XEN_FLASK_MODE\=/;
print ::EO;
}
print ::EO <<END or die $!;
@@ -632,6 +635,9 @@ END
$rk =~ s/LINUX/LINUX_XEN_REPLACE/;
print ::EO "$rk=\"$v\"\n" or die $!;
}
+
+ my $flaskmode = target_var($ho, 'flaskmode')//'enforcing';
+ print ::EO "export GRUB_XEN_FLASK_MODE=${flaskmode}\n";
});
};
diff --git a/overlay/etc/grub.d/20_linux_xen b/overlay/etc/grub.d/20_linux_xen
index aaead1b..5780cf3 100755
--- a/overlay/etc/grub.d/20_linux_xen
+++ b/overlay/etc/grub.d/20_linux_xen
@@ -93,7 +93,9 @@ linux_entry ()
if test ! -e "${xen_dirname}/${xenpolicy}" ; then
return
fi
- xen_args=`echo $xen_args flask=enforcing`
+ if test -n "${GRUB_XEN_FLASK_MODE}" ; then
+ xen_args=`echo $xen_args flask=${GRUB_XEN_FLASK_MODE}`
+ fi
if ${recovery} ; then
title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux %s (recovery mode)")"
else
--
2.6.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH OSSTEST] Debian: Support runvar to set flask mode
2015-12-14 17:23 [PATCH OSSTEST] Debian: Support runvar to set flask mode Ian Campbell
@ 2015-12-14 18:58 ` Ian Jackson
2015-12-15 9:19 ` Ian Campbell
0 siblings, 1 reply; 4+ messages in thread
From: Ian Jackson @ 2015-12-14 18:58 UTC (permalink / raw)
To: Ian Campbell; +Cc: xen-devel
Ian Campbell writes ("[PATCH OSSTEST] Debian: Support runvar to set flask mode"):
> Currently it is hardcoding to enforcing but it might be useful to
> run with e.g. permissive or even disabled (aka dummy mode)
...
> --- a/overlay/etc/grub.d/20_linux_xen
> +++ b/overlay/etc/grub.d/20_linux_xen
> @@ -93,7 +93,9 @@ linux_entry ()
> if test ! -e "${xen_dirname}/${xenpolicy}" ; then
> return
> fi
> - xen_args=`echo $xen_args flask=enforcing`
> + if test -n "${GRUB_XEN_FLASK_MODE}" ; then
> + xen_args=`echo $xen_args flask=${GRUB_XEN_FLASK_MODE}`
> + fi
I thought we were hoping to eventually do away with our copy of this
file. Has this change gone upstream ?
Ian.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH OSSTEST] Debian: Support runvar to set flask mode
2015-12-14 18:58 ` Ian Jackson
@ 2015-12-15 9:19 ` Ian Campbell
2016-01-04 16:41 ` Ian Jackson
0 siblings, 1 reply; 4+ messages in thread
From: Ian Campbell @ 2015-12-15 9:19 UTC (permalink / raw)
To: Ian Jackson; +Cc: xen-devel
On Mon, 2015-12-14 at 18:58 +0000, Ian Jackson wrote:
> Ian Campbell writes ("[PATCH OSSTEST] Debian: Support runvar to set flask
> mode"):
> > Currently it is hardcoding to enforcing but it might be useful to
> > run with e.g. permissive or even disabled (aka dummy mode)
> ...
> > --- a/overlay/etc/grub.d/20_linux_xen
> > +++ b/overlay/etc/grub.d/20_linux_xen
> > @@ -93,7 +93,9 @@ linux_entry ()
> > if test ! -e "${xen_dirname}/${xenpolicy}" ; then
> > return
> > fi
> > - xen_args=`echo $xen_args flask=enforcing`
> > + if test -n "${GRUB_XEN_FLASK_MODE}" ; then
> > + xen_args=`echo $xen_args flask=${GRUB_XEN_FLASK_MODE}`
> > + fi
>
> I thought we were hoping to eventually do away with our copy of this
> file. Has this change gone upstream ?
Sadly there has not been a peep from the maintainers on http://savannah.gnu
.org/bugs/?43420
Perhaps we should also send the patch to the upstream ML?
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH OSSTEST] Debian: Support runvar to set flask mode
2015-12-15 9:19 ` Ian Campbell
@ 2016-01-04 16:41 ` Ian Jackson
0 siblings, 0 replies; 4+ messages in thread
From: Ian Jackson @ 2016-01-04 16:41 UTC (permalink / raw)
To: Ian Campbell; +Cc: xen-devel
Ian Campbell writes ("Re: [PATCH OSSTEST] Debian: Support runvar to set flask mode"):
> On Mon, 2015-12-14 at 18:58 +0000, Ian Jackson wrote:
> > I thought we were hoping to eventually do away with our copy of this
> > file. Has this change gone upstream ?
>
> Sadly there has not been a peep from the maintainers on http://savannah.gnu
> .org/bugs/?43420
>
> Perhaps we should also send the patch to the upstream ML?
That would perhaps help but TBH I am content if there is a bug in the
upstream bug tracker.
Ian.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-01-04 16:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-14 17:23 [PATCH OSSTEST] Debian: Support runvar to set flask mode Ian Campbell
2015-12-14 18:58 ` Ian Jackson
2015-12-15 9:19 ` Ian Campbell
2016-01-04 16:41 ` Ian Jackson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.