From mboxrd@z Thu Jan  1 00:00:00 1970
From: Doug Goldstein <cardoe@cardoe.com>
Subject: Re: [PATCH] tools: make flask utils build unconditional
Date: Mon, 11 Jan 2016 11:10:35 -0600
Message-ID: <5693E20B.4010807@cardoe.com>
References: <1450759603-24249-1-git-send-email-cardoe@cardoe.com>
	<20160104122805.GG9423@citrix.com> <568A7E3F.9020108@cardoe.com>
	<20160104142638.GA12639@citrix.com>
	<1452004651.13361.289.camel@citrix.com>
	<1452008181.13361.328.camel@citrix.com>
	<20160105161328.GD27789@citrix.com>
	<1452011059.13361.363.camel@citrix.com>
	<20160105164213.GE27789@citrix.com>
	<569004A3.1080705@cardoe.com> <20160111151933.GT26419@citrix.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0820267621780995953=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <20160111151933.GT26419@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Wei Liu <wei.liu2@citrix.com>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>, xen-devel@lists.xen.org, Ian Jackson <ian.jackson@eu.citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0820267621780995953==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="OMvcKj7Ljr5kIhUBlG1RXm057VSnPibTO"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OMvcKj7Ljr5kIhUBlG1RXm057VSnPibTO
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 1/11/16 9:19 AM, Wei Liu wrote:
> On Fri, Jan 08, 2016 at 12:49:07PM -0600, Doug Goldstein wrote:
> [...]
>> Ok so I'm at a loss what steps I need to take. I've submitted patches =
to
>> put the config in /boot so that this check can be made but there's a
>> disagreement if that's even necessary or not.
>>
>=20
> That's a bit unfortunate. :-(
>=20
> But if I'm not mistaken that's orthogonal to this problem, right? That'=
s
> one more step down the road regarding grub integration.
>=20
>> Do I need to supply a patch to make --disable-xsmpolicy the default so=

>> that this change doesn't generate the policy by default? The point of
>> this patch is to compile the necessarily bits always which will help
>> shake out bugs earlier. If we don't want the policy file to be install=
ed
>> then we should use the proper setting for that and not the fact that t=
he
>> utility isn't being compiled.
>>
>=20
> I think one solution would be to modify flask/Makefile to guard policy
> compilation against (FLASK_ENABLE && FLASK_POLICY).
>=20
> What do you think? Admittedly I haven't followed closely all the KConfi=
g
> work so I might be talking nonsense.
>=20
> Ian and Ian?
>=20
> Wei.

Wei (and Ian and Ian and Daniel),

There's already a guard against compiling the policy in the tools/
directory's configure script called --{enable,disable}-xsmpolicy What I
could do is disable it by default because it is currently enabled by
default.

I honestly think that would be an improvement because we would compile
all the source code (causing us to shake bugs out earlier) but only
generate the policy when the user explicitly requests it. Right now the
policy is made whenever the utilities are compiled.

Let me know if that sounds appealing to you.

Thanks.
--=20
Doug Goldstein


--OMvcKj7Ljr5kIhUBlG1RXm057VSnPibTO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWk+ILXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNTM5MEQ2RTNFMTkyNzlCNzVDMzIwOTVB
MkJDMDNEQzg3RUQxQkQ0AAoJEKK8A9yH7RvUKUUP/iQIdM+KY6a+yzSWnAkhNGUO
etnSg2Ih+mi94h4xymnR+mxar2zpNHSM1OcnWN/AVmCL8NOM59dTqijEhleCyEkJ
O8rboMM6MBQDYzWs/RSZaQ09jpyai4OPtWKlV2RMSa+VsIF6iKDkdjOqFZcDuRhI
1sgx215vgusT/tNG2g0NQMZroFuS9HUkLH+l/xEedsHJTnXj1KY4CwU0S7crmV96
E5LiI6lbeAUP3b9FPKOkA3R74OyeJ+JZagtYlrnub68FeLIx3vCdgJSCda+nCsBj
LPmb7sE5aXRsPNcSgPNShY4kKM5FSaWm7Z31L0FRzTCuLF2T9wBqFoarb8MlCfiC
gOI+BJ7RksQj0HYR5fERDHLdYiZyZx7GTtnjDAaIh23MJi6yQqC3P6yLbPE6EuL0
rga1vcbcflmGaUJ7e5qCDipDzr773iDU9f9GtMm01vwWKApPpZkL/So1Q4jRLuLx
f3rkU56Gko9lyhDmrlZvoWXkrKZM0v9eLT5th4cezTreoFg6JvM1chAygODZisv2
KJd7xuNVEd9plCbCO4UArIIhS2XGR58F4btCEVzRCOtRW/sw9MlVC9AIQuq2TbKd
lIOuS4XE7Uyh/Fb/j0pTsBaaVIStvVeD2iMBBWoLuLsFEk+Dpd/uQcRZqqZnwp2f
1k5NXNkU+KVrKHf4+W2A
=Eozg
-----END PGP SIGNATURE-----

--OMvcKj7Ljr5kIhUBlG1RXm057VSnPibTO--


--===============0820267621780995953==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============0820267621780995953==--