From: Wei Liu <wei.liu2@citrix.com>
To: Doug Goldstein <cardoe@cardoe.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Ian Campbell <ian.campbell@citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
xen-devel@lists.xen.org, Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: [PATCH] tools: make flask utils build unconditional
Date: Tue, 12 Jan 2016 16:09:49 +0000 [thread overview]
Message-ID: <20160112160949.GA8796@citrix.com> (raw)
In-Reply-To: <5693E20B.4010807@cardoe.com>
On Mon, Jan 11, 2016 at 11:10:35AM -0600, Doug Goldstein wrote:
> On 1/11/16 9:19 AM, Wei Liu wrote:
> > On Fri, Jan 08, 2016 at 12:49:07PM -0600, Doug Goldstein wrote:
> > [...]
> >> Ok so I'm at a loss what steps I need to take. I've submitted patches to
> >> put the config in /boot so that this check can be made but there's a
> >> disagreement if that's even necessary or not.
> >>
> >
> > That's a bit unfortunate. :-(
> >
> > But if I'm not mistaken that's orthogonal to this problem, right? That's
> > one more step down the road regarding grub integration.
> >
> >> Do I need to supply a patch to make --disable-xsmpolicy the default so
> >> that this change doesn't generate the policy by default? The point of
> >> this patch is to compile the necessarily bits always which will help
> >> shake out bugs earlier. If we don't want the policy file to be installed
> >> then we should use the proper setting for that and not the fact that the
> >> utility isn't being compiled.
> >>
> >
> > I think one solution would be to modify flask/Makefile to guard policy
> > compilation against (FLASK_ENABLE && FLASK_POLICY).
> >
> > What do you think? Admittedly I haven't followed closely all the KConfig
> > work so I might be talking nonsense.
> >
> > Ian and Ian?
> >
> > Wei.
>
> Wei (and Ian and Ian and Daniel),
>
> There's already a guard against compiling the policy in the tools/
> directory's configure script called --{enable,disable}-xsmpolicy What I
> could do is disable it by default because it is currently enabled by
> default.
>
> I honestly think that would be an improvement because we would compile
> all the source code (causing us to shake bugs out earlier) but only
> generate the policy when the user explicitly requests it. Right now the
> policy is made whenever the utilities are compiled.
>
> Let me know if that sounds appealing to you.
>
Fine by me.
I don't really have a strong opinion at this point. My original concern
that the installed xenpolicy file interferes with grub was based on the
assumption that we only had version numbers as indicator to match
hypervisor binary and xenpolicy file. But now since I think there is
better way to generate grub entry I don't think my objection based on
the (bad) assumption to this patch is relevant anymore.
Wei.
> Thanks.
> --
> Doug Goldstein
>
next prev parent reply other threads:[~2016-01-12 16:09 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 4:46 [PATCH] tools: make flask utils build unconditional Doug Goldstein
2015-12-22 11:51 ` Andrew Cooper
2015-12-22 21:26 ` [PATCH 1/2] xen: convert FLASK_ENABLE to Kconfig Doug Goldstein
2015-12-22 21:26 ` [PATCH 2/2] xen: convert XSM_ENABLE " Doug Goldstein
2015-12-22 21:37 ` Andrew Cooper
2016-01-04 20:01 ` Daniel De Graaf
2016-01-04 20:33 ` Doug Goldstein
2016-01-04 20:47 ` Daniel De Graaf
2016-01-05 3:06 ` [PATCH v2 " Doug Goldstein
2016-01-11 11:44 ` Ian Jackson
2016-01-04 20:01 ` [PATCH 1/2] xen: convert FLASK_ENABLE " Daniel De Graaf
2016-01-04 12:28 ` [PATCH] tools: make flask utils build unconditional Wei Liu
2016-01-04 14:14 ` Doug Goldstein
2016-01-04 14:26 ` Wei Liu
2016-01-05 14:37 ` Ian Campbell
2016-01-05 15:36 ` Ian Campbell
2016-01-05 16:13 ` Wei Liu
2016-01-05 16:24 ` Ian Campbell
2016-01-05 16:42 ` Wei Liu
2016-01-08 18:49 ` Doug Goldstein
2016-01-11 15:19 ` Wei Liu
2016-01-11 17:10 ` Doug Goldstein
2016-01-12 16:09 ` Wei Liu [this message]
2016-01-05 16:34 ` Doug Goldstein
2016-01-05 16:41 ` Ian Campbell
-- strict thread matches above, loose matches on Subject: below --
2016-01-15 17:39 [PATCH] tools: make FLASK " Doug Goldstein
2016-01-15 19:48 ` Andrew Cooper
2016-01-18 12:10 ` Ian Campbell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160112160949.GA8796@citrix.com \
--to=wei.liu2@citrix.com \
--cc=cardoe@cardoe.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=ian.campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).