Xen project Mailing List

[Xen-devel] [OSSTEST PATCH RFC v1 08/12] ts-xen-install: install Xen with XSM support if requested

Date: Mon, 22 Sep 2014 15:11:57 +0100

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, dgdegra@xxxxxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, ian.campbell@xxxxxxxxxx

Delivery-date: Mon, 22 Sep 2014 14:13:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- ts-xen-install | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 105 insertions(+), 1 deletion(-) diff --git a/ts-xen-install b/ts-xen-install index 4d34d1f..f71b5a8 100755 --- a/ts-xen-install +++ b/ts-xen-install @@ -46,6 +46,8 @@ if (@ARGV and $ARGV[0] eq '--check') { our $ho; +my $enable_xsm = $r{enable_xsm} =~ m/y/ ? 1 : 0; + my %distpath; sub packages () { @@ -73,6 +75,15 @@ sub extract () { $r{"${part}buildjob"}, \%distpath); } target_cmd_root($ho, '/sbin/ldconfig'); + if ($enable_xsm) { + my $flaskpolicy = target_cmd_output_root($ho, + 'find /boot -name \'xenpolicy-*\' -exec basename {} \;'); + # there should only be one xenpolicy file for a clean install + my $c = () = $flaskpolicy =~ /xenpolicy/g; + die "Too many XSM policy files $c" if $c > 1; + die "XSM policy file is required" if $c == 0; + store_runvar("flaskpolicy", $flaskpolicy); + } } sub adjustconfig () { @@ -133,6 +144,86 @@ sub adjustconfig () { setup_cxfabric($ho); } + +sub grub_patch () { + return << 'END'; +--- /etc/grub.d/20_linux_xen.orig 2014-09-22 11:39:09.120630051 +0100 ++++ /etc/grub.d/20_linux_xen 2014-09-22 11:43:07.069802099 +0100 +@@ -63,10 +63,27 @@ + recovery="$4" + args="$5" + xen_args="$6" +- if ${recovery} ; then +- title="$(gettext_quoted "%s, with Linux %s and XEN %s (recovery mode)")" ++ xsm="$7" ++ # If user want to enable XSM support, make sure there's corresponding ++ # policy file. ++ if ${xsm} ; then ++ xenpolicy=`echo xenpolicy-$xen_version` ++ if test ! -e "${xen_dirname}/${xenpolicy}" ; then ++ return ++ fi ++ xen_args=`echo $xen_args flask_enabled=1 flask_enforcing=1` ++ if ${recovery} ; then ++ title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux %s (recovery mode)")" ++ else ++ title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux %s")" ++ fi + else +- title="$(gettext_quoted "%s, with Linux %s and XEN %s")" ++ xenpolicy="" ++ if ${recovery} ; then ++ title="$(gettext_quoted "%s, with Linux %s and XEN %s (recovery mode)")" ++ else ++ title="$(gettext_quoted "%s, with Linux %s and XEN %s")" ++ fi + fi + printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}" "${xen_version}" + save_default_entry | sed -e "s/^/\t/" +@@ -88,6 +105,13 @@ + module ${rel_dirname}/${initrd} + EOF + fi ++ if test -n "${xenpolicy}" ; then ++ message="$(gettext_printf "Loading XSM policy ...")" ++ cat << EOF ++ echo '$message' ++ module ${rel_dirname}/${xenpolicy} ++EOF ++ fi + cat << EOF + } + EOF +@@ -98,7 +122,7 @@ + version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") + if grub_file_is_not_garbage "$i" && grep -qx 'CONFIG_XEN_$DOM0\|PRIVILEGED_GUEST$=y' /boot/config-${version} 2> /dev/null ; then echo -n "$i " ; fi + done` +-xen_list=`for i in /boot/xen*; do ++xen_list=`for i in /boot/xen[-.]*; do + if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi + done` + prepare_boot_cache= +@@ -137,10 +161,14 @@ + fi + + linux_entry "${OS}" "${version}" "${xen_version}" false \ +- "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" false ++ linux_entry "${OS}" "${version}" "${xen_version}" false \ ++ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" true + if [ "x${GRUB_DISABLE_LINUX_RECOVERY}" != "xtrue" ]; then + linux_entry "${OS}" "${version}" "${xen_version}" true \ +- "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" ++ "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" false ++ linux_entry "${OS}" "${version}" "${xen_version}" true \ ++ "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" true + fi + + list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '` + +END +} + sub setupboot () { my $xenhopt= "conswitch=x watchdog"; @@ -170,8 +261,21 @@ sub setupboot () { }; } + if ($enable_xsm) { + die if !defined($r{flaskpolicy}); + target_putfilecontents_root_stash($ho, 10, grub_patch(), "grub.patch"); + target_cmd_root($ho, << 'END'); +if ! grep -q -- xenpolicy /etc/grub.d/20_linux_xen ; then + patch -p0 /etc/grub.d/20_linux_xen < grub.patch +else + echo 'Grub script already supports XSM, not patching' + exit 1 +fi +END + } + my $want_kernver = get_runvar('kernel_ver',$r{'kernbuildjob'}); - debian_boot_setup($ho, $want_kernver, $xenhopt, \%distpath, \@hooks); + debian_boot_setup($ho, $want_kernver, $enable_xsm, $xenhopt, \%distpath, \@hooks); logm("ready to boot Xen"); } -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.