[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [OSSTEST PATCH RFC v1 08/12] ts-xen-install: install Xen with XSM support if requested



Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 ts-xen-install |  106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 105 insertions(+), 1 deletion(-)

diff --git a/ts-xen-install b/ts-xen-install
index 4d34d1f..f71b5a8 100755
--- a/ts-xen-install
+++ b/ts-xen-install
@@ -46,6 +46,8 @@ if (@ARGV and $ARGV[0] eq '--check') {
 
 our $ho;
 
+my $enable_xsm = $r{enable_xsm} =~ m/y/ ? 1 : 0;
+
 my %distpath;
 
 sub packages () {
@@ -73,6 +75,15 @@ sub extract () {
                                   $r{"${part}buildjob"}, \%distpath);
     }
     target_cmd_root($ho, '/sbin/ldconfig');
+    if ($enable_xsm) {
+        my $flaskpolicy = target_cmd_output_root($ho,
+                    'find /boot -name \'xenpolicy-*\' -exec basename {} \;');
+       # there should only be one xenpolicy file for a clean install
+       my $c = () = $flaskpolicy =~ /xenpolicy/g;
+       die "Too many XSM policy files $c" if $c > 1;
+       die "XSM policy file is required" if $c == 0;
+       store_runvar("flaskpolicy", $flaskpolicy);
+    }
 }
 
 sub adjustconfig () {
@@ -133,6 +144,86 @@ sub adjustconfig () {
     setup_cxfabric($ho);
 }
 
+
+sub grub_patch () {
+    return << 'END';
+--- /etc/grub.d/20_linux_xen.orig      2014-09-22 11:39:09.120630051 +0100
++++ /etc/grub.d/20_linux_xen   2014-09-22 11:43:07.069802099 +0100
+@@ -63,10 +63,27 @@
+   recovery="$4"
+   args="$5"
+   xen_args="$6"
+-  if ${recovery} ; then
+-    title="$(gettext_quoted "%s, with Linux %s and XEN %s (recovery mode)")"
++  xsm="$7"
++  # If user want to enable XSM support, make sure there's corresponding
++  # policy file.
++  if ${xsm} ; then
++      xenpolicy=`echo xenpolicy-$xen_version`
++      if test ! -e "${xen_dirname}/${xenpolicy}" ; then
++          return
++      fi
++      xen_args=`echo $xen_args flask_enabled=1 flask_enforcing=1`
++      if ${recovery} ; then
++          title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux %s 
(recovery mode)")"
++      else
++          title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux 
%s")"
++      fi
+   else
+-    title="$(gettext_quoted "%s, with Linux %s and XEN %s")"
++      xenpolicy=""
++      if ${recovery} ; then
++        title="$(gettext_quoted "%s, with Linux %s and XEN %s (recovery 
mode)")"
++      else
++        title="$(gettext_quoted "%s, with Linux %s and XEN %s")"
++      fi
+   fi
+   printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}" 
"${xen_version}"
+   save_default_entry | sed -e "s/^/\t/"
+@@ -88,6 +105,13 @@
+       module  ${rel_dirname}/${initrd}
+ EOF
+   fi
++  if test -n "${xenpolicy}" ; then
++    message="$(gettext_printf "Loading XSM policy ...")"
++    cat << EOF
++      echo    '$message'
++      module  ${rel_dirname}/${xenpolicy}
++EOF
++  fi
+   cat << EOF
+ }
+ EOF
+@@ -98,7 +122,7 @@
+       version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
+         if grub_file_is_not_garbage "$i" && grep -qx 
'CONFIG_XEN_\(DOM0\|PRIVILEGED_GUEST\)=y' /boot/config-${version} 2> /dev/null 
; then echo -n "$i " ; fi
+       done`
+-xen_list=`for i in /boot/xen*; do
++xen_list=`for i in /boot/xen[-.]*; do
+         if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
+       done`
+ prepare_boot_cache=
+@@ -137,10 +161,14 @@
+       fi
+ 
+       linux_entry "${OS}" "${version}" "${xen_version}" false \
+-          "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 
"${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}"
++          "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 
"${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" false
++      linux_entry "${OS}" "${version}" "${xen_version}" false \
++          "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" 
"${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" true
+       if [ "x${GRUB_DISABLE_LINUX_RECOVERY}" != "xtrue" ]; then
+           linux_entry "${OS}" "${version}" "${xen_version}" true \
+-              "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}"
++              "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" false
++          linux_entry "${OS}" "${version}" "${xen_version}" true \
++              "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" true
+       fi
+ 
+       list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
+
+END
+}
+
 sub setupboot () {
     my $xenhopt= "conswitch=x watchdog";
 
@@ -170,8 +261,21 @@ sub setupboot () {
         };
     }
 
+    if ($enable_xsm) {
+       die if !defined($r{flaskpolicy});
+       target_putfilecontents_root_stash($ho, 10, grub_patch(), "grub.patch");
+       target_cmd_root($ho, << 'END');
+if ! grep -q -- xenpolicy /etc/grub.d/20_linux_xen ; then
+  patch -p0 /etc/grub.d/20_linux_xen  < grub.patch
+else
+  echo 'Grub script already supports XSM, not patching'
+  exit 1
+fi
+END
+    }
+
     my $want_kernver = get_runvar('kernel_ver',$r{'kernbuildjob'});
-    debian_boot_setup($ho, $want_kernver, $xenhopt, \%distpath, \@hooks);
+    debian_boot_setup($ho, $want_kernver, $enable_xsm, $xenhopt, \%distpath, 
\@hooks);
 
     logm("ready to boot Xen");
 }
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.