[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH OSSTEST] Debian: Support runvar to set flask mode

To: <ian.jackson@xxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>
From: Ian Campbell <ian.campbell@xxxxxxxxxx>
Date: Mon, 14 Dec 2015 17:23:10 +0000
Cc: Ian Campbell <ian.campbell@xxxxxxxxxx>
Delivery-date: Mon, 14 Dec 2015 17:24:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Currently it is hardcoding to enforcing but it might be useful to run with e.g.
permissive or even disabled (aka dummy mode)

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
 Osstest/Debian.pm               | 10 ++++++++--
 overlay/etc/grub.d/20_linux_xen |  4 +++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index 76171c0..52b8ebc 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -201,8 +201,9 @@ sub setupboot_uboot ($$$$) {
            my $set_flask_addr_r =
                $flask_policy_addr_r ?
                "setenv flask_policy_addr_r $flask_policy_addr_r" : "";
+            my $flaskmode = target_var($ho, 'flaskmode')//'enforcing';
 
-           $xenhopt .= " flask=enforcing";
+           $xenhopt .= " flask=${flaskmode}";
            $flask_commands = <<END;
 
 ${set_flask_addr_r}
@@ -604,7 +605,9 @@ END
                     $v =~ s/^\s*([\'\"])(.*)\1\s*$/$2/;
                     $k{$k}= $v;
                 }
-                next if 
m/^GRUB_CMDLINE_(?:XEN|LINUX(?:_XEN_REPLACE)?(?:_DEFAULT)?).*\=|^GRUB_DEFAULT.*\=/;
+                next if 
m/^GRUB_CMDLINE_(?:XEN|LINUX(?:_XEN_REPLACE)?(?:_DEFAULT)?).*\=/;
+                next if m/^GRUB_DEFAULT.*\=/;
+                next if m/^export GRUB_XEN_FLASK_MODE\=/;
                 print ::EO;
             }
             print ::EO <<END or die $!;
@@ -632,6 +635,9 @@ END
                 $rk =~ s/LINUX/LINUX_XEN_REPLACE/;
                 print ::EO "$rk=\"$v\"\n" or die $!;
            }
+
+           my $flaskmode = target_var($ho, 'flaskmode')//'enforcing';
+           print ::EO "export GRUB_XEN_FLASK_MODE=${flaskmode}\n";
         });
     };
 
diff --git a/overlay/etc/grub.d/20_linux_xen b/overlay/etc/grub.d/20_linux_xen
index aaead1b..5780cf3 100755
--- a/overlay/etc/grub.d/20_linux_xen
+++ b/overlay/etc/grub.d/20_linux_xen
@@ -93,7 +93,9 @@ linux_entry ()
       if test ! -e "${xen_dirname}/${xenpolicy}" ; then
          return
       fi
-      xen_args=`echo $xen_args flask=enforcing`
+      if test -n "${GRUB_XEN_FLASK_MODE}" ; then
+          xen_args=`echo $xen_args flask=${GRUB_XEN_FLASK_MODE}`
+      fi
       if ${recovery} ; then
          title="$(gettext_quoted "%s, with Xen %s (XSM enabled) and Linux %s 
(recovery mode)")"
       else
-- 
2.6.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH OSSTEST] Debian: Support runvar to set flask mode
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH] x86/time: Don't use EFI's GetTime call by default
Next by Date: [Xen-devel] [PATCH] xen: building with perfc=y was broken
Previous by thread: [Xen-devel] blkback name greater than 16 characters issue
Next by thread: Re: [Xen-devel] [PATCH OSSTEST] Debian: Support runvar to set flask mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.