[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Date: Fri, 16 Jul 2021 13:36:57 +0100
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 16 Jul 2021 12:37:21 +0000
  • Ironport-hdrordr: A9a23:3WhGWaFLj1LDTNKOpLqELMeALOsnbusQ8zAXPiBKJCC9E/bo8v xG+c5w6faaslkssR0b9+xoW5PwI080l6QU3WB5B97LMDUO0FHCEGgI1/qA/9SPIUzDHu4279 YbT0B9YueAcGSTW6zBkXWF+9VL+qj5zEix792uq0uE1WtRGtldBwESMHf9LmRGADNoKLAeD5 Sm6s9Ot1ObCA8qhpTSPAhiYwDbzee77a7bXQ==
  • Ironport-sdr: QwcBnXXBY8wO2zbLFvcaOJFNqoN9N7neiqK3VvEBXQ1WRjK9piskC/0UbO0SouvEDGe1SzqANv rcqHti11lryfxAt7lOj6EAfWgMEJOW8hOMQBc0pRP+R4dmJ/iTQ9JUkUg7kkcAW4vBou00q1dr ieDP8JpVzTPqKOZJZonJdb76F4KuXJyvA4U55R6uXJ4WeBwmdAgQ0BCTXPdIsWjF0YbE/G5mF+ rh08MHa+Tp5O29d+bvlOU8sbeZDTj7dyhQVnvr57Bjtj5gzxxTOz0di6NXW3U7Tadhsg8BJGwt xd8=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, Jul 15, 2021 at 08:25:31AM +0200, Jan Beulich wrote:
> On 14.07.2021 18:17, Anthony PERARD wrote:
> > --- a/xen/common/Kconfig
> > +++ b/xen/common/Kconfig
> > @@ -25,6 +25,9 @@ config GRANT_TABLE
> >  config HAS_ALTERNATIVE
> >     bool
> >  
> > +config HAS_CHECKPOLICY
> > +   def_bool $(success,$(CHECKPOLICY) -h 2>&1 | grep -q xen)
> > +
> 
> This is no different from other aspects of "Kconfig vs tool chain
> capabilities" sent out last August to start a discussion about
> whether we really want such. Besides Jürgen no-one cared to reply
> iirc, which to me means no-one really cares one way or the other.
> Which I didn't think was the case ... So here we are again, with
> all the same questions still open.

It's true, I don't really care either way. But with maybe a slight
preference for testing the environment every time `make` is run. But
there weren't really a precedent for testing in Makefile and using the
result in Kconfig (or I don't think there is).

> I'm not going to nack the patch, because there's an immediate
> purpose / need, but I also can't avoid commenting (and I won't
> put my name on it in any positive way, i.e. also not as a
> committer; if anything then to record my reservations).

I've prepared an update which test in Makefile, which I hope you'll like
better.

Thanks,

-- 
Anthony PERARD

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.