[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] fix broken ACM

xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 06/23/2005 11:22:04 AM:

> On 6/24/05, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> > 
> > On 23 Jun 2005, at 15:57, Stefan Berger wrote:
> > 
> > >> ok, i see the point. the problem is because i moved some codes
> > >> (acm_init() and acm_init_binary_policy()) to acm_hooks.h. now it 
seems
> > >> better to move them back. but it is weird that i got no problem 
with
> > >> gcc 3.3.5
> > >>
> > >> could you please try again with the new patch below?
> > >
> > > I tried it with your attached patch. There was an unused function 
when
> > > trying out the NULL policy. The attached patch on top of yours and
> > > things
> > > compile fine.
> > 
> > I'm still confused what these patches are aiming to fix. If we are
> > building 'NULL' security policy then all the hooks should compile away
> > to nothing and acm core files do not get built. So why do they need
> > patching with ifdef's conditional on whether or not the policy is
> > 'NULL'?
> > 
> > Currently, if you re-enable building of acm/ directory in the Xen root
> > Makefile, yet the ACM_USE_SECURITY_POLICY is NULL_POLICY, the build
> > will certainly fail. But I don;t see why we would want to support 
that.
> > :-)
> 
> Keir, certainly i understand your point. but this patch doesnt harm, 
anyway ;-)
> 
> one annoying problem at the moment is that if we want to compile ACM
> in, we should modify the value of ACM_USE_SECURITY_POLICY, since the
> current default value is ACM_NULL_POLICY( which is meaningless as Keir
> pointed out )

We have a choice of compiling in a NULL policy on two levels now:

Do not define ACM_USE_SECURITY_POLICY on makefile level to not compile any 
policy code in the xen/acm directory and effectlively have a NULL policy.

If ACM_USE_SECURITY_POLICY is defined on the makefile level and 
ACM_NULL_POLICY is the default as the policy to compile (see the choice in 
xen/include/public/acm.h), we also get a NULL policy. The inline calls 
that are compiled into the code will all be removed since they default to 
'return 0'. - so no hooks there and no overhead.

Is it a problem to have that 2nd level choice of a NULL policy?

  Stefan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.