[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] XSM in osstest, grub config, outstanding patch
- To: Ian Jackson <ian.jackson@xxxxxxxxxx>
- From: Doug Goldstein <cardoe@xxxxxxxxxx>
- Date: Fri, 1 Jun 2018 14:09:18 -0500
- Autocrypt: addr=cardoe@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEmwNgBCADDKsWn4Jm5zT1C0NmOEFkCtlkjM2iQ9Cbr5qHaZe4IHjI1pwQRztbW9Z/G b00B0Wixd78llqwlraE3aMKB8n4ArRMgUuM1QHRrVauflonIi6uGHlW2p0Bk9z/p3mRAm66m 73sjNGx54q8rTzy9YixzZhWUxe8MtkmCG6EtBCNBklfOTn7MDxD2YRM61X+u0PhqJ+8Ep6ty x05NohKRMZkUURMYbU/GpTZAMzEDv8NPamd/x8OQToP6nIHJGeoLvhQDDf8b+GbhBO2A56rw V5cHLmBFCsU5D1MfcyMdtFVrCWOG2yhc7eK3X5rPlbI8UGkBQ/iQTayDUT12Jzbi90fTABEB AAHNIkRvdWcgR29sZHN0ZWluIDxjYXJkb2VAY2FyZG9lLmNvbT7CwIAEEwEIACoCGwMFCwkI BwMFFQoJCAsFFgMCAQACHgECF4ACGQEFAlakMU4FCQ0CPnYACgkQbE5iBDHJmA1X4Af5Acvq FuPpJ0zqU5GjilLA6KiN/aQtBKYt5KISHEvZM3v5yzSpHdNBX6xcSlT8VRc7lPpYFRyhFe8B 8DaMV8F5Hb9Oof2pP41miTHyWiMv7pIkrho1Fj4tbSHq9+SH47/CAiGb2xhYg04s6WD32iDU Yx85C+zJJc6RqWuXhUnJ7OFWDnAv1Q5pH0iJzDLY8BGsT9VEx8QQ36XYqBNpPrgyxHm8OT1s H+pC0EhOkb0WWE+TFwo/ia5BkP91mpms2XiftMWuGALDjGJqiL3gGvFbMjTQ5IRmqghMFTCU /LOKVuTOtMKkamq6/Y2kFqTJSZwZkbgef+x6w2CSeb5lzSodlc7BTQRaG2QKARAA3tVEtfL0 VQNIPsB5/MC87gqorgkBwhq2HRoNFqn2bHYvfxAz88GKjvCT/pjUGQxzYfD00j4KGRoyZEpU UsGp5BwAwA0pS19KmnW/uTCMI3mRPxsNZoVHYViTylSaNrL4VnxX0a2UiLolQxkgIv5s3Y6b 7/kLupiXeqK9y4c7ctQqV/rSEWrpDb7J7RuiPp4FYCnSVWEgb8N1upU798ZSrNUAlUMNkyNo KYRVWP2n6TvpgaJDqBrXolSefYFVhqZ10iPoP45X+Bd3vb++641WJsHTQ1J39y7j25Seiwm/ gSLTYBqGgodcfmhV4jLGAageEfHTKqnrV9RlNAYeMnZxK/8Wtq9gJEXG43LgipAc946i96EY C+1CJ432BAnCo8su68FCP05+HHcz3Fmid4p4oSKsGsfWExX/CDl7nFB5ZD6noGoKyMQC3BpG pyp/7VJba5x+tuCRHKiEn4UgVIIhwU6u6DneF6H8+N7Jya5dieHENO1gCbfv3MT39d85PzvP GNY0xrx8tjqcvceC9fIBlrE+rluGNq91SWh82MaVZhYaMuJrvQEAU0y0uFwkjbGqfJGUKUay jBLje5Uxs49Aiku4nswJPMA9RkibfExj7IgRJ5ibHDKXXktVjvPRDS+C9riv6K8od3iRVFgg ejCxvZrLl6InSnzCgnCkS5GNwOcAEQEAAcLAfAQYAQgAJhYhBFO3ApyYdvZebquAPGxOYgQx yZgNBQJaG2QKAhsMBQkDwmcAAAoJEGxOYgQxyZgNz2wH/iCbJjzDZLRwNk8hINApbxiorsFX zahdZo8/9aDbSXz/cedD9vxkjbIgFR4CX79TkUH8tcA6i3D9c+IR7dApyA6gukBzjIAtQIDO c0Hh1aCorAODgmpz/0sgkWRu1TTrUp9RNGKUgWYtigF3pMIjG0IuaWz2LrgnbIY3spcXSIix 38j6HPHTx/d7LKcbyoSHJfyvPTBRHZ0hWmC52zoRP44oG2o1phs4uIj2F2nW4CmZQQeSoYmQ 2pvIgyLpqQrX7hVAgZFb6a1sso5HldsQTBxR7MUY+PiZ2d/63QqKKQC3h3DJ4BeNMhuB7ESP G0sFyeTdbb4dSxWLgoUu4Dj7Bkc=
- Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Fri, 01 Jun 2018 19:09:44 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
- Openpgp: preference=signencrypt
On 5/29/18 5:28 AM, Ian Jackson wrote:
> Doug Goldstein writes ("Re: [Xen-devel] XSM in osstest, grub config,
> outstanding patch"):
>> So I believe the path forward here was that we'd bake the "default" XSM
>> policy into Xen and the user could then override it by supplying one
>> with the current name.
>
> Can you explain why this is better than shipping the default policy
> file separately (via xen's dist/install/boot/) ?
>
> This is a genuine question - I'm not arguing for the current approach,
> but we should consider the merits. Normally, as a rule of thumb,
> baking configuration into things makes people's lives harder. In this
> case, for example, maybe it makes it hard to find the default policy
> to examine it, or harder to know what to call the replacement.
>
> Ian.
>
To me it seemed sane. It solves the question of where do user supplied
policies go (they go into the current name). It solves the issue with
users having to currently overwrite a distro package provided file (the
policy isn't marked as a config file in any distro currently). It would
solve the question you asked since the defaults would be baked in. In
effect we could have a build of Xen that supports XSM with a default
policy that mirrors the current DAC setup and it could functionally
behave the same.
The policy file isn't something that users can examine since its a
compiled thing. That way the default policy ships with the Xen tree and
we could have a separate repo with some other policies. That would make
it easier for users to understand how to create their own policies.
I'm more just throwing ideas out there so I'd be happy to hear better
suggestions.
--
Doug Goldstein
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|