[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 16 Jul 2021 16:34:52 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PC4/g82qjNa6VHU70QgmGjWcjvrOrEWRA0MIlTH9s10=; b=PJcZVYNLDk5dBPQFTcsUcuapPkJPKBiEesCd5RANLM6CdFVR4JdNWa6Bu1KyPi30I70XPIZhgPnEes2X8s+hmLIO2joxxjfBdzyPAhFVRCRquOj1TDd+IenL3eIXNUGL/VQETU5tLL5y6AX4EA+aR2uWp7HRrekB/PBdLXZtzNgFfJp3Lwin17RPr4KweeMeSEMWRGHCeiAyqejpJk6Q/hMSpg/xPhzxHNbjw3676VZge3ydlrXBx74pRMWN/qw5bGW4vFvJMXBjnoWv+vzqAgLBUhEsSKS/F2hDztb8gqQre9MsWHTxyUxVsXCtcmmhobBNptFlfYpX6TksuyBZag==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zao8d8x1kLfbZdc+vWHR0vXNX3exD7s8rdhz1r1w0/GUkianjeKpK+ME843uhi7MibY4xXrZ9AAFanZtGme90Bgp4k9i/OxDk3AZyLpZM7DNlYwc3NntDEgrxwNC2YtVyhZC1g/b3IU0crG7AnQ+NLHCeHdyw4AQEB5s8gM72sUoHU30hUVRtRxEvKsglyQeYOKHU7qPOiYat0nGfe47kn8nZLTvEeYOzxN4uPSLHJmLrELPKcbuYKIx148k3/JV9SgADD83IU3lCp80QtRKta+HO806c3umVjFkeFXoZ+6CW4Vh5zR6c08Cc2gnA9nG58ZLHtMkmkG7L7C85XafRw==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
  • Cc: George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • Delivery-date: Fri, 16 Jul 2021 14:35:02 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.07.2021 15:15, Andrew Cooper wrote:
> On 15/07/2021 07:25, Jan Beulich wrote:
>> On 14.07.2021 18:17, Anthony PERARD wrote:
>>> --- a/xen/common/Kconfig
>>> +++ b/xen/common/Kconfig
>>> @@ -25,6 +25,9 @@ config GRANT_TABLE
>>>  config HAS_ALTERNATIVE
>>>     bool
>>>  
>>> +config HAS_CHECKPOLICY
>>> +   def_bool $(success,$(CHECKPOLICY) -h 2>&1 | grep -q xen)
>>> +
>> This is no different from other aspects of "Kconfig vs tool chain
>> capabilities" sent out last August to start a discussion about
>> whether we really want such. Besides Jürgen no-one cared to reply
>> iirc, which to me means no-one really cares one way or the other.
> 
> You know full well that upgrading Kconfig was specifically to be able to
> use this functionality, and you know full well that I firmly support
> using this mechanism, because we've had both of these arguments several
> times before.
> 
> The absence of replies doesn't mean people agree with you, or even that
> they don't care.  It either means people didn't read the email, or
> didn't have time to reply, or didn't feel like wasting time rehashing
> the same arguments yet again with no hope for progress.
> 
> 
> If you really insist on refusing to features specifically intended for
> the improvement of our build processes, then call a vote so we can be
> done with the argument for once and for all.

I'm sorry Andrew, but this is not a way to discuss controversial items.
Back at the time you were pointing me at a discussion at a summit that
I didn't recall and hence presumably didn't attend for whatever reason.
Whatever may have been the result of such a discussion imo _has_ to be
under the precondition that no other contrary arguments arise. I do not
recall there having been spelled out up front this specific purpose of
upgrading kconfig, and even if it was spelled out, the ramifications
may not have become clear until the actual first uses were proposed.
It has to be possible to change views at such a point even for people
who did signal agreement earlier on. Not to speak of unaware ones.

Further iirc it was you who told me to start a mail thread about the
issue. Which I did. And now you say "... didn't feel like wasting time
rehashing the same arguments yet again with no hope for progress"? Can
you please point me to a place where those "same arguments" are put
down in writing, including reasons why they were either turned down or
considered of less relevance?

I can't help the feeling that when our opinions don't match you try to
silence me by whatever means you find suitable - ignoring my input,
claiming my earlier agreement, denying me any influence, etc. I'm
afraid I have to say that I don't think this is a way to run a
community project. The only two ways to get past my objections (or
really just reservations here) are to either convince me (which you
don't appear to be willing to) or to outvote me (which you haven't
tried at all so far if I'm not mistaken).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.