[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available
- To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Mon, 19 Jul 2021 09:10:42 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ZA7WXWbDJuoWjc5G8umeqqz7ySAoacDJDJkAK5Gn+I=; b=NG86/B3AqBiP/kfUkwbZ3md1+B6VaAIMfVQt6WCl2H3RO8ey7K0QW6FJRvbeVvkPdCG8NQ1w9yPwtsiPW6KG4YOAs4FGuqPaHEWNFz3ZfqzLvL8L13W8YUcElOmZUgaDXVnXA6xIXDV30uwP97fDhuX3j9l+Kfid0vav9YSM58vg7RbllkayffA/+obKvpQh5m/953MdX0E9VWfGe+fAaVpilVDQhcqTvWlm7WTOa0iyNV+kqE4/PrHC6scZVKB/L7rNoemPSuPae8AaiLsZiscoVRqfosRUDyKf4BXwjLFPSHVhhep96LFMbDpKhgX9hmEFlXafM2duyJqtaqmg+w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pmo/KAMkpML4PzgJAp3DtczsfbUipto+9Irksis3Bpgm+A2DOL4/LPUpwHTOP70W29O6qmxJOiE+otiz2jMqBx3Eaphn34+7/jS7EngHFRfCqKO/pgr2pO0W+B8f41nc6dnrzUZiNS5kF45rmJtC+/Dc4suOcxZ3Op5V6XutZCmilk5MjZniD5LY/9kVC2wCcXYqDIkhE+23e/8RGQ9w+Ztf5mi78i2938PNg0OpTobsjlcUwfurFkYuyaAzHU8w3N8fq5PkL5saK0Hl6JnyGtxs5ZFNxt/xeovWetC4y2ZnIgjtmJlhhnBKqox2xzgMgcJjSrpO4qzTjEhkZjtYqw==
- Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
- Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>
- Delivery-date: Mon, 19 Jul 2021 07:10:55 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 16.07.2021 18:14, Andrew Cooper wrote:
> On 16/07/2021 16:26, George Dunlap wrote:
>>
>>> On Jul 14, 2021, at 5:17 PM, Anthony PERARD <anthony.perard@xxxxxxxxxx>
>>> wrote:
>>>
>>> This will help prevent the CI loop from having build failures when
>>> `checkpolicy` isn't available, when doing "randconfig" jobs.
>> Hang on, just to clarify what’s going on here.
>>
>> ‘randconfig’ is setting CONFIG_XSM_FLASK_POLICY in the .config file; and
>> then when the build happens, we error out because one of the required
>> components isn’t there.
>>
>> What this patch does is to make it so that if someone explicitly sets
>> CONFIG_XSM_FLASK_POLICY=y, but doesn’t have checkpolicy, the build system
>> will silently disable the policy behind their backs without telling them?
>
> Yes, but that's how ~everything in the Xen and Linux build works currently.
>
> What this new version will do is produce a config/build combo, with the
> config reporting that CONFIG_XSM_FLASK_POLICY was not active.
>
> This is a damnsignt better than the "old" way of doing feature checks in
> the makefiles, where there is no trace that the build system disabled a
> feature because your compiler was too old.
Disabling features at build time is of course no better than disabling
them at configure time. Instead, if a chose configuration cannot be built,
the build should fail - ideally with an error message clearly telling
people what the reason is and what they can do about it.
Jan
|
