[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 19 Jul 2021 09:10:42 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ZA7WXWbDJuoWjc5G8umeqqz7ySAoacDJDJkAK5Gn+I=; b=NG86/B3AqBiP/kfUkwbZ3md1+B6VaAIMfVQt6WCl2H3RO8ey7K0QW6FJRvbeVvkPdCG8NQ1w9yPwtsiPW6KG4YOAs4FGuqPaHEWNFz3ZfqzLvL8L13W8YUcElOmZUgaDXVnXA6xIXDV30uwP97fDhuX3j9l+Kfid0vav9YSM58vg7RbllkayffA/+obKvpQh5m/953MdX0E9VWfGe+fAaVpilVDQhcqTvWlm7WTOa0iyNV+kqE4/PrHC6scZVKB/L7rNoemPSuPae8AaiLsZiscoVRqfosRUDyKf4BXwjLFPSHVhhep96LFMbDpKhgX9hmEFlXafM2duyJqtaqmg+w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Pmo/KAMkpML4PzgJAp3DtczsfbUipto+9Irksis3Bpgm+A2DOL4/LPUpwHTOP70W29O6qmxJOiE+otiz2jMqBx3Eaphn34+7/jS7EngHFRfCqKO/pgr2pO0W+B8f41nc6dnrzUZiNS5kF45rmJtC+/Dc4suOcxZ3Op5V6XutZCmilk5MjZniD5LY/9kVC2wCcXYqDIkhE+23e/8RGQ9w+Ztf5mi78i2938PNg0OpTobsjlcUwfurFkYuyaAzHU8w3N8fq5PkL5saK0Hl6JnyGtxs5ZFNxt/xeovWetC4y2ZnIgjtmJlhhnBKqox2xzgMgcJjSrpO4qzTjEhkZjtYqw==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=suse.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>
  • Delivery-date: Mon, 19 Jul 2021 07:10:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.07.2021 18:14, Andrew Cooper wrote:
> On 16/07/2021 16:26, George Dunlap wrote:
>>> On Jul 14, 2021, at 5:17 PM, Anthony PERARD <anthony.perard@xxxxxxxxxx> 
>>> wrote:
>>> This will help prevent the CI loop from having build failures when
>>> `checkpolicy` isn't available, when doing "randconfig" jobs.
>> Hang on, just to clarify what’s going on here.
>> ‘randconfig’ is setting CONFIG_XSM_FLASK_POLICY in the .config file; and 
>> then when the build happens, we error out because one of the required 
>> components isn’t there.
>> What this patch does is to make it so that if someone explicitly sets 
>> CONFIG_XSM_FLASK_POLICY=y, but doesn’t have checkpolicy, the build system 
>> will silently disable the policy behind their backs without telling them?
> Yes, but that's how ~everything in the Xen and Linux build works currently.
> What this new version will do is produce a config/build combo, with the
> config reporting that CONFIG_XSM_FLASK_POLICY was not active.
> This is a damnsignt better than the "old" way of doing feature checks in
> the makefiles, where there is no trace that the build system disabled a
> feature because your compiler was too old.

Disabling features at build time is of course no better than disabling
them at configure time. Instead, if a chose configuration cannot be built,
the build should fail - ideally with an error message clearly telling
people what the reason is and what they can do about it.




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.