[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available


  • To: Anthony PERARD <anthony.perard@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 19 Jul 2021 09:37:06 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6e0nm1lyd2BQOWbe6B7Q1v5Kbuu4y1w05G4kiBgJpqk=; b=gxTSlgt96gQY/9CXUGkJbiQRDUbEJ1xnrdbUPbZP+zvE11h9X9NesJdVwk1vAfGmAfMWG/u0v9Qv9g6EsQaCrsoqyqBZcBKWfTFPmW89bc4smlC11Nw1eLC29cjEt+RHzgQdPhNXqJOlzNmpHZA59eUkhJmJFfTKS2Awusiczkh6FKtGcpCRrvMaoRF1/Nw4Z/b9kDa+tjA7kh2+bEwWT5XndB/v3IEv3a5r9aMtQaIud0SUmKsEpNNFH9feZqxsDSmgh8Xhfoz9VrHUrpXHny1h7sDL2Qw8hMaEZIjFESroh5RaLqmr66Y/sFXFsS94HDFfrtndDDjN2TQqhJtnOg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SAs+SARBxj29DMB8tBk2TSH7UjQs0BmN/+B11p4xqiH9yns6d9Wdqk/U470apDBzzz9qfJg+qoCsKk9gWbOypPuzF3H7mFqhdT9/cIJOrh9b0aNcE54l60A6Z5SkKU6OvZogCaUGQzFkInM9nIQaU0Fy7VQtBreIpqwqgzIIfX5nIgP2XX+xwSdxbSqsVeNC3rCVePLx+W2bL6ZiIeQK1JVacfgKN//Ci4Ve8Zeq9nSO+xo8gBQMdBDg32p/gRA/ARuWfuNnGeh9tRZ1fiHAx7TZfFeXalNS3BTHxQ6c8Lgj19GlKki6y2q7KU/O0a2NOwlqpO/G0ZG2YvfQrM+V+g==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 19 Jul 2021 07:37:21 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 16.07.2021 14:38, Anthony PERARD wrote:
> This will help prevent the CI loop from having build failures when
> `checkpolicy` isn't available, when doing "randconfig" jobs.
> 
> Also, move the check out of Config.mk and into xen/ build system.
> Nothing in tools/ is using that information as it's done by
> ./configure.
> 
> Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> ---
> We might want to have a new Makefile for this kind of check that
> Kconfig is going to use, just to keep the main Makefile a bit cleaner.
> But maybe another time, if more are comming.
> 
> v2:
> - move check to Makefile

I'm afraid I don't understand:

> --- a/xen/Makefile
> +++ b/xen/Makefile
> @@ -17,6 +17,8 @@ export XEN_BUILD_HOST       ?= $(shell hostname)
>  PYTHON_INTERPRETER   := $(word 1,$(shell which python3 python python2 
> 2>/dev/null) python)
>  export PYTHON                ?= $(PYTHON_INTERPRETER)
>  
> +export CHECKPOLICY   ?= checkpolicy
> +
>  export BASEDIR := $(CURDIR)
>  export XEN_ROOT := $(BASEDIR)/..
>  
> @@ -156,6 +158,8 @@ CFLAGS += $(CLANG_FLAGS)
>  export CLANG_FLAGS
>  endif
>  
> +export HAS_CHECKPOLICY := $(call success,$(CHECKPOLICY) -h 2>&1 | grep -q 
> xen)

While the setting indeed gets obtained in a Makefile now, ...

> --- a/xen/common/Kconfig
> +++ b/xen/common/Kconfig
> @@ -235,8 +235,8 @@ config XSM_FLASK_AVC_STATS
>  
>  config XSM_FLASK_POLICY
>       bool "Compile Xen with a built-in FLASK security policy"
> -     default y if "$(XEN_HAS_CHECKPOLICY)" = "y"
> -     depends on XSM_FLASK
> +     default y
> +     depends on XSM_FLASK && "$(HAS_CHECKPOLICY)"

... it's still used as a Kconfig dependency. This in particular
does not address George's concern about a setting silently getting
turned off behind the back of the person having enabled it (and
this could happen at any time, not just during the initial build,
where one might still remember to diff .config against
.config.old). The minimal thing imo is some kind of warning then.
Even better would be if the setting was left unchanged and the
build would fail; a solution for randconfig would then still be
needed of course. If we wanted to go this route, a tristate type
for the values may be unavoidable, along the lines of what Jürgen
has suggested. I wouldn't think of a global override though, but
a distinction of the origin of each option's setting. This might
be as simple as y vs Y for "positive" values and "# CONFIG_...
is not set" present (for visible options) or absent (for options
the user can't control) for "negative" ones. But yes, this would
likely be an intrusive change _and_ it would not be clear how to
transform existing .config-s, so is unlikely to be suitable for
the immediate issue at hand.

Jan




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.