|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH 1/2] tools: add configure option for disabling pygrub
Add a "--disable-pygrub" option for being able to disable the build
and installation of pygrub.
There are two main reasons to do so:
- A main reason to use pygrub is to allow a PV guest to choose its
bitness (32- or 64-bit). Pygrub allows that by looking into the boot
image and to start the guest in the correct mode depending on the
kernel selected. With 32-bit PV guests being deprecated and the
possibility to even build a hypervisor without 32-bit PV support,
this use case is gone for at least some configurations.
- Pygrub is running in dom0 with root privileges. As it is operating
on guest controlled data (the boot image) and taking decisions based
on this data, there is a possible security issue. Not being possible
to use pygrub is thus a step towards more security.
Default is still to build and install pygrub.
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
---
config/Tools.mk.in | 1 +
tools/Makefile | 2 +-
tools/configure | 26 ++++++++++++++++++++++++++
tools/configure.ac | 1 +
4 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/config/Tools.mk.in b/config/Tools.mk.in
index b7cc2961d8..432d7496f1 100644
--- a/config/Tools.mk.in
+++ b/config/Tools.mk.in
@@ -48,6 +48,7 @@ CONFIG_QEMU_XEN := @qemu_xen@
CONFIG_QEMUU_EXTRA_ARGS:= @EXTRA_QEMUU_CONFIGURE_ARGS@
CONFIG_LIBNL := @libnl@
CONFIG_GOLANG := @golang@
+CONFIG_PYGRUB := @pygrub@
CONFIG_SYSTEMD := @systemd@
SYSTEMD_CFLAGS := @SYSTEMD_CFLAGS@
diff --git a/tools/Makefile b/tools/Makefile
index 1ff90ddfa0..bbd75ebc1a 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -36,7 +36,7 @@ SUBDIRS-$(CONFIG_X86) += debugger
SUBDIRS-$(CONFIG_TESTS) += tests
SUBDIRS-y += python
-SUBDIRS-y += pygrub
+SUBDIRS-$(CONFIG_PYGRUB) += pygrub
SUBDIRS-$(OCAML_TOOLS) += ocaml
ifeq ($(CONFIG_RUMP),y)
diff --git a/tools/configure b/tools/configure
index 52b4717d01..130e0d9abf 100755
--- a/tools/configure
+++ b/tools/configure
@@ -707,6 +707,7 @@ AS86
ipxe
qemu_traditional
LINUX_BACKEND_MODULES
+pygrub
golang
seabios
ovmf
@@ -811,6 +812,7 @@ enable_xsmpolicy
enable_ovmf
enable_seabios
enable_golang
+enable_pygrub
with_linux_backend_modules
enable_qemu_traditional
enable_ipxe
@@ -1498,6 +1500,7 @@ Optional Features:
--enable-ovmf Enable OVMF (default is DISABLED)
--disable-seabios Disable SeaBIOS (default is ENABLED)
--disable-golang Disable Go tools (default is ENABLED)
+ --disable-pygrub Disable pygrub (default is ENABLED)
--enable-qemu-traditional
Enable qemu traditional device model, (DEFAULT is
off)
@@ -4287,6 +4290,29 @@ golang=$ax_cv_golang
+# Check whether --enable-pygrub was given.
+if test "${enable_pygrub+set}" = set; then :
+ enableval=$enable_pygrub;
+fi
+
+
+if test "x$enable_pygrub" = "xno"; then :
+
+ ax_cv_pygrub="n"
+
+elif test "x$enable_pygrub" = "xyes"; then :
+
+ ax_cv_pygrub="y"
+
+elif test -z $ax_cv_pygrub; then :
+
+ ax_cv_pygrub="y"
+
+fi
+pygrub=$ax_cv_pygrub
+
+
+
# Check whether --with-linux-backend-modules was given.
if test "${with_linux_backend_modules+set}" = set; then :
diff --git a/tools/configure.ac b/tools/configure.ac
index 3cccf41960..9947bcefc6 100644
--- a/tools/configure.ac
+++ b/tools/configure.ac
@@ -89,6 +89,7 @@ AX_ARG_DEFAULT_ENABLE([xsmpolicy], [Disable XSM policy
compilation])
AX_ARG_DEFAULT_DISABLE([ovmf], [Enable OVMF])
AX_ARG_DEFAULT_ENABLE([seabios], [Disable SeaBIOS])
AX_ARG_DEFAULT_ENABLE([golang], [Disable Go tools])
+AX_ARG_DEFAULT_ENABLE([pygrub], [Disable pygrub])
AC_ARG_WITH([linux-backend-modules],
AS_HELP_STRING([--with-linux-backend-modules="mod1 mod2"],
--
2.35.3
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |