From nobody Thu May 2 22:53:51 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1626439117; cv=none; d=zohomail.com; s=zohoarc; b=bPPMRPR3KP9hLyvagEDqYECqjQpFaSXVcGGZy+dBupm4rCNBWJpfJCNrpiAFwt30eNKP8kdeD2+auJoskHTB08m83lwk0pyN6wF39YTnCV1vI7V7cykuNQI92fVnUllBEOYFI4RcHqbI+O4RHRUMeSH8hUCmJrpVvm9gUthKDSY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1626439117; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=zZzpEHr47WIFHOEpRaalqU/Q7tJ28RHOc+Ua25IIFAA=; b=jj35XPjxC2cOwuZRkIDY7nTLwVulmOLImqXWmwnhCeBIcTg5p56VE38L2VPwIhxbHMIpfokmhx54bkyTOPFyJVZhrBcqyLzXxfzGvFN7zu8U4JfVjg3KQpnYSALoMoPsJ7ydOQ6kMCUzLju/yWynUXbu4pfvf1dl12yeD2dii0I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1626439117635218.59475686771384; Fri, 16 Jul 2021 05:38:37 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.157163.290084 (Exim 4.92) (envelope-from ) id 1m4N6m-0002rn-1B; Fri, 16 Jul 2021 12:38:24 +0000 Received: by outflank-mailman (output) from mailman id 157163.290084; Fri, 16 Jul 2021 12:38:23 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m4N6l-0002rg-U4; Fri, 16 Jul 2021 12:38:23 +0000 Received: by outflank-mailman (input) for mailman id 157163; Fri, 16 Jul 2021 12:38:22 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1m4N6k-0002rY-2v for xen-devel@lists.xenproject.org; Fri, 16 Jul 2021 12:38:22 +0000 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5a4dfd1a-a215-4e34-a052-ffc33b7e2bc4; Fri, 16 Jul 2021 12:38:20 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5a4dfd1a-a215-4e34-a052-ffc33b7e2bc4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1626439100; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=azorGvvnspgDnvbmo5EIJBsJCYiGcu1/jeYXmhc3Sao=; b=hXpUaArSgUDkUlAvNXXlw4kfGolzVcS468WZp56z3gvbHBksbLZ0OV2w y3VLeytPSODJMfVeo3cgN7ZSJe85hDMnaorftKV0PxHv0mnhm+ff3WEOJ iMtdM2DJxSrvNyKGCEfEmAiQ46BBVoYOzBdC5nhxIAFFuQK3qQngZBDHA M=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: d0i5hlDDdkuS1jW/SZH+dj5FOAGRhLn3YoAu0aAJuiRWqU5YwrWy3NJfcS1wwul7wE/h7aWHRw QJLvsNnPNYRU5mp5d8yltE2+KiYoS8QmUq0GyAcT5kiGPRBwPqR7TDP+MU7pkrT+4j6cxAEZxN SNfUwN5qmdo1VuxBo1uFK3qkYbVEFyhusfu83tPgyTaNdXErLe9ZbN/bkneFPeFboY10aQ2pI8 SIqFM/t+2BKAlQ6SpXSMrb+trLlhXhsGX0AAfUT6Tld4wYYmA0VWzE2usJPpHtEk2RNIJJD2B3 TSM= X-SBRS: 5.1 X-MesageID: 48125581 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED IronPort-HdrOrdr: A9a23:rBC09qlRUAYYIVjZWXQoZl/ymvLpDfLo3DAbv31ZSRFFG/Fw9/ rCoB17726QtN91YhsdcL+7V5VoLUmzyXcX2/hyAV7BZmnbUQKTRekP0WKL+Vbd8kbFh41gPM lbEpSXCLfLfCJHZcSR2njELz73quP3jJxBho3lvghQpRkBUdAF0+/gYDzranGfQmN9dP0EPa vZ3OVrjRy6d08aa8yqb0N1JNQq97Xw5fTbiQdtPW9f1DWz X-IronPort-AV: E=Sophos;i="5.84,244,1620705600"; d="scan'208";a="48125581" From: Anthony PERARD To: CC: Anthony PERARD , Andrew Cooper , George Dunlap , "Ian Jackson" , Jan Beulich , Julien Grall , Stefano Stabellini , Wei Liu Subject: [XEN PATCH v2] xen: allow XSM_FLASK_POLICY only if checkpolicy binary is available Date: Fri, 16 Jul 2021 13:38:12 +0100 Message-ID: <20210716123812.494081-1-anthony.perard@citrix.com> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210714161734.256246-1-anthony.perard@citrix.com> References: <20210714161734.256246-1-anthony.perard@citrix.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1626439118650100001 Content-Type: text/plain; charset="utf-8" This will help prevent the CI loop from having build failures when `checkpolicy` isn't available, when doing "randconfig" jobs. Also, move the check out of Config.mk and into xen/ build system. Nothing in tools/ is using that information as it's done by ./configure. Signed-off-by: Anthony PERARD --- We might want to have a new Makefile for this kind of check that Kconfig is going to use, just to keep the main Makefile a bit cleaner. But maybe another time, if more are comming. v2: - move check to Makefile --- Config.mk | 6 ------ xen/Makefile | 4 ++++ xen/common/Kconfig | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Config.mk b/Config.mk index d08fa8d60dd7..97d3633706b3 100644 --- a/Config.mk +++ b/Config.mk @@ -137,12 +137,6 @@ export XEN_HAS_BUILD_ID=3Dy build_id_linker :=3D --build-id=3Dsha1 endif =20 -ifndef XEN_HAS_CHECKPOLICY - CHECKPOLICY ?=3D checkpolicy - XEN_HAS_CHECKPOLICY :=3D $(shell $(CHECKPOLICY) -h 2>&1 | grep -q xen = && echo y || echo n) - export XEN_HAS_CHECKPOLICY -endif - define buildmakevars2shellvars export PREFIX=3D"$(prefix)"; = \ export XEN_SCRIPT_DIR=3D"$(XEN_SCRIPT_DIR)"; = \ diff --git a/xen/Makefile b/xen/Makefile index 8023680ffbf2..045ddb18ad68 100644 --- a/xen/Makefile +++ b/xen/Makefile @@ -17,6 +17,8 @@ export XEN_BUILD_HOST ?=3D $(shell hostname) PYTHON_INTERPRETER :=3D $(word 1,$(shell which python3 python python2 2>/d= ev/null) python) export PYTHON ?=3D $(PYTHON_INTERPRETER) =20 +export CHECKPOLICY ?=3D checkpolicy + export BASEDIR :=3D $(CURDIR) export XEN_ROOT :=3D $(BASEDIR)/.. =20 @@ -156,6 +158,8 @@ CFLAGS +=3D $(CLANG_FLAGS) export CLANG_FLAGS endif =20 +export HAS_CHECKPOLICY :=3D $(call success,$(CHECKPOLICY) -h 2>&1 | grep -= q xen) + export root-make-done :=3D y endif # root-make-done =20 diff --git a/xen/common/Kconfig b/xen/common/Kconfig index 0ddd18e11af3..a5ef3814f531 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -235,8 +235,8 @@ config XSM_FLASK_AVC_STATS =20 config XSM_FLASK_POLICY bool "Compile Xen with a built-in FLASK security policy" - default y if "$(XEN_HAS_CHECKPOLICY)" =3D "y" - depends on XSM_FLASK + default y + depends on XSM_FLASK && "$(HAS_CHECKPOLICY)" ---help--- This includes a default XSM policy in the hypervisor so that the bootloader does not need to load a policy to get sane behavior from an --=20 Anthony PERARD