The following patch was included in the changelog (see bottom) It removes the static flag for compilation of secpol_tools.c. Static linking is however prefferable for minimalistic domain configurations like ramdisks. I suggest the following patch to be added: ---- patch --- diff -r 7b6f55756f9c tools/security/Makefile --- a/tools/security/Makefile Fri Aug 19 09:42:12 2005 +++ b/tools/security/Makefile Fri Aug 19 12:35:09 2005 @@ -1,7 +1,12 @@ + + XEN_ROOT = ../.. include $(XEN_ROOT)/tools/Rules.mk SRCS = secpol_tool.c +# Most systems compile static without problems. It''s prefferable for +# minimal domain configurations (eg ramdisks). You can try to see if it compiles. +# CFLAGS += -static CFLAGS += -Wall CFLAGS += -Werror CFLAGS += -O3 --------------- Signed-off-by: Robin van Leeuwen <rvl@ttg-edam.nl> ################# PATCH ADDED #################### Author: kaf24@firebug.cl.cam.ac.uk Date: Fri Aug 19 09:03:17 2005 ################################################## diff -r 1895942150a5 -r 513acbeac420 tools/security/Makefile --- a/tools/security/Makefile Fri Aug 19 08:55:03 2005 +++ b/tools/security/Makefile Fri Aug 19 09:03:17 2005 @@ -2,27 +2,71 @@ include $(XEN_ROOT)/tools/Rules.mk SRCS = secpol_tool.c -CFLAGS += -static CFLAGS += -Wall CFLAGS += -Werror CFLAGS += -O3 CFLAGS += -fno-strict-aliasing -CFLAGS += -I. +CFLAGS += -I. -I/usr/include/libxml2 +CFLAGS_XML2BIN += $(shell xml2-config --cflags --libs ) +#if above does not work, try -L/usr/lib -lxml2 -lz -lpthread -lm +XML2VERSION = $(shell xml2-config --version ) +VALIDATE_SCHEMA=$(shell if [[ $(XML2VERSION) < 2.6.20 ]]; then echo ""; else echo "-DVALIDATE_SCHEMA"; fi; ) +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_NULL_POLICY) +POLICY=null +endif +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_POLICY) +POLICY=chwall +endif +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY) +POLICY=ste +endif +ifeq ($(ACM_USE_SECURITY_POLICY),ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY) +POLICY=chwall_ste +endif +POLICYFILE=./policies/$(POLICY)/$(POLICY).bin + +ifneq ($(ACM_USE_SECURITY_POLICY), ACM_NULL_POLICY) all: build + +install:all + +default:all +else +all: + +install: + +default: +endif + build: mk-symlinks $(MAKE) secpol_tool + $(MAKE) secpol_xml2bin + chmod 700 ./setlabel.sh + chmod 700 ./updategrub.sh -default: all - -install: all - -secpol_tool : secpol_tool.c +secpol_tool : secpol_tool.c secpol_compat.h $(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $< +secpol_xml2bin : secpol_xml2bin.c secpol_xml2bin.h secpol_compat.h + $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_XML2BIN) $(VALIDATE_SCHEMA) -o $@ $< + clean: - rm -rf secpol_tool xen + rm -rf secpol_tool secpol_xml2bin xen +policy_clean: + rm -rf policies/*/*.bin policies/*/*.map + +mrproper: clean policy_clean + + +$(POLICYFILE) : build + @./secpol_xml2bin $(POLICY) > /dev/null + +boot_install: $(POLICYFILE) + @cp $(POLICYFILE) /boot + @./updategrub.sh $(POLICY) $(PWD)/$(XEN_ROOT) LINUX_ROOT := $(XEN_ROOT)/linux-2.6-xen-sparse mk-symlinks: _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel