At the moment, there is a problem with ACM: it is impossible to set ACM security model at built-time, so even with ACM is chosen to build, the default policy is NULL, which is useless. This patch propose a solution to this problem: build process will generate a header file (include/public/acm_policy.h) based on the value set in xen/Makefile or at command-line, and gets acm.h included it. Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com> $ diffstat acm6.patch xen/Makefile | 27 +++++++++++++++++++++++++-- xen/include/public/acm.h | 9 +++------ 2 files changed, 28 insertions(+), 8 deletions(-) _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2005-Jun-24 16:13 UTC
[Xen-devel] Re: [PATCH] choose security model for ACM at built-time
On 24 Jun 2005, at 16:33, aq wrote:> At the moment, there is a problem with ACM: it is impossible to set > ACM security model at built-time, so even with ACM is chosen to build, > the default policy is NULL, which is useless. > > This patch propose a solution to this problem: build process will > generate a header file (include/public/acm_policy.h) based on the > value set in xen/Makefile or at command-line, and gets acm.h included > it.Looks fine, but: Firstly, is the configured policy something that needs to be propagated to user tools (i.e., should the generated header reside within include/public or should it be in include/xen)? Secondly, you missed conditional inclusion of acm/acm.o into the ALL_OBJS list in xen/Rules.mk. Also, the definition of ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk rather than the Makefile. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
aq
2005-Jun-24 23:25 UTC
[Xense-devel] Re: [PATCH] choose security model for ACM at built-time
On 6/25/05, Keir Fraser <Keir.Fraser@cl.cam.ac.uk> wrote:> > On 24 Jun 2005, at 16:33, aq wrote: > > > At the moment, there is a problem with ACM: it is impossible to set > > ACM security model at built-time, so even with ACM is chosen to build, > > the default policy is NULL, which is useless. > > > > This patch propose a solution to this problem: build process will > > generate a header file (include/public/acm_policy.h) based on the > > value set in xen/Makefile or at command-line, and gets acm.h included > > it. > > Looks fine, but: > > Firstly, is the configured policy something that needs to be propagated > to user tools (i.e., should the generated header reside within > include/public or should it be in include/xen)? >i guess not. so right, it is better to put it into include/xen> Secondly, you missed conditional inclusion of acm/acm.o into the > ALL_OBJS list in xen/Rules.mk. Also, the definition of > ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk > rather than the Makefile. >ok, please take this revision. Signed-off-by: Nguyen Anh Quynh <aquynh@gmail.com> $ diffstat acm7.patch Makefile | 19 +++++++++++++++++-- Rules.mk | 13 ++++++++++--- include/public/acm.h | 9 +++------ 3 files changed, 30 insertions(+), 11 deletions(-) _______________________________________________ Xense-devel mailing list Xense-devel@lists.xensource.com http://lists.xensource.com/xense-devel