* [PATCH 1/4] xen: split the flask package into a policy and tools package
@ 2016-03-24 15:31 Derek Straka
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
` (3 more replies)
0 siblings, 4 replies; 12+ messages in thread
From: Derek Straka @ 2016-03-24 15:31 UTC (permalink / raw)
To: meta-virtualization; +Cc: Derek Straka
Signed-off-by: Derek Straka <derek@asterius.io>
---
recipes-extended/xen/xen.inc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index 2eba012..bc5ff85 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -153,6 +153,7 @@ PACKAGES = "\
${PN}-doc \
${PN}-efi \
${PN}-flask \
+ ${PN}-flask-tools \
${PN}-fsimage \
${PN}-gdbsx \
${PN}-hvmloader \
@@ -342,13 +343,16 @@ FILES_${PN}-devd = "\
"
FILES_${PN}-flask = "\
+ /boot/xenpolicy-${PV} \
+ "
+
+FILES_${PN}-flask-tools = "\
${sbindir}/flask-get-bool \
${sbindir}/flask-getenforce \
${sbindir}/flask-label-pci \
${sbindir}/flask-loadpolicy \
${sbindir}/flask-set-bool \
${sbindir}/flask-setenforce \
- /boot/xenpolicy-${PV} \
"
FILES_${PN}-gdbsx = "\
--
1.9.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/4] xen: add the ability to configure the name of the policy
2016-03-24 15:31 [PATCH 1/4] xen: split the flask package into a policy and tools package Derek Straka
@ 2016-03-24 15:31 ` Derek Straka
2016-03-24 17:55 ` Doug Goldstein
2016-03-26 1:26 ` Chris Patterson
2016-03-24 15:31 ` [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory Derek Straka
` (2 subsequent siblings)
3 siblings, 2 replies; 12+ messages in thread
From: Derek Straka @ 2016-03-24 15:31 UTC (permalink / raw)
To: meta-virtualization; +Cc: Derek Straka
When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable). Allow the policy file name to be configured by the xen recipe.
Signed-off-by: Derek Straka <derek@asterius.io>
---
recipes-extended/xen/xen.inc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index bc5ff85..77740cf 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
"
+FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
+
PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
PACKAGECONFIG[xsm] = "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
@@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
"
FILES_${PN}-flask = "\
- /boot/xenpolicy-${PV} \
+ /boot/${FLASK_POLICY_FILE} \
"
FILES_${PN}-flask-tools = "\
--
1.9.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory
2016-03-24 15:31 [PATCH 1/4] xen: split the flask package into a policy and tools package Derek Straka
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
@ 2016-03-24 15:31 ` Derek Straka
2016-03-24 17:55 ` Doug Goldstein
2016-03-24 15:31 ` [PATCH 4/4] xen: add the extra packages released with xen 4.7 Derek Straka
2016-03-24 17:55 ` [PATCH 1/4] xen: split the flask package into a policy and tools package Doug Goldstein
3 siblings, 1 reply; 12+ messages in thread
From: Derek Straka @ 2016-03-24 15:31 UTC (permalink / raw)
To: meta-virtualization; +Cc: Derek Straka
Signed-off-by: Derek Straka <derek@asterius.io>
---
recipes-extended/xen/xen.inc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index 77740cf..bddab6b 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -878,6 +878,12 @@ do_deploy() {
if [ -f ${D}/boot/xen.gz ]; then
install -m 0644 ${D}/boot/xen.gz ${DEPLOYDIR}/xen-${MACHINE}.gz
fi
+ # Install the flask policy in the deploy directory if it exists
+ if [ -f ${D}/boot/${FLASK_POLICY_FILE} ]; then
+ install -m 0644 ${D}/boot/${FLASK_POLICY_FILE} ${DEPLOYDIR}
+ ln -sf ${FLASK_POLICY_FILE} xenpolicy-${MACHINE}
+ mv xenpolicy-${MACHINE} ${DEPLOYDIR}
+ fi
}
addtask deploy after do_populate_sysroot
--
1.9.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 4/4] xen: add the extra packages released with xen 4.7
2016-03-24 15:31 [PATCH 1/4] xen: split the flask package into a policy and tools package Derek Straka
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
2016-03-24 15:31 ` [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory Derek Straka
@ 2016-03-24 15:31 ` Derek Straka
2016-03-24 17:56 ` Doug Goldstein
2016-03-24 17:55 ` [PATCH 1/4] xen: split the flask package into a policy and tools package Doug Goldstein
3 siblings, 1 reply; 12+ messages in thread
From: Derek Straka @ 2016-03-24 15:31 UTC (permalink / raw)
To: meta-virtualization; +Cc: Derek Straka
Signed-off-by: Derek Straka <derek@asterius.io>
---
recipes-extended/xen/xen.inc | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
index bddab6b..96255ec 100644
--- a/recipes-extended/xen/xen.inc
+++ b/recipes-extended/xen/xen.inc
@@ -165,8 +165,16 @@ PACKAGES = "\
${PN}-libblktapctl \
${PN}-libblktapctl-dev \
${PN}-libblktap-dev \
+ ${PN}-libxencall \
+ ${PN}-libxencall-dev \
+ ${PN}-libxenevtchn \
+ ${PN}-libxenevtchn-dev \
+ ${PN}-libxenforeignmemory \
+ ${PN}-libxenforeignmemory-dev \
${PN}-libfsimage \
${PN}-libfsimage-dev \
+ ${PN}-libxengnttab \
+ ${PN}-libxengnttab-dev \
${PN}-libvhd \
${PN}-libvhd-dev \
${PN}-libxenctrl \
@@ -179,6 +187,8 @@ PACKAGES = "\
${PN}-libxenstat-dev \
${PN}-libxenstore \
${PN}-libxenstore-dev \
+ ${PN}-libxentoollog \
+ ${PN}-libxentoollog-dev \
${PN}-libxenvchan \
${PN}-libxenvchan-dev \
${PN}-libxlutil \
@@ -204,6 +214,7 @@ PACKAGES = "\
${PN}-xenstat \
${PN}-xenstore \
${PN}-xenstored \
+ ${PN}-init-xenstore-dom \
${PN}-xentrace \
${PN}-xen-watchdog \
${PN}-xl \
@@ -291,12 +302,29 @@ FILES_${PN}-libxenstat-dev = "${libdir}/libxenstat.so"
FILES_${PN}-libxenstore = "${libdir}/libxenstore.so.*"
FILES_${PN}-libxenstore-dev = "${libdir}/libxenstore.so"
+FILES_${PN}-init-xenstore-dom = "${libdir}/xen/bin/init-xenstore-domain"
+
FILES_${PN}-libblktap = "${libdir}/libblktap.so.*"
FILES_${PN}-libblktap-dev = "${libdir}/libblktap.so"
+FILES_${PN}-libxencall = "${libdir}/libxencall.so.*"
+FILES_${PN}-libxencall-dev = "${libdir}/libxencall.so"
+
+FILES_${PN}-libxenevtchn = "${libdir}/libxenevtchn.so.*"
+FILES_${PN}-libxenevtchn-dev = "${libdir}/libxenevtchn.so"
+
+FILES_${PN}-libxenforeignmemory = "${libdir}/libxenforeignmemory.so.*"
+FILES_${PN}-libxenforeignmemory-dev = "${libdir}/libxenforeignmemory.so"
+
FILES_${PN}-libfsimage = "${libdir}/libfsimage.so.*"
FILES_${PN}-libfsimage-dev = "${libdir}/libfsimage.so"
+FILES_${PN}-libxengnttab = "${libdir}/libxengnttab.so.*"
+FILES_${PN}-libxengnttab-dev = "${libdir}/libxengnttab.so"
+
+FILES_${PN}-libxentoollog = "${libdir}/libxentoollog.so.*"
+FILES_${PN}-libxentoollog-dev = "${libdir}/libxentoollog.so"
+
FILES_${PN}-fsimage = "${libdir}/fs/*/*fsimage.so"
FILES_${PN}-hypervisor = "\
--
1.9.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH 1/4] xen: split the flask package into a policy and tools package
2016-03-24 15:31 [PATCH 1/4] xen: split the flask package into a policy and tools package Derek Straka
` (2 preceding siblings ...)
2016-03-24 15:31 ` [PATCH 4/4] xen: add the extra packages released with xen 4.7 Derek Straka
@ 2016-03-24 17:55 ` Doug Goldstein
2016-03-25 17:59 ` Chris Patterson
3 siblings, 1 reply; 12+ messages in thread
From: Doug Goldstein @ 2016-03-24 17:55 UTC (permalink / raw)
To: Derek Straka, meta-virtualization
[-- Attachment #1.1: Type: text/plain, Size: 169 bytes --]
On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
--
Doug Goldstein
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] xen: add the ability to configure the name of the policy
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
@ 2016-03-24 17:55 ` Doug Goldstein
2016-03-26 1:26 ` Chris Patterson
1 sibling, 0 replies; 12+ messages in thread
From: Doug Goldstein @ 2016-03-24 17:55 UTC (permalink / raw)
To: Derek Straka, meta-virtualization
[-- Attachment #1.1: Type: text/plain, Size: 351 bytes --]
On 3/24/16 10:31 AM, Derek Straka wrote:
> When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable). Allow the policy file name to be configured by the xen recipe.
>
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
--
Doug Goldstein
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory
2016-03-24 15:31 ` [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory Derek Straka
@ 2016-03-24 17:55 ` Doug Goldstein
0 siblings, 0 replies; 12+ messages in thread
From: Doug Goldstein @ 2016-03-24 17:55 UTC (permalink / raw)
To: Derek Straka, meta-virtualization
[-- Attachment #1.1: Type: text/plain, Size: 176 bytes --]
On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
--
Doug Goldstein
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 4/4] xen: add the extra packages released with xen 4.7
2016-03-24 15:31 ` [PATCH 4/4] xen: add the extra packages released with xen 4.7 Derek Straka
@ 2016-03-24 17:56 ` Doug Goldstein
0 siblings, 0 replies; 12+ messages in thread
From: Doug Goldstein @ 2016-03-24 17:56 UTC (permalink / raw)
To: Derek Straka, meta-virtualization
[-- Attachment #1.1: Type: text/plain, Size: 176 bytes --]
On 3/24/16 10:31 AM, Derek Straka wrote:
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
--
Doug Goldstein
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 978 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 1/4] xen: split the flask package into a policy and tools package
2016-03-24 17:55 ` [PATCH 1/4] xen: split the flask package into a policy and tools package Doug Goldstein
@ 2016-03-25 17:59 ` Chris Patterson
0 siblings, 0 replies; 12+ messages in thread
From: Chris Patterson @ 2016-03-25 17:59 UTC (permalink / raw)
To: Doug Goldstein; +Cc: Derek Straka, meta-virtualization
LGTM +1, tested.
On Thu, Mar 24, 2016 at 1:55 PM, Doug Goldstein <cardoe@cardoe.com> wrote:
> On 3/24/16 10:31 AM, Derek Straka wrote:
>> Signed-off-by: Derek Straka <derek@asterius.io>
>
> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
>
> --
> Doug Goldstein
>
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] xen: add the ability to configure the name of the policy
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
2016-03-24 17:55 ` Doug Goldstein
@ 2016-03-26 1:26 ` Chris Patterson
2016-03-28 13:06 ` Derek Straka
1 sibling, 1 reply; 12+ messages in thread
From: Chris Patterson @ 2016-03-26 1:26 UTC (permalink / raw)
To: Derek Straka; +Cc: meta-virtualization
On Thu, Mar 24, 2016 at 11:31 AM, Derek Straka <derek@asterius.io> wrote:
> When using non-release versions, the policy files may have a different name (xenpolicy-${PV}-unstable). Allow the policy file name to be configured by the xen recipe.
>
> Signed-off-by: Derek Straka <derek@asterius.io>
> ---
> recipes-extended/xen/xen.inc | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
> index bc5ff85..77740cf 100644
> --- a/recipes-extended/xen/xen.inc
> +++ b/recipes-extended/xen/xen.inc
> @@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
> ${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
> "
>
> +FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
> +
> PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
> PACKAGECONFIG[xsm] = "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
> PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
> @@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
> "
>
> FILES_${PN}-flask = "\
> - /boot/xenpolicy-${PV} \
> + /boot/${FLASK_POLICY_FILE} \
Looks fine to me, but could this just simply be a wildcard (i.e.
/boot/xenpolicy-*)? Is there a case where it would generate multiple
images and you would want to key off just one?
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] xen: add the ability to configure the name of the policy
2016-03-26 1:26 ` Chris Patterson
@ 2016-03-28 13:06 ` Derek Straka
2016-03-28 14:23 ` Chris Patterson
0 siblings, 1 reply; 12+ messages in thread
From: Derek Straka @ 2016-03-28 13:06 UTC (permalink / raw)
To: Chris Patterson; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 1769 bytes --]
I had the specific file called out for symlinking during do_deploy. I can
wildcard the policy file here and symlink to the first one if more than one
policy file exists. Right now I don't know of a case where more than one
policy is created, so it may never be an issue.
On Fri, Mar 25, 2016 at 9:26 PM, Chris Patterson <cjp256@gmail.com> wrote:
> On Thu, Mar 24, 2016 at 11:31 AM, Derek Straka <derek@asterius.io> wrote:
> > When using non-release versions, the policy files may have a different
> name (xenpolicy-${PV}-unstable). Allow the policy file name to be
> configured by the xen recipe.
> >
> > Signed-off-by: Derek Straka <derek@asterius.io>
> > ---
> > recipes-extended/xen/xen.inc | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/recipes-extended/xen/xen.inc b/recipes-extended/xen/xen.inc
> > index bc5ff85..77740cf 100644
> > --- a/recipes-extended/xen/xen.inc
> > +++ b/recipes-extended/xen/xen.inc
> > @@ -17,6 +17,8 @@ PACKAGECONFIG ??= " \
> > ${@bb.utils.contains('XEN_TARGET_ARCH', 'x86_64', 'hvm', '', d)} \
> > "
> >
> > +FLASK_POLICY_FILE ?= "xenpolicy-${PV}"
> > +
> > PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,virtual/libsdl,"
> > PACKAGECONFIG[xsm] =
> "--enable-xsmpolicy,--disable-xsmpolicy,checkpolicy-native,"
> > PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd,"
> > @@ -343,7 +345,7 @@ FILES_${PN}-devd = "\
> > "
> >
> > FILES_${PN}-flask = "\
> > - /boot/xenpolicy-${PV} \
> > + /boot/${FLASK_POLICY_FILE} \
>
> Looks fine to me, but could this just simply be a wildcard (i.e.
> /boot/xenpolicy-*)? Is there a case where it would generate multiple
> images and you would want to key off just one?
>
[-- Attachment #2: Type: text/html, Size: 2418 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH 2/4] xen: add the ability to configure the name of the policy
2016-03-28 13:06 ` Derek Straka
@ 2016-03-28 14:23 ` Chris Patterson
0 siblings, 0 replies; 12+ messages in thread
From: Chris Patterson @ 2016-03-28 14:23 UTC (permalink / raw)
To: Derek Straka; +Cc: meta-virtualization
On Mon, Mar 28, 2016 at 9:06 AM, Derek Straka <derek@asterius.io> wrote:
> I had the specific file called out for symlinking during do_deploy. I can
> wildcard the policy file here and symlink to the first one if more than one
> policy file exists. Right now I don't know of a case where more than one
> policy is created, so it may never be an issue.
>
Thank you, I missed the other patch and this makes more sense now. +1
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2016-03-28 14:24 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-24 15:31 [PATCH 1/4] xen: split the flask package into a policy and tools package Derek Straka
2016-03-24 15:31 ` [PATCH 2/4] xen: add the ability to configure the name of the policy Derek Straka
2016-03-24 17:55 ` Doug Goldstein
2016-03-26 1:26 ` Chris Patterson
2016-03-28 13:06 ` Derek Straka
2016-03-28 14:23 ` Chris Patterson
2016-03-24 15:31 ` [PATCH 3/4] xen: add the flask policy to the set of files installed to the deploy directory Derek Straka
2016-03-24 17:55 ` Doug Goldstein
2016-03-24 15:31 ` [PATCH 4/4] xen: add the extra packages released with xen 4.7 Derek Straka
2016-03-24 17:56 ` Doug Goldstein
2016-03-24 17:55 ` [PATCH 1/4] xen: split the flask package into a policy and tools package Doug Goldstein
2016-03-25 17:59 ` Chris Patterson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.