From mboxrd@z Thu Jan 1 00:00:00 1970 From: aq Subject: Re: [PATCH] choose security model for ACM at built-time Date: Sat, 25 Jun 2005 08:25:25 +0900 Message-ID: <9cde8bff05062416256af42a7c@mail.gmail.com> References: <9cde8bff050624083345768b68@mail.gmail.com> Reply-To: aq Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_5239_21637201.1119655525604" Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser Cc: xen-devel , xense-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org ------=_Part_5239_21637201.1119655525604 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On 6/25/05, Keir Fraser wrote: >=20 > On 24 Jun 2005, at 16:33, aq wrote: >=20 > > At the moment, there is a problem with ACM: it is impossible to set > > ACM security model at built-time, so even with ACM is chosen to build, > > the default policy is NULL, which is useless. > > > > This patch propose a solution to this problem: build process will > > generate a header file (include/public/acm_policy.h) based on the > > value set in xen/Makefile or at command-line, and gets acm.h included > > it. >=20 > Looks fine, but: >=20 > Firstly, is the configured policy something that needs to be propagated > to user tools (i.e., should the generated header reside within > include/public or should it be in include/xen)? >=20 i guess not. so right, it is better to put it into include/xen > Secondly, you missed conditional inclusion of acm/acm.o into the > ALL_OBJS list in xen/Rules.mk. Also, the definition of > ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk > rather than the Makefile. >=20 ok, please take this revision. Signed-off-by: Nguyen Anh Quynh $ diffstat acm7.patch=20 Makefile | 19 +++++++++++++++++-- Rules.mk | 13 ++++++++++--- include/public/acm.h | 9 +++------ 3 files changed, 30 insertions(+), 11 deletions(-) ------=_Part_5239_21637201.1119655525604 Content-Type: application/octet-stream; name="acm7.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="acm7.patch" PT09PT0geGVuL01ha2VmaWxlIDEuODYgdnMgZWRpdGVkID09PT09Ci0tLSAxLjg2L3hlbi9NYWtl ZmlsZQkyMDA1LTA2LTIyIDIzOjE4OjExICswOTowMAorKysgZWRpdGVkL3hlbi9NYWtlZmlsZQky MDA1LTA2LTI1IDA4OjEzOjE3ICswOTowMApAQCAtNTQsMjAgKzU0LDM1IEBACiAKICQoVEFSR0VU KTogZGVsZXRlLXVuZnJlc2gtZmlsZXMKIAkkKE1BS0UpIGluY2x1ZGUveGVuL2NvbXBpbGUuaAor CSQoTUFLRSkgaW5jbHVkZS94ZW4vYWNtX3BvbGljeS5oCiAJWyAtZSBpbmNsdWRlL2FzbSBdIHx8 IGxuIC1zZiBhc20tJChUQVJHRVRfQVJDSCkgaW5jbHVkZS9hc20KIAkkKE1BS0UpIC1DIGFyY2gv JChUQVJHRVRfQVJDSCkgYXNtLW9mZnNldHMucwogCSQoTUFLRSkgaW5jbHVkZS9hc20tJChUQVJH RVRfQVJDSCkvYXNtLW9mZnNldHMuaAogCSQoTUFLRSkgLUMgY29tbW9uCiAJJChNQUtFKSAtQyBk cml2ZXJzCi1pZmRlZiBBQ01fVVNFX1NFQ1VSSVRZX1BPTElDWQoraWZuZXEgKCQoQUNNX1VTRV9T RUNVUklUWV9QT0xJQ1kpLEFDTV9OVUxMX1BPTElDWSkKIAkkKE1BS0UpIC1DIGFjbQogZW5kaWYK IAkkKE1BS0UpIC1DIGFyY2gvJChUQVJHRVRfQVJDSCkKIAogIyBkcml2ZXJzL2NoYXIvY29uc29s ZS5vIG1heSBjb250YWluIHN0YXRpYyBiYW5uZXIvY29tcGlsZSBpbmZvLiBCbG93IGl0IGF3YXku CiBkZWxldGUtdW5mcmVzaC1maWxlczoKLQlybSAtZiBpbmNsdWRlL3hlbi9iYW5uZXIuaCBpbmNs dWRlL3hlbi9jb21waWxlLmggZHJpdmVycy9jaGFyL2NvbnNvbGUubworCXJtIC1mIGluY2x1ZGUv eGVuL2Jhbm5lci5oIGluY2x1ZGUveGVuL2NvbXBpbGUuaCBpbmNsdWRlL3hlbi9hY21fcG9saWN5 LmggZHJpdmVycy9jaGFyL2NvbnNvbGUubwogCSQoTUFLRSkgLUMgYXJjaC8kKFRBUkdFVF9BUkNI KSBkZWxldGUtdW5mcmVzaC1maWxlcworCisjIGFjbV9wb2xpY3kuaCBjb250YWlucyBzZWN1cml0 eSBwb2xpY3kgZm9yIFhlbgoraW5jbHVkZS94ZW4vYWNtX3BvbGljeS5oOgorCUAoc2V0IC1lOyBc CisJICBlY2hvICIvKiI7IFwKKwkgIGVjaG8gIiAqIERPIE5PVCBNT0RJRlkuIjsgXAorCSAgZWNo byAiICoiOyBcCisJICBlY2hvICIgKiBUaGlzIGZpbGUgd2FzIGF1dG8tZ2VuZXJhdGVkIGJ5IHhl bi9NYWtlZmlsZSAkPCI7IFwKKwkgIGVjaG8gIiAqIjsgXAorCSAgZWNobyAiICovIjsgXAorCSAg ZWNobyAiIjsgXAorCSAgZWNobyAiI2lmbmRlZiBBQ01fVVNFX1NFQ1VSSVRZX1BPTElDWSI7IFwK KwkgIGVjaG8gIiNkZWZpbmUgQUNNX1VTRV9TRUNVUklUWV9QT0xJQ1kgJChBQ01fVVNFX1NFQ1VS SVRZX1BPTElDWSkiOyBcCisJICBlY2hvICIjZW5kaWYiKSA+JEAKIAogIyBjb21waWxlLmggY29u dGFpbnMgZHluYW1pYyBidWlsZCBpbmZvLiBSZWJ1aWx0IG9uIGV2ZXJ5ICdtYWtlJyBpbnZvY2F0 aW9uLgogaW5jbHVkZS94ZW4vY29tcGlsZS5oOiBMQU5HPUMKPT09PT0geGVuL1J1bGVzLm1rIDEu NDUgdnMgZWRpdGVkID09PT09Ci0tLSAxLjQ1L3hlbi9SdWxlcy5tawkyMDA1LTA2LTIyIDIzOjE4 OjExICswOTowMAorKysgZWRpdGVkL3hlbi9SdWxlcy5tawkyMDA1LTA2LTI1IDA4OjEzOjE3ICsw OTowMApAQCAtMSw0ICsxLDMgQEAKLQogdmVyYm9zZSAgICAgPz0gbgogZGVidWcgICAgICAgPz0g bgogcGVyZmMgICAgICAgPz0gbgpAQCAtOCw2ICs3LDE0IEBACiBkb211X2RlYnVnICA/PSBuCiBj cmFzaF9kZWJ1ZyA/PSBuCiAKKyMgQUNNX1VTRV9TRUNVUklUWV9QT0xJQ1kgaXMgc2V0IHRvIHNl Y3VyaXR5IHBvbGljeSBvZiBYZW4KKyMgU3VwcG9ydGVkIG1vZGVscyBhcmU6CisjCUFDTV9OVUxM X1BPTElDWSAoQUNNIHdpbGwgbm90IGJlIGJ1aWx0IHdpdGggdGhpcyBwb2xpY3kpCisjCUFDTV9D SElORVNFX1dBTExfUE9MSUNZCisjCUFDTV9TSU1QTEVfVFlQRV9FTkZPUkNFTUVOVF9QT0xJQ1kK KyMJQUNNX0NISU5FU0VfV0FMTF9BTkRfU0lNUExFX1RZUEVfRU5GT1JDRU1FTlRfUE9MSUNZCitB Q01fVVNFX1NFQ1VSSVRZX1BPTElDWSA/PSBBQ01fTlVMTF9QT0xJQ1kKKwogaW5jbHVkZSAkKEJB U0VESVIpLy4uL0NvbmZpZy5tawogCiAjIFNldCBBUkNIL1NVQkFSQ0ggYXBwcm9wcmlhdGVseS4K QEAgLTM1LDggKzQyLDggQEAKIEFMTF9PQkpTIDo9ICQoQkFTRURJUikvY29tbW9uL2NvbW1vbi5v CiBBTExfT0JKUyArPSAkKEJBU0VESVIpL2RyaXZlcnMvY2hhci9kcml2ZXIubwogQUxMX09CSlMg Kz0gJChCQVNFRElSKS9kcml2ZXJzL2FjcGkvZHJpdmVyLm8KLWlmZGVmIEFDTV9VU0VfU0VDVVJJ VFlfUE9MSUNZCi1BTExfT0JKUyArPSAkKEJBU0VESVIpL2FjbS9hY20ubworaWZuZXEgKCQoQUNN X1VTRV9TRUNVUklUWV9QT0xJQ1kpLEFDTV9OVUxMX1BPTElDWSkKKwlBTExfT0JKUyArPSAkKEJB U0VESVIpL2FjbS9hY20ubwogZW5kaWYKIEFMTF9PQkpTICs9ICQoQkFTRURJUikvYXJjaC8kKFRB UkdFVF9BUkNIKS9hcmNoLm8KIAo9PT09PSB4ZW4vaW5jbHVkZS9wdWJsaWMvYWNtLmggMS4xIHZz IGVkaXRlZCA9PT09PQotLS0gMS4xL3hlbi9pbmNsdWRlL3B1YmxpYy9hY20uaAkyMDA1LTA2LTIx IDA3OjI4OjA2ICswOTowMAorKysgZWRpdGVkL3hlbi9pbmNsdWRlL3B1YmxpYy9hY20uaAkyMDA1 LTA2LTI1IDA4OjEzOjE3ICswOTowMApAQCAtMjIsMTEgKzIyLDEyIEBACiAgKiB0b2RvOiBtb3Zl IGZyb20gc3RhdGljIHBvbGljeSBjaG9pY2UgdG8gY29tcGlsZSBvcHRpb24uCiAgKi8KIAotI2lm bmRlZiBfWEVOX1BVQkxJQ19TSFlQRV9ICi0jZGVmaW5lIF9YRU5fUFVCTElDX1NIWVBFX0gKKyNp Zm5kZWYgX1hFTl9QVUJMSUNfQUNNX0gKKyNkZWZpbmUgX1hFTl9QVUJMSUNfQUNNX0gKIAogI2lu Y2x1ZGUgInhlbi5oIgogI2luY2x1ZGUgInNjaGVkX2N0bC5oIgorI2luY2x1ZGUgInhlbi9hY21f cG9saWN5LmgiCiAKIC8qIGlmIEFDTV9ERUJVRyBkZWZpbmVkLCBhbGwgaG9va3Mgc2hvdWxkCiAg KiBwcmludCBhIHNob3J0IHRyYWNlIG1lc3NhZ2UgKGNvbW1lbnQgaXQgb3V0CkBAIC03MCwxMCAr NzEsNiBAQAogCShYID09IEFDTV9TSU1QTEVfVFlQRV9FTkZPUkNFTUVOVF9QT0xJQ1kpID8gIlNJ TVBMRSBUWVBFIEVORk9SQ0VNRU5UIHBvbGljeSIgOiBcCiAJKFggPT0gQUNNX0NISU5FU0VfV0FM TF9BTkRfU0lNUExFX1RZUEVfRU5GT1JDRU1FTlRfUE9MSUNZKSA/ICJDSElORVNFIFdBTEwgQU5E IFNJTVBMRSBUWVBFIEVORk9SQ0VNRU5UIHBvbGljeSIgOiBcCiAJIlVOREVGSU5FRCBwb2xpY3ki Ci0KLSNpZm5kZWYgQUNNX1VTRV9TRUNVUklUWV9QT0xJQ1kKLSNkZWZpbmUgQUNNX1VTRV9TRUNV UklUWV9QT0xJQ1kgQUNNX05VTExfUE9MSUNZCi0jZW5kaWYKIAogLyogZGVmaW5lcyBhIHNzaWQg cmVmZXJlbmNlIHVzZWQgYnkgeGVuICovCiB0eXBlZGVmIHUzMiBzc2lkcmVmX3Q7Cg== ------=_Part_5239_21637201.1119655525604 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel ------=_Part_5239_21637201.1119655525604--