xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] docs: update FLASK cmd line instructions
@ 2016-03-15  0:37 Doug Goldstein
  2016-03-15 20:24 ` Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 5+ messages in thread
From: Doug Goldstein @ 2016-03-15  0:37 UTC (permalink / raw)
  To: xen-devel
  Cc: Keir Fraser, Doug Goldstein, Ian Jackson, Tim Deegan,
	Jan Beulich, Daniel De Graaf

The command line instructions for FLASK include a note on how to compile
Xen with FLASK but the note was out of date after the change to Kconfig.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
---
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Keir Fraser <keir@xen.org>
CC: Tim Deegan <tim@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>

Not sure if you want backticks around `make -C menuconfig`. I also figured
we should route people towards menuconfig by default. The committer of
this patch is welcome to change the wording or style in anyway they see
fit.

---
 docs/misc/xen-command-line.markdown | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index ca77e3b..949e210 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -665,8 +665,8 @@ to use the default.
 > Default: `permissive`
 
 Specify how the FLASK security server should be configured.  This option is only
-available if the hypervisor was compiled with XSM support (which can be enabled
-by setting XSM\_ENABLE = y in .config).
+available if the hypervisor was compiled with FLASK support.  This can be
+enabled by running make -C xen menuconfig and enabling XSM and FLASK.
 
 * `permissive`: This is intended for development and is not suitable for use
   with untrusted guests.  If a policy is provided by the bootloader, it will be
-- 
2.4.10


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] docs: update FLASK cmd line instructions
  2016-03-15  0:37 [PATCH] docs: update FLASK cmd line instructions Doug Goldstein
@ 2016-03-15 20:24 ` Konrad Rzeszutek Wilk
  2016-03-15 20:40   ` Doug Goldstein
  0 siblings, 1 reply; 5+ messages in thread
From: Konrad Rzeszutek Wilk @ 2016-03-15 20:24 UTC (permalink / raw)
  To: Doug Goldstein
  Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
	Daniel De Graaf

On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote:
> The command line instructions for FLASK include a note on how to compile
> Xen with FLASK but the note was out of date after the change to Kconfig.
> 
> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> ---
> CC: Ian Jackson <ian.jackson@eu.citrix.com>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Tim Deegan <tim@xen.org>
> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> 
> Not sure if you want backticks around `make -C menuconfig`. I also figured
> we should route people towards menuconfig by default. The committer of
> this patch is welcome to change the wording or style in anyway they see
> fit.
> 
> ---
>  docs/misc/xen-command-line.markdown | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> index ca77e3b..949e210 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -665,8 +665,8 @@ to use the default.
>  > Default: `permissive`
>  
>  Specify how the FLASK security server should be configured.  This option is only
> -available if the hypervisor was compiled with XSM support (which can be enabled
> -by setting XSM\_ENABLE = y in .config).
> +available if the hypervisor was compiled with FLASK support.  This can be
> +enabled by running make -C xen menuconfig and enabling XSM and FLASK.

Would it be better said:

.. "and enabling Common Features|Xen Security Module support (FLux Advanced Security
Kernel support gets enabled automatically)."
?

>  
>  * `permissive`: This is intended for development and is not suitable for use
>    with untrusted guests.  If a policy is provided by the bootloader, it will be
> -- 
> 2.4.10
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] docs: update FLASK cmd line instructions
  2016-03-15 20:24 ` Konrad Rzeszutek Wilk
@ 2016-03-15 20:40   ` Doug Goldstein
  2016-03-15 20:43     ` Konrad Rzeszutek Wilk
  0 siblings, 1 reply; 5+ messages in thread
From: Doug Goldstein @ 2016-03-15 20:40 UTC (permalink / raw)
  To: Konrad Rzeszutek Wilk
  Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
	Daniel De Graaf


[-- Attachment #1.1.1: Type: text/plain, Size: 2053 bytes --]

On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote:
> On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote:
>> The command line instructions for FLASK include a note on how to compile
>> Xen with FLASK but the note was out of date after the change to Kconfig.
>>
>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>> ---
>> CC: Ian Jackson <ian.jackson@eu.citrix.com>
>> CC: Jan Beulich <jbeulich@suse.com>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Tim Deegan <tim@xen.org>
>> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>>
>> Not sure if you want backticks around `make -C menuconfig`. I also figured
>> we should route people towards menuconfig by default. The committer of
>> this patch is welcome to change the wording or style in anyway they see
>> fit.
>>
>> ---
>>  docs/misc/xen-command-line.markdown | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
>> index ca77e3b..949e210 100644
>> --- a/docs/misc/xen-command-line.markdown
>> +++ b/docs/misc/xen-command-line.markdown
>> @@ -665,8 +665,8 @@ to use the default.
>>  > Default: `permissive`
>>  
>>  Specify how the FLASK security server should be configured.  This option is only
>> -available if the hypervisor was compiled with XSM support (which can be enabled
>> -by setting XSM\_ENABLE = y in .config).
>> +available if the hypervisor was compiled with FLASK support.  This can be
>> +enabled by running make -C xen menuconfig and enabling XSM and FLASK.
> 
> Would it be better said:
> 
> .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security
> Kernel support gets enabled automatically)."
> ?

My response falls in the bucket of a tristate boolean. It depends on how
you want to document these values. By the pretty strings or the
searchable names. And then making sure all the doc places are consistent
with that.

-- 
Doug Goldstein


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] docs: update FLASK cmd line instructions
  2016-03-15 20:40   ` Doug Goldstein
@ 2016-03-15 20:43     ` Konrad Rzeszutek Wilk
  2016-03-17  4:32       ` Doug Goldstein
  0 siblings, 1 reply; 5+ messages in thread
From: Konrad Rzeszutek Wilk @ 2016-03-15 20:43 UTC (permalink / raw)
  To: Doug Goldstein
  Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
	Daniel De Graaf

On Tue, Mar 15, 2016 at 03:40:19PM -0500, Doug Goldstein wrote:
> On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote:
> > On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote:
> >> The command line instructions for FLASK include a note on how to compile
> >> Xen with FLASK but the note was out of date after the change to Kconfig.
> >>
> >> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> >> ---
> >> CC: Ian Jackson <ian.jackson@eu.citrix.com>
> >> CC: Jan Beulich <jbeulich@suse.com>
> >> CC: Keir Fraser <keir@xen.org>
> >> CC: Tim Deegan <tim@xen.org>
> >> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> >> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> >>
> >> Not sure if you want backticks around `make -C menuconfig`. I also figured
> >> we should route people towards menuconfig by default. The committer of
> >> this patch is welcome to change the wording or style in anyway they see
> >> fit.
> >>
> >> ---
> >>  docs/misc/xen-command-line.markdown | 4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> >> index ca77e3b..949e210 100644
> >> --- a/docs/misc/xen-command-line.markdown
> >> +++ b/docs/misc/xen-command-line.markdown
> >> @@ -665,8 +665,8 @@ to use the default.
> >>  > Default: `permissive`
> >>  
> >>  Specify how the FLASK security server should be configured.  This option is only
> >> -available if the hypervisor was compiled with XSM support (which can be enabled
> >> -by setting XSM\_ENABLE = y in .config).
> >> +available if the hypervisor was compiled with FLASK support.  This can be
> >> +enabled by running make -C xen menuconfig and enabling XSM and FLASK.
> > 
> > Would it be better said:
> > 
> > .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security
> > Kernel support gets enabled automatically)."
> > ?
> 
> My response falls in the bucket of a tristate boolean. It depends on how
> you want to document these values. By the pretty strings or the
> searchable names. And then making sure all the doc places are consistent
> with that.

That was more of what I saw - when I tried 'make -C xen menuconfig' I didn't
see XSM or FLASK (I am being anal here, but the point is that newbies may
need crystal clear explanations).
Perhaps both?


enabled by running:
 * make -C xen menuconfig and enabling Common.... blahblah
 * make -C xen oldconfig and enabling XSM and FLASK

?
> 
> -- 
> Doug Goldstein
> 




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] docs: update FLASK cmd line instructions
  2016-03-15 20:43     ` Konrad Rzeszutek Wilk
@ 2016-03-17  4:32       ` Doug Goldstein
  0 siblings, 0 replies; 5+ messages in thread
From: Doug Goldstein @ 2016-03-17  4:32 UTC (permalink / raw)
  To: Konrad Rzeszutek Wilk
  Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
	Daniel De Graaf


[-- Attachment #1.1.1: Type: text/plain, Size: 3062 bytes --]

On 3/15/16 3:43 PM, Konrad Rzeszutek Wilk wrote:
> On Tue, Mar 15, 2016 at 03:40:19PM -0500, Doug Goldstein wrote:
>> On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote:
>>> On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote:
>>>> The command line instructions for FLASK include a note on how to compile
>>>> Xen with FLASK but the note was out of date after the change to Kconfig.
>>>>
>>>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>>>> ---
>>>> CC: Ian Jackson <ian.jackson@eu.citrix.com>
>>>> CC: Jan Beulich <jbeulich@suse.com>
>>>> CC: Keir Fraser <keir@xen.org>
>>>> CC: Tim Deegan <tim@xen.org>
>>>> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>>>> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>>>>
>>>> Not sure if you want backticks around `make -C menuconfig`. I also figured
>>>> we should route people towards menuconfig by default. The committer of
>>>> this patch is welcome to change the wording or style in anyway they see
>>>> fit.
>>>>
>>>> ---
>>>>  docs/misc/xen-command-line.markdown | 4 ++--
>>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>>>
>>>> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
>>>> index ca77e3b..949e210 100644
>>>> --- a/docs/misc/xen-command-line.markdown
>>>> +++ b/docs/misc/xen-command-line.markdown
>>>> @@ -665,8 +665,8 @@ to use the default.
>>>>  > Default: `permissive`
>>>>  
>>>>  Specify how the FLASK security server should be configured.  This option is only
>>>> -available if the hypervisor was compiled with XSM support (which can be enabled
>>>> -by setting XSM\_ENABLE = y in .config).
>>>> +available if the hypervisor was compiled with FLASK support.  This can be
>>>> +enabled by running make -C xen menuconfig and enabling XSM and FLASK.
>>>
>>> Would it be better said:
>>>
>>> .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security
>>> Kernel support gets enabled automatically)."
>>> ?
>>
>> My response falls in the bucket of a tristate boolean. It depends on how
>> you want to document these values. By the pretty strings or the
>> searchable names. And then making sure all the doc places are consistent
>> with that.
> 
> That was more of what I saw - when I tried 'make -C xen menuconfig' I didn't
> see XSM or FLASK (I am being anal here, but the point is that newbies may
> need crystal clear explanations).
> Perhaps both?
> 
> 
> enabled by running:
>  * make -C xen menuconfig and enabling Common.... blahblah
>  * make -C xen oldconfig and enabling XSM and FLASK
> 
> ?
>>
>> -- 
>> Doug Goldstein
>>
> 
> 
> 

I waited to see if some others wanted weigh in because this is the first
of quite a few places in the docs that will need to be updated as I
touch the remaining items in Rules.mk and wanted to make sure that
however I things were documented they remained consistent. I'll take
silence to mean acceptance and update this patch accordingly.

Thanks for your help Konrad!

-- 
Doug Goldstein


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 959 bytes --]

[-- Attachment #2: Type: text/plain, Size: 126 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2016-03-17  4:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-15  0:37 [PATCH] docs: update FLASK cmd line instructions Doug Goldstein
2016-03-15 20:24 ` Konrad Rzeszutek Wilk
2016-03-15 20:40   ` Doug Goldstein
2016-03-15 20:43     ` Konrad Rzeszutek Wilk
2016-03-17  4:32       ` Doug Goldstein

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).