| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
Re: [Xen-devel] [PATCH] fix broken ACM
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx wrote on 06/23/2005 11:22:04 AM:
> On 6/24/05, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> >
> > On 23 Jun 2005, at 15:57, Stefan Berger wrote:
> >
> > >> ok, i see the point. the problem is because i moved some codes
> > >> (acm_init() and acm_init_binary_policy()) to acm_hooks.h. now it
seems
> > >> better to move them back. but it is weird that i got no problem
with
> > >> gcc 3.3.5
> > >>
> > >> could you please try again with the new patch below?
> > >
> > > I tried it with your attached patch. There was an unused function
when
> > > trying out the NULL policy. The attached patch on top of yours and
> > > things
> > > compile fine.
> >
> > I'm still confused what these patches are aiming to fix. If we are
> > building 'NULL' security policy then all the hooks should compile away
> > to nothing and acm core files do not get built. So why do they need
> > patching with ifdef's conditional on whether or not the policy is
> > 'NULL'?
> >
> > Currently, if you re-enable building of acm/ directory in the Xen root
> > Makefile, yet the ACM_USE_SECURITY_POLICY is NULL_POLICY, the build
> > will certainly fail. But I don;t see why we would want to support
that.
> > :-)
>
> Keir, certainly i understand your point. but this patch doesnt harm,
anyway ;-)
>
> one annoying problem at the moment is that if we want to compile ACM
> in, we should modify the value of ACM_USE_SECURITY_POLICY, since the
> current default value is ACM_NULL_POLICY( which is meaningless as Keir
> pointed out )
We have a choice of compiling in a NULL policy on two levels now:
Do not define ACM_USE_SECURITY_POLICY on makefile level to not compile any
policy code in the xen/acm directory and effectlively have a NULL policy.
If ACM_USE_SECURITY_POLICY is defined on the makefile level and
ACM_NULL_POLICY is the default as the policy to compile (see the choice in
xen/include/public/acm.h), we also get a NULL policy. The inline calls
that are compiled into the code will all be removed since they default to
'return 0'. - so no hooks there and no overhead.
Is it a problem to have that 2nd level choice of a NULL policy?
Stefan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-devel] Re: [PATCH] fix broken ACM, (continued)
|
|
|
| |
|
Home