This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xense-devel] Re: [PATCH] choose security model for ACM at built-time

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: [Xense-devel] Re: [PATCH] choose security model for ACM at built-time
From: aq <aquynh@xxxxxxxxx>
Date: Sat, 25 Jun 2005 08:25:25 +0900
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 24 Jun 2005 23:24:14 +0000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=NAzO2iACsulQlAMiHkihbBJS7ALlrra0SuRa4KZVlknSpyy5siXyYGAHOzrJYuH4LLOqagq7Lts36+h6VaCUj9O56lRFsRqVerGmB/FNKuI18DkcjMjBJGaJSAXJcs+mU+jiNcqrbE5ow9YIqlzEmV2IcRvWhdidSyJwLzKNtp0=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <c3065b97da35bc7f20ae5f58f6dd4d75@xxxxxxxxxxxx>
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
References: <9cde8bff050624083345768b68@xxxxxxxxxxxxxx> <c3065b97da35bc7f20ae5f58f6dd4d75@xxxxxxxxxxxx>
Reply-to: aq <aquynh@xxxxxxxxx>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
On 6/25/05, Keir Fraser <Keir.Fraser@xxxxxxxxxxxx> wrote:
> On 24 Jun 2005, at 16:33, aq wrote:
> > At the moment, there is a problem with ACM: it is impossible to set
> > ACM security model at built-time, so even with ACM is chosen to build,
> > the default policy is NULL, which is useless.
> >
> > This patch propose a solution to this problem: build process will
> > generate a header file (include/public/acm_policy.h) based on the
> > value set in xen/Makefile or at command-line, and gets acm.h included
> > it.
> Looks fine, but:
> Firstly, is the configured policy something that needs to be propagated
> to user tools (i.e., should the generated header reside within
> include/public or should it be in include/xen)?

i guess not. so right, it is better to put it into include/xen

> Secondly, you missed conditional inclusion of acm/acm.o into the
> ALL_OBJS list in xen/Rules.mk. Also, the definition of
> ACM_USE_SECURITY_POLICY probably belongs more correctly in Rules.mk
> rather than the Makefile.

ok, please take this revision.

Signed-off-by: Nguyen Anh Quynh <aquynh@xxxxxxxxx>

$ diffstat acm7.patch 
 Makefile             |   19 +++++++++++++++++--
 Rules.mk             |   13 ++++++++++---
 include/public/acm.h |    9 +++------
 3 files changed, 30 insertions(+), 11 deletions(-)

Attachment: acm7.patch
Description: Binary data

Xense-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>