[OSSTEST,47/49] setupboot_grub2: Do not boot with XSM policy etc. unless xsm=1
diff mbox series

Message ID 20200529111945.21394-48-ian.jackson@eu.citrix.com
State New
Headers show
Series
  • Switch to Debian buster (= Debian stable)
Related show

Commit Message

Ian Jackson May 29, 2020, 11:19 a.m. UTC
This prevents us from passing an XSM policy file, and
`flask=enforcing', in supposedly-non-XSM tests.

These bootloader entries can appear because the Xen upstream build
ships XSM policy files by default even if XSM is disabled in the
hypervisor, causing update-grub to generate useless `XSM enabled'
entries.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 Osstest/Debian.pm | 3 +++
 1 file changed, 3 insertions(+)

Patch
diff mbox series

diff --git a/Osstest/Debian.pm b/Osstest/Debian.pm
index c18bf718..b140ede2 100644
--- a/Osstest/Debian.pm
+++ b/Osstest/Debian.pm
@@ -499,6 +499,9 @@  sub setupboot_grub2 ($$$$) {
 		} elsif ($want_xsm && !defined $entry->{Xenpolicy}) {
 		    logm("(skipping entry at $entry->{StartLine}..$.;".
 			 " XSM policy file not mentioned)");
+		} elsif (!$want_xsm && defined $entry->{Xenpolicy}) {
+		    logm("(skipping entry at $entry->{StartLine}..$.;".
+			 " XSM policy file, but we don't want XSM)");
 		} elsif ($ho->{Suite} =~ m/buster/ &&
 			 defined $entry->{Xenpolicy} &&
 			 !$bootfiles{