| Message ID | 1458002259-22081-1-git-send-email-cardoe@cardoe.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote: > The command line instructions for FLASK include a note on how to compile > Xen with FLASK but the note was out of date after the change to Kconfig. > > Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > --- > CC: Ian Jackson <ian.jackson@eu.citrix.com> > CC: Jan Beulich <jbeulich@suse.com> > CC: Keir Fraser <keir@xen.org> > CC: Tim Deegan <tim@xen.org> > CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > Not sure if you want backticks around `make -C menuconfig`. I also figured > we should route people towards menuconfig by default. The committer of > this patch is welcome to change the wording or style in anyway they see > fit. > > --- > docs/misc/xen-command-line.markdown | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > index ca77e3b..949e210 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -665,8 +665,8 @@ to use the default. > > Default: `permissive` > > Specify how the FLASK security server should be configured. This option is only > -available if the hypervisor was compiled with XSM support (which can be enabled > -by setting XSM\_ENABLE = y in .config). > +available if the hypervisor was compiled with FLASK support. This can be > +enabled by running make -C xen menuconfig and enabling XSM and FLASK. Would it be better said: .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security Kernel support gets enabled automatically)." ? > > * `permissive`: This is intended for development and is not suitable for use > with untrusted guests. If a policy is provided by the bootloader, it will be > -- > 2.4.10 >
On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote: > On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote: >> The command line instructions for FLASK include a note on how to compile >> Xen with FLASK but the note was out of date after the change to Kconfig. >> >> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> >> --- >> CC: Ian Jackson <ian.jackson@eu.citrix.com> >> CC: Jan Beulich <jbeulich@suse.com> >> CC: Keir Fraser <keir@xen.org> >> CC: Tim Deegan <tim@xen.org> >> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> >> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> >> >> Not sure if you want backticks around `make -C menuconfig`. I also figured >> we should route people towards menuconfig by default. The committer of >> this patch is welcome to change the wording or style in anyway they see >> fit. >> >> --- >> docs/misc/xen-command-line.markdown | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown >> index ca77e3b..949e210 100644 >> --- a/docs/misc/xen-command-line.markdown >> +++ b/docs/misc/xen-command-line.markdown >> @@ -665,8 +665,8 @@ to use the default. >> > Default: `permissive` >> >> Specify how the FLASK security server should be configured. This option is only >> -available if the hypervisor was compiled with XSM support (which can be enabled >> -by setting XSM\_ENABLE = y in .config). >> +available if the hypervisor was compiled with FLASK support. This can be >> +enabled by running make -C xen menuconfig and enabling XSM and FLASK. > > Would it be better said: > > .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security > Kernel support gets enabled automatically)." > ? My response falls in the bucket of a tristate boolean. It depends on how you want to document these values. By the pretty strings or the searchable names. And then making sure all the doc places are consistent with that.
On Tue, Mar 15, 2016 at 03:40:19PM -0500, Doug Goldstein wrote: > On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote: > > On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote: > >> The command line instructions for FLASK include a note on how to compile > >> Xen with FLASK but the note was out of date after the change to Kconfig. > >> > >> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > >> --- > >> CC: Ian Jackson <ian.jackson@eu.citrix.com> > >> CC: Jan Beulich <jbeulich@suse.com> > >> CC: Keir Fraser <keir@xen.org> > >> CC: Tim Deegan <tim@xen.org> > >> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > >> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > >> > >> Not sure if you want backticks around `make -C menuconfig`. I also figured > >> we should route people towards menuconfig by default. The committer of > >> this patch is welcome to change the wording or style in anyway they see > >> fit. > >> > >> --- > >> docs/misc/xen-command-line.markdown | 4 ++-- > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > >> index ca77e3b..949e210 100644 > >> --- a/docs/misc/xen-command-line.markdown > >> +++ b/docs/misc/xen-command-line.markdown > >> @@ -665,8 +665,8 @@ to use the default. > >> > Default: `permissive` > >> > >> Specify how the FLASK security server should be configured. This option is only > >> -available if the hypervisor was compiled with XSM support (which can be enabled > >> -by setting XSM\_ENABLE = y in .config). > >> +available if the hypervisor was compiled with FLASK support. This can be > >> +enabled by running make -C xen menuconfig and enabling XSM and FLASK. > > > > Would it be better said: > > > > .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security > > Kernel support gets enabled automatically)." > > ? > > My response falls in the bucket of a tristate boolean. It depends on how > you want to document these values. By the pretty strings or the > searchable names. And then making sure all the doc places are consistent > with that. That was more of what I saw - when I tried 'make -C xen menuconfig' I didn't see XSM or FLASK (I am being anal here, but the point is that newbies may need crystal clear explanations). Perhaps both? enabled by running: * make -C xen menuconfig and enabling Common.... blahblah * make -C xen oldconfig and enabling XSM and FLASK ? > > -- > Doug Goldstein >
On 3/15/16 3:43 PM, Konrad Rzeszutek Wilk wrote: > On Tue, Mar 15, 2016 at 03:40:19PM -0500, Doug Goldstein wrote: >> On 3/15/16 3:24 PM, Konrad Rzeszutek Wilk wrote: >>> On Mon, Mar 14, 2016 at 07:37:39PM -0500, Doug Goldstein wrote: >>>> The command line instructions for FLASK include a note on how to compile >>>> Xen with FLASK but the note was out of date after the change to Kconfig. >>>> >>>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> >>>> --- >>>> CC: Ian Jackson <ian.jackson@eu.citrix.com> >>>> CC: Jan Beulich <jbeulich@suse.com> >>>> CC: Keir Fraser <keir@xen.org> >>>> CC: Tim Deegan <tim@xen.org> >>>> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> >>>> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> >>>> >>>> Not sure if you want backticks around `make -C menuconfig`. I also figured >>>> we should route people towards menuconfig by default. The committer of >>>> this patch is welcome to change the wording or style in anyway they see >>>> fit. >>>> >>>> --- >>>> docs/misc/xen-command-line.markdown | 4 ++-- >>>> 1 file changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown >>>> index ca77e3b..949e210 100644 >>>> --- a/docs/misc/xen-command-line.markdown >>>> +++ b/docs/misc/xen-command-line.markdown >>>> @@ -665,8 +665,8 @@ to use the default. >>>> > Default: `permissive` >>>> >>>> Specify how the FLASK security server should be configured. This option is only >>>> -available if the hypervisor was compiled with XSM support (which can be enabled >>>> -by setting XSM\_ENABLE = y in .config). >>>> +available if the hypervisor was compiled with FLASK support. This can be >>>> +enabled by running make -C xen menuconfig and enabling XSM and FLASK. >>> >>> Would it be better said: >>> >>> .. "and enabling Common Features|Xen Security Module support (FLux Advanced Security >>> Kernel support gets enabled automatically)." >>> ? >> >> My response falls in the bucket of a tristate boolean. It depends on how >> you want to document these values. By the pretty strings or the >> searchable names. And then making sure all the doc places are consistent >> with that. > > That was more of what I saw - when I tried 'make -C xen menuconfig' I didn't > see XSM or FLASK (I am being anal here, but the point is that newbies may > need crystal clear explanations). > Perhaps both? > > > enabled by running: > * make -C xen menuconfig and enabling Common.... blahblah > * make -C xen oldconfig and enabling XSM and FLASK > > ? >> >> -- >> Doug Goldstein >> > > > I waited to see if some others wanted weigh in because this is the first of quite a few places in the docs that will need to be updated as I touch the remaining items in Rules.mk and wanted to make sure that however I things were documented they remained consistent. I'll take silence to mean acceptance and update this patch accordingly. Thanks for your help Konrad!
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index ca77e3b..949e210 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -665,8 +665,8 @@ to use the default. > Default: `permissive` Specify how the FLASK security server should be configured. This option is only -available if the hypervisor was compiled with XSM support (which can be enabled -by setting XSM\_ENABLE = y in .config). +available if the hypervisor was compiled with FLASK support. This can be +enabled by running make -C xen menuconfig and enabling XSM and FLASK. * `permissive`: This is intended for development and is not suitable for use with untrusted guests. If a policy is provided by the bootloader, it will be
The command line instructions for FLASK include a note on how to compile Xen with FLASK but the note was out of date after the change to Kconfig. Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- CC: Ian Jackson <ian.jackson@eu.citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Keir Fraser <keir@xen.org> CC: Tim Deegan <tim@xen.org> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> Not sure if you want backticks around `make -C menuconfig`. I also figured we should route people towards menuconfig by default. The committer of this patch is welcome to change the wording or style in anyway they see fit. --- docs/misc/xen-command-line.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)