I tried enabling https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK through the USE=flask flag of app-emulation/xen, however while the ebuild does what it says in the documentation - it would appear that upstream may have changed something at some point: # xl getenforce Flask XSM Disabled Looking at /boot/xen-4.14.2.config, I can see: # CONFIG_XSM is not set This configuration appears to be autogenerated at the make xen of the src_compile stage, and I cannot find a way to inject this config option before the build starts. I've also tried doing: src_compile() { use flask && myopt="${myopt} CONFIG_XSM=y CONFIG_XSM_FLASK=y" # Send raw LDFLAGS so that --as-needed works emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt} } ...but that does not seem to have an effect either. If I manually go into the work directory and run make menuconfig and select the XSM option, these settings are configured: CONFIG_XSM=y CONFIG_XSM_FLASK=y CONFIG_XSM_FLASK_AVC_STATS=y CONFIG_XSM_FLASK_POLICY=y CONFIG_XSM_SILO=y # CONFIG_XSM_DUMMY_DEFAULT is not set CONFIG_XSM_FLASK_DEFAULT=y
Please post also emerge --info and build log
Thanks for the report, it XSM options was converted to Kconfig https://github.com/mirage/xen/commit/20c8f1a8a5fd61cb6f0ba6f3c3b3d567b1765116
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2c2f779b6943e83e77b248b567c1e1d840c137 commit 4f2c2f779b6943e83e77b248b567c1e1d840c137 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2021-09-11 11:01:18 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-09-18 09:49:58 +0000 app-emulation/xen: bump to 4.14.3/4.15.1 Bug: https://bugs.gentoo.org/812485 Bug: https://bugs.gentoo.org/810341 Closes: https://bugs.gentoo.org/800935 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/22270 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-emulation/xen/Manifest | 2 + app-emulation/xen/files/xen-4.15-flask.patch | 13 +++ app-emulation/xen/xen-4.14.3.ebuild | 167 +++++++++++++++++++++++++++ app-emulation/xen/xen-4.15.1.ebuild | 167 +++++++++++++++++++++++++++ 4 files changed, 349 insertions(+)