Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 800935

Summary: app-emulation/xen-4.14.2-r1: USE=flask does not enable XSM
Product: Gentoo Linux Reporter: Jonathan Davies <jpds>
Component: Current packagesAssignee: Tomáš Mózes <hydrapolic>
Status: RESOLVED FIXED    
Severity: normal CC: proxy-maint, selinux, xen
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/22270
Whiteboard:
Package list:
Runtime testing required: ---

Description Jonathan Davies 2021-07-06 22:24:55 UTC
I tried enabling https://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK through the USE=flask flag of app-emulation/xen, however while the ebuild does what it says in the documentation - it would appear that upstream may have changed something at some point:

# xl getenforce
Flask XSM Disabled

Looking at /boot/xen-4.14.2.config, I can see:

# CONFIG_XSM is not set

This configuration appears to be autogenerated at the make xen of the src_compile stage, and I cannot find a way to inject this config option before the build starts.

I've also tried doing:

src_compile() {
        use flask && myopt="${myopt} CONFIG_XSM=y CONFIG_XSM_FLASK=y"
        # Send raw LDFLAGS so that --as-needed works
        emake V=1 CC="$(tc-getCC)" LDFLAGS="$(raw-ldflags)" LD="$(tc-getLD)" -C xen ${myopt}
}

...but that does not seem to have an effect either. If I manually go into the work directory and run make menuconfig and select the XSM option, these settings are configured:

CONFIG_XSM=y
CONFIG_XSM_FLASK=y
CONFIG_XSM_FLASK_AVC_STATS=y
CONFIG_XSM_FLASK_POLICY=y
CONFIG_XSM_SILO=y
# CONFIG_XSM_DUMMY_DEFAULT is not set
CONFIG_XSM_FLASK_DEFAULT=y
Comment 1 Marco Scardovi (scardracs) 2021-07-07 18:47:22 UTC
Please post also emerge --info and build log
Comment 2 Tomáš Mózes 2021-09-11 11:42:29 UTC
Thanks for the report, it XSM options was converted to Kconfig https://github.com/mirage/xen/commit/20c8f1a8a5fd61cb6f0ba6f3c3b3d567b1765116
Comment 3 Larry the Git Cow gentoo-dev 2021-09-18 09:50:09 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f2c2f779b6943e83e77b248b567c1e1d840c137

commit 4f2c2f779b6943e83e77b248b567c1e1d840c137
Author:     Tomáš Mózes <hydrapolic@gmail.com>
AuthorDate: 2021-09-11 11:01:18 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-09-18 09:49:58 +0000

    app-emulation/xen: bump to 4.14.3/4.15.1
    
    Bug: https://bugs.gentoo.org/812485
    Bug: https://bugs.gentoo.org/810341
    Closes: https://bugs.gentoo.org/800935
    Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
    Closes: https://github.com/gentoo/gentoo/pull/22270
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 app-emulation/xen/Manifest                   |   2 +
 app-emulation/xen/files/xen-4.15-flask.patch |  13 +++
 app-emulation/xen/xen-4.14.3.ebuild          | 167 +++++++++++++++++++++++++++
 app-emulation/xen/xen-4.15.1.ebuild          | 167 +++++++++++++++++++++++++++
 4 files changed, 349 insertions(+)