George Dunlap writes ("Re: Xen XSM/FLASK policy, grub defaults, etc."):
> > On May 27, 2020, at 4:41 PM, Ian Jackson <ian.jack...@citrix.com> wrote:
> > 3. Failing that, Xen should provide some other mechanism which would
> > enable something like update-grub to determine whether a particular
> > hypervisor can sensibly be run with a policy file and flask=enforcing.
>
> So you want update-grub to check whether *the Xen binary it’s creating
> entries for* has FLASK enabled. We generally include the Xen config used to
> build the hypervisor — could we have it check for CONFIG_XSM_FLASK?
That would be a possibility. Including kernel configs has gone out of
fashion but I think most distros ship them.
Are we confident that this config name will remain stable ?
And I guess if the .config can't be found then the XSM boot entry
should be included ?
Ian.
