FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 12-15-2009, 04:19 PM
Andy Whitcroft
 
Default Config Enforcer V2

It was proposed that we add a config enforcer build check to the kernel
build process. This checker reviews the configuration at build time to
confirm that specific options have specific values. This allows us to
confirm and enforce the values of cirtain values. Where those values
are not set the build will fail.

This patch set adds a new check phase 'prepare-checks' which is triggered
when the prepare phase is running. It then adds a new config-prepare-check
which looks at the newly generated config and checks the specified options.

The config option checks are specified debian.master/configs/enforce.
This contains a predicate based language. Each line represents one
check, if the the line evaluates false then the check is deemed failed.
Each line is made up of one or more predicates which are assertions.
The primary assertions relate to the existance and values of parameters:

value CONFIG_SYN_COOKIES y
exists CONFIG_SYN_COOKIES

The rest of the assertions check environmentatal factors such as architecture
and flavour names:

arch armel
flavour generic

These may be combined using and/or and parentheses, the resulting formular
is then executed and if the overall result is true the line is ok. This allows us to ensure options are set to different values based on architecture:

(( arch armel | arch sparc ) & value CONFIG_DEFAULT_MMAP_MIN_ADDR 32768 ) |
( value CONFIG_DEFAULT_MMAP_MIN_ADDR 65536)

Following this email are 6 patches. The first brings the new checker and
some basic rules. The second a test suite for the parser. The remainder
fix up the various violations this tester detects.

-apw

Andy Whitcroft (6):
UBUNTU: config-check -- add a configuration enforcer
UBUNTU: config-check -- add a unit-test suite to the checker
UBUNTU: [Config] Enable CONFIG_SYN_COOKIES for versatile
UBUNTU: [Config] Enable CONFIG_SECURITY_SMACK for ports
UBUNTU: [Config] Enable CONFIG_SECURITY_FILE_CAPABILITIES for ports
UBUNTU: [Config] Disable CONFIG_COMPAT_BRK for ports

debian.master/config/amd64/config.common.amd64 | 1 -
debian.master/config/armel/config.common.armel | 1 -
debian.master/config/config.common.ports | 7 +-
debian.master/config/config.common.ubuntu | 1 +
debian.master/config/enforce | 25 ++
debian.master/config/i386/config.common.i386 | 1 -
debian.master/config/lpia/config.common.lpia | 1 -
debian.master/rules.d/2-binary-arch.mk | 2 +-
debian.master/rules.d/4-checks.mk | 8 +
debian.master/scripts/config-check | 389 ++++++++++++++++++++++++
debian.master/scripts/misc/kernelconfig | 25 ++-
11 files changed, 452 insertions(+), 9 deletions(-)
create mode 100644 debian.master/config/enforce
create mode 100755 debian.master/scripts/config-check


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 12-16-2009, 07:44 PM
Tim Gardner
 
Default Config Enforcer V2

Andy Whitcroft wrote:
> It was proposed that we add a config enforcer build check to the kernel
> build process. This checker reviews the configuration at build time to
> confirm that specific options have specific values. This allows us to
> confirm and enforce the values of cirtain values. Where those values
> are not set the build will fail.
>
> This patch set adds a new check phase 'prepare-checks' which is triggered
> when the prepare phase is running. It then adds a new config-prepare-check
> which looks at the newly generated config and checks the specified options.
>
> The config option checks are specified debian.master/configs/enforce.
> This contains a predicate based language. Each line represents one
> check, if the the line evaluates false then the check is deemed failed.
> Each line is made up of one or more predicates which are assertions.
> The primary assertions relate to the existance and values of parameters:
>
> value CONFIG_SYN_COOKIES y
> exists CONFIG_SYN_COOKIES
>
> The rest of the assertions check environmentatal factors such as architecture
> and flavour names:
>
> arch armel
> flavour generic
>
> These may be combined using and/or and parentheses, the resulting formular
> is then executed and if the overall result is true the line is ok. This allows us to ensure options are set to different values based on architecture:
>
> (( arch armel | arch sparc ) & value CONFIG_DEFAULT_MMAP_MIN_ADDR 32768 ) |
> ( value CONFIG_DEFAULT_MMAP_MIN_ADDR 65536)
>
> Following this email are 6 patches. The first brings the new checker and
> some basic rules. The second a test suite for the parser. The remainder
> fix up the various violations this tester detects.
>
> -apw
>
> Andy Whitcroft (6):
> UBUNTU: config-check -- add a configuration enforcer
> UBUNTU: config-check -- add a unit-test suite to the checker
> UBUNTU: [Config] Enable CONFIG_SYN_COOKIES for versatile
> UBUNTU: [Config] Enable CONFIG_SECURITY_SMACK for ports
> UBUNTU: [Config] Enable CONFIG_SECURITY_FILE_CAPABILITIES for ports
> UBUNTU: [Config] Disable CONFIG_COMPAT_BRK for ports
>
> debian.master/config/amd64/config.common.amd64 | 1 -
> debian.master/config/armel/config.common.armel | 1 -
> debian.master/config/config.common.ports | 7 +-
> debian.master/config/config.common.ubuntu | 1 +
> debian.master/config/enforce | 25 ++
> debian.master/config/i386/config.common.i386 | 1 -
> debian.master/config/lpia/config.common.lpia | 1 -
> debian.master/rules.d/2-binary-arch.mk | 2 +-
> debian.master/rules.d/4-checks.mk | 8 +
> debian.master/scripts/config-check | 389 ++++++++++++++++++++++++
> debian.master/scripts/misc/kernelconfig | 25 ++-
> 11 files changed, 452 insertions(+), 9 deletions(-)
> create mode 100644 debian.master/config/enforce
> create mode 100755 debian.master/scripts/config-check
>
>

Just do it.

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 12-17-2009, 08:09 AM
Andy Whitcroft
 
Default Config Enforcer V2

Applied to Lucid.

-apw

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 08:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org