Patchwork [1/1] UBUNTU: enforce -- ensure SYSFS compatibility is disabled

login
register
mail settings
Submitter Andy Whitcroft
Date May 27, 2010, 12:37 p.m.
Message ID <1274963837-19028-2-git-send-email-apw@canonical.com>
Download mbox | patch
Permalink /patch/53755/
State Accepted
Delegated to: Leann Ogasawara
Headers show

Comments

Andy Whitcroft - May 27, 2010, 12:37 p.m.
Ensure we have all of the SYSFS compatibility modes disabled.

BluePrint: http://blueprints.launchpad.net/ubuntu/+spec/kernel-maverick-upstart
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 debian/config/enforce |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
Stefan Bader - May 27, 2010, 1:07 p.m.
On 05/27/2010 02:37 PM, Andy Whitcroft wrote:
> Ensure we have all of the SYSFS compatibility modes disabled.
> 
> BluePrint: http://blueprints.launchpad.net/ubuntu/+spec/kernel-maverick-upstart
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  debian/config/enforce |    4 ++++
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/debian/config/enforce b/debian/config/enforce
> index 80be985..6481323 100644
> --- a/debian/config/enforce
> +++ b/debian/config/enforce
> @@ -38,3 +38,7 @@ value CONFIG_BLK_DEV_RAM_SIZE 65536
>  
>  # LVM requires dm_mod built in to activate correctly (LP: #560717)
>  value CONFIG_BLK_DEV_DM y
> +
> +# sysfs: ensure all DEPRECATED items are off
> +value CONFIG_SYSFS_DEPRECATED_V2 n
> +!exists CONFIG_SYSFS_DEPRECATED | value CONFIG_SYSFS_DEPRECATED n

Sorry for potentially being stupid here: that reads it is ok if either
CONFIG_SYSFS_DEPRECATED does not exist or if it does it needs to be n.
I think if CONFIG_SYSFS_DEPRECATED exists then CONFIG_SYSFS_DEPRECATED_V2 does
not, so would it need a similar construct?
Andy Whitcroft - May 28, 2010, 11:29 a.m.
On Thu, May 27, 2010 at 03:07:25PM +0200, Stefan Bader wrote:
> On 05/27/2010 02:37 PM, Andy Whitcroft wrote:
> > Ensure we have all of the SYSFS compatibility modes disabled.
> > 
> > BluePrint: http://blueprints.launchpad.net/ubuntu/+spec/kernel-maverick-upstart
> > Signed-off-by: Andy Whitcroft <apw@canonical.com>
> > ---
> >  debian/config/enforce |    4 ++++
> >  1 files changed, 4 insertions(+), 0 deletions(-)
> > 
> > diff --git a/debian/config/enforce b/debian/config/enforce
> > index 80be985..6481323 100644
> > --- a/debian/config/enforce
> > +++ b/debian/config/enforce
> > @@ -38,3 +38,7 @@ value CONFIG_BLK_DEV_RAM_SIZE 65536
> >  
> >  # LVM requires dm_mod built in to activate correctly (LP: #560717)
> >  value CONFIG_BLK_DEV_DM y
> > +
> > +# sysfs: ensure all DEPRECATED items are off
> > +value CONFIG_SYSFS_DEPRECATED_V2 n
> > +!exists CONFIG_SYSFS_DEPRECATED | value CONFIG_SYSFS_DEPRECATED n
> 
> Sorry for potentially being stupid here: that reads it is ok if either
> CONFIG_SYSFS_DEPRECATED does not exist or if it does it needs to be n.
> I think if CONFIG_SYSFS_DEPRECATED exists then CONFIG_SYSFS_DEPRECATED_V2 does
> not, so would it need a similar construct?

Actually CONFIG_SYSFS_DEPRECATED_V2 selects CONFIG_SYSFS_DEPRECATED and
there is a reverse dependancy such that if CONFIG_SYSFS_DEPRECATED_V2 is
n then the other does not appear.  _V2 is currently always there.  So by
not having the !exists we get warned when they change the names.

-apw
Stefan Bader - May 28, 2010, 12:34 p.m.
On 05/28/2010 01:29 PM, Andy Whitcroft wrote:
> On Thu, May 27, 2010 at 03:07:25PM +0200, Stefan Bader wrote:
>> On 05/27/2010 02:37 PM, Andy Whitcroft wrote:
>>> Ensure we have all of the SYSFS compatibility modes disabled.
>>>
>>> BluePrint: http://blueprints.launchpad.net/ubuntu/+spec/kernel-maverick-upstart
>>> Signed-off-by: Andy Whitcroft <apw@canonical.com>
>>> ---
>>>  debian/config/enforce |    4 ++++
>>>  1 files changed, 4 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/debian/config/enforce b/debian/config/enforce
>>> index 80be985..6481323 100644
>>> --- a/debian/config/enforce
>>> +++ b/debian/config/enforce
>>> @@ -38,3 +38,7 @@ value CONFIG_BLK_DEV_RAM_SIZE 65536
>>>  
>>>  # LVM requires dm_mod built in to activate correctly (LP: #560717)
>>>  value CONFIG_BLK_DEV_DM y
>>> +
>>> +# sysfs: ensure all DEPRECATED items are off
>>> +value CONFIG_SYSFS_DEPRECATED_V2 n
>>> +!exists CONFIG_SYSFS_DEPRECATED | value CONFIG_SYSFS_DEPRECATED n
>>
>> Sorry for potentially being stupid here: that reads it is ok if either
>> CONFIG_SYSFS_DEPRECATED does not exist or if it does it needs to be n.
>> I think if CONFIG_SYSFS_DEPRECATED exists then CONFIG_SYSFS_DEPRECATED_V2 does
>> not, so would it need a similar construct?
> 
> Actually CONFIG_SYSFS_DEPRECATED_V2 selects CONFIG_SYSFS_DEPRECATED and
> there is a reverse dependancy such that if CONFIG_SYSFS_DEPRECATED_V2 is
> n then the other does not appear.  _V2 is currently always there.  So by
> not having the !exists we get warned when they change the names.
> 
> -apw

I was momentarily thinking of kernels that "had been" which might not have a _V2
but we won't backport the checker that far, so...

Acked-by: Stefan Bader <stefan.bader@canonical.com>

Patch

diff --git a/debian/config/enforce b/debian/config/enforce
index 80be985..6481323 100644
--- a/debian/config/enforce
+++ b/debian/config/enforce
@@ -38,3 +38,7 @@  value CONFIG_BLK_DEV_RAM_SIZE 65536
 
 # LVM requires dm_mod built in to activate correctly (LP: #560717)
 value CONFIG_BLK_DEV_DM y
+
+# sysfs: ensure all DEPRECATED items are off
+value CONFIG_SYSFS_DEPRECATED_V2 n
+!exists CONFIG_SYSFS_DEPRECATED | value CONFIG_SYSFS_DEPRECATED n