summaryrefslogtreecommitdiffstats
path: root/debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch')
-rw-r--r--debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch b/debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch
new file mode 100644
index 0000000..315bdab
--- /dev/null
+++ b/debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch
@@ -0,0 +1,35 @@
+From 4d208a51f41c6df932805dfd681ad64a02c2c728 Mon Sep 17 00:00:00 2001
+From: Ian Jackson <ian.jackson@eu.citrix.com>
+Date: Wed, 27 May 2020 17:00:45 +0100
+Subject: 20_linux_xen: Do not load XSM policy in non-XSM options
+
+For complicated reasons, even if you have XSM/FLASK disabled (as is
+the default) the Xen build system still builds a policy file and puts
+it in /boot.
+
+Even so, we shouldn't be loading this in the usual non-"XSM enabled"
+entries. It doesn't do any particular harm but it is quite confusing.
+
+Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
+
+Bug-Debian: https://bugs.debian.org/961673
+Last-Update: 2020-05-29
+
+Patch-Name: xen-no-xsm-policy-in-non-xsm-options.patch
+---
+ util/grub.d/20_linux_xen.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
+index d99751a94..a12780ebe 100644
+--- a/util/grub.d/20_linux_xen.in
++++ b/util/grub.d/20_linux_xen.in
+@@ -173,7 +173,7 @@ EOF
+ ${module_loader} --nounzip $(echo $initrd_path)
+ EOF
+ fi
+- if test -n "${xenpolicy}" ; then
++ if ${xsm} && test -n "${xenpolicy}" ; then
+ message="$(gettext_printf "Loading XSM policy ...")"
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'