On 06/05/2012 07:17 AM, Alexander Graf wrote:
On 05.06.2012, at 01:11, Anthony Liguori wrote:
On 06/05/2012 02:16 AM, Paul Moore wrote:
On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:
This needs to be optional and disabled by default I think. I strongly
dislike disabling a feature when a user isn't asking for it. You can
introduce a global -enable-fips-mode or something like that.
I'll resend the patch, but before I do I want to make sure the defaults are
set to whatever you find acceptable to merging and the second sentence above
has me a little confused; do you mean "... dislike _enabling_ a feature when a
user isn't asking for it."?
I dislike *removing* a feature unless a user has explicitly asked us too.
If a user isn't aware that fips mode is enabled, they will have no idea why VNC
authentication doesn't work. I think we should let a user choice whether they
want QEMU to respect fips mode or not.
While I agree in general, for FIPS chances are basically negligible that you
accidentally enable it. And if you do, the rest of your system will have gone
mad before you notice QEMU behaving differently anyways :)
Have you ever experienced a random failure on an SELinux box that made no
logical sense? Out of desperation, you setenforce 0 and magically, thinks work
again.
Even if the user enabled fips mode, they may not understand that this means VNC
authentication will stop working. Providing an option (1) allows the user to
discover what the problem is (2) makes the behavior much more clear.
Removing features based on a magic procfs variable with no input from the user
is a bad idea IMHO.
Regards,
Anthony Liguori
Alex
