[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] Revert "convert FLASK_ENABLE to Kconfig"

commit f7347a282420a5edc74afb31e7c42c2765f24de5
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Jan 8 17:35:30 2016 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Jan 8 17:35:30 2016 +0100

    Revert "convert FLASK_ENABLE to Kconfig"
    
    This reverts commit b36bf230270baba4f0fe35b230ea8b80ebb2c4a7,
    as osstest needs to be ready first.
---
 Config.mk                |    1 +
 INSTALL                  |    6 +-----
 docs/misc/xsm-flask.txt  |    5 ++---
 xen/Rules.mk             |    1 +
 xen/common/Kconfig       |   11 -----------
 xen/include/Makefile     |    2 +-
 xen/include/xen/config.h |    2 +-
 xen/include/xen/sched.h  |    2 +-
 xen/xsm/Makefile         |    2 +-
 9 files changed, 9 insertions(+), 23 deletions(-)

diff --git a/Config.mk b/Config.mk
index 1315918..a3be5ed 100644
--- a/Config.mk
+++ b/Config.mk
@@ -214,6 +214,7 @@ EMBEDDED_EXTRA_CFLAGS += -fno-exceptions
 
 # Enable XSM security module (by default, Flask).
 XSM_ENABLE ?= n
+FLASK_ENABLE ?= $(XSM_ENABLE)
 
 XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
 # All the files at that location were downloaded from elsewhere on
diff --git a/INSTALL b/INSTALL
index c51447b..b7e426c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -278,11 +278,7 @@ PYTHON_PREFIX_ARG=
 The hypervisor may be build with XSM support, which can be changed with
 the following variables.
 XSM_ENABLE=y
-
-The hypervisor may be build with Flask support, which can be changed
-by running:
-make -C xen menuconfig
-and enabling Flask in the 'Common Features' menu.
+FLASK_ENABLE=y
 
 Do a build for coverage.
 coverage=y
diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
index f2f0fd4..7249f40 100644
--- a/docs/misc/xsm-flask.txt
+++ b/docs/misc/xsm-flask.txt
@@ -172,9 +172,8 @@ Setting up FLASK
 ----------------
 
 Xen must be compiled with XSM and FLASK enabled; by default, the security
-framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE to
-"y" and running 'make -C xen menuconfig' and enabling FLASK inside 'Common
-Features'; this change requires a make clean and rebuild.
+framework is disabled. Edit Config.mk or the .config file to set XSM_ENABLE and
+FLASK_ENABLE to "y"; this change requires a make clean and rebuild.
 
 FLASK uses only one domain configuration parameter (seclabel) defining the
 full security label of the newly created domain. If using the example policy,
diff --git a/xen/Rules.mk b/xen/Rules.mk
index 9e4e6ff..f7ddc69 100644
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -53,6 +53,7 @@ CFLAGS += -pipe -g -D__XEN__ -include 
$(BASEDIR)/include/xen/config.h
 CFLAGS += '-D__OBJECT_FILE__="$@"'
 
 CFLAGS-$(XSM_ENABLE)    += -DXSM_ENABLE
+CFLAGS-$(FLASK_ENABLE)  += -DFLASK_ENABLE
 CFLAGS-$(verbose)       += -DVERBOSE
 CFLAGS-$(crash_debug)   += -DCRASH_DEBUG
 CFLAGS-$(perfc)         += -DPERF_COUNTERS
diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 6373b7f..046e257 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -8,17 +8,6 @@ config COMPAT
          HVM and PV guests. HVMLoader makes 32-bit hypercalls irrespective
          of the destination runmode of the guest.
 
-config FLASK
-       bool "FLux Advanced Security Kernel support"
-       default n
-       --help---
-         Enables the FLASK (FLux Advanced Security Kernel) support which
-         provides a mandatory access control framework by which security
-         enforcement, isolation, and auditing can be achieved with fine
-         granular control via a security policy.
-
-         If unsure, say N.
-
 # Select HAS_DEVICE_TREE if device tree is supported
 config HAS_DEVICE_TREE
        bool
diff --git a/xen/include/Makefile b/xen/include/Makefile
index 9c8188b..94ba3d8 100644
--- a/xen/include/Makefile
+++ b/xen/include/Makefile
@@ -28,7 +28,7 @@ headers-$(CONFIG_X86)     += compat/arch-x86/xen.h
 headers-$(CONFIG_X86)     += compat/arch-x86/xen-$(compat-arch-y).h
 headers-$(CONFIG_X86)     += compat/hvm/hvm_vcpu.h
 headers-y                 += compat/arch-$(compat-arch-y).h compat/pmu.h 
compat/xlat.h
-headers-$(CONFIG_FLASK)   += compat/xsm/flask_op.h
+headers-$(FLASK_ENABLE)   += compat/xsm/flask_op.h
 
 cppflags-y                := -include public/xen-compat.h
 cppflags-$(CONFIG_X86)    += -m32
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index bba015a..7595599 100644
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -86,7 +86,7 @@
 #define mk_unsigned_long(x) x
 #endif /* !__ASSEMBLY__ */
 
-#ifdef CONFIG_FLASK
+#ifdef FLASK_ENABLE
 #define XSM_MAGIC 0xf97cff8c
 /* Maintain statistics on the access vector cache */
 #define FLASK_AVC_STATS 1
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 6ea3cc7..fc61fc3 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -119,7 +119,7 @@ struct evtchn
          */
         void *generic;
 #endif
-#ifdef CONFIG_FLASK
+#ifdef FLASK_ENABLE
         /*
          * Inlining the contents of the structure for FLASK avoids unneeded
          * allocations, and on 64-bit platforms with only FLASK enabled,
diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index d29e71c..16c13b5 100644
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -4,4 +4,4 @@ obj-y += xsm_policy.o
 obj-y += dummy.o
 endif
 
-subdir-$(CONFIG_FLASK) += flask
+subdir-$(FLASK_ENABLE) += flask
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.