Xen project Mailing List

Re: [Xen-devel] [PATCH v2] docs: update FLASK cmd line instructions

From: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>

Date: Tue, 22 Mar 2016 16:57:53 -0400

Cc: Keir Fraser <keir@xxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxx, Jan Beulich <jbeulich@xxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Delivery-date: Tue, 22 Mar 2016 20:58:08 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Mar 18, 2016 at 11:46:03AM -0500, Doug Goldstein wrote: > The command line instructions for FLASK include a note on how to compile > Xen with FLASK but the note was out of date after the change to Kconfig. > > Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > --- > CC: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > CC: Jan Beulich <jbeulich@xxxxxxxx> > CC: Keir Fraser <keir@xxxxxxx> > CC: Tim Deegan <tim@xxxxxxx> > CC: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> > CC: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> > > change since v1: > - add menuconfig and config entries as suggested by Konrad > - caught another place mentioning XSM_ENABLE > --- > docs/misc/xen-command-line.markdown | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown > b/docs/misc/xen-command-line.markdown > index ca77e3b..e4e4437 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -665,8 +665,10 @@ to use the default. > > Default: `permissive` > > Specify how the FLASK security server should be configured. This option is > only > -available if the hypervisor was compiled with XSM support (which can be > enabled > -by setting XSM\_ENABLE = y in .config). > +available if the hypervisor was compiled with FLASK support. This can be > +enabled by running either: > +- make -C xen config and enabling XSM and FLASK. > +- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel > support' and 'Xen Security Modules support' > > * `permissive`: This is intended for development and is not suitable for use > with untrusted guests. If a policy is provided by the bootloader, it will > be > @@ -805,7 +807,7 @@ Paging (HAP). > Enable late hardware domain creation using the specified domain ID. This is > intended to be used when domain 0 is a stub domain which builds a > disaggregated > system including a hardware domain with the specified domain ID. This > option is > -supported only when compiled with XSM\_ENABLE=y on x86. > +supported only when compiled with XSM on x86. > > ### hest\_disable > > ` = <boolean>` > -- > 2.7.3 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.