|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 15/15] xsm: add a default policy to .init.data
>>> On 09.06.16 at 16:47, <dgdegra@xxxxxxxxxxxxx> wrote: > --- a/xen/common/Kconfig > +++ b/xen/common/Kconfig > @@ -132,6 +132,23 @@ config FLASK > > If unsure, say Y. > > +config XSM_POLICY > + bool "Compile Xen with a built-in security policy" > + default y > + depends on XSM > + ---help--- > + This includes a default XSM policy in the hypervisor so that the > + bootloader does not need to load a policy to get sane behavior from an > + XSM-enabled hypervisor. If this is disabled, a policy must be > + provided by the bootloader or by Domain 0. Even if this is enabled, a > + policy provided by the bootloader will override it. > + > + This requires that the SELinux policy compiler (checkpolicy) be > + available when compiling the hypervisor; if this tool is not found, no > + policy will be added. > + > + If unsure, say Y. > + > config FLASK_AVC_STATS > def_bool y > depends on FLASK Placing this between FLASK and FLASK_AVC_STATS will break proper menuconfig representation of the latter afaict. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |