|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 15/15] xsm: add a default policy to .init.data
>>> On 09.06.16 at 18:53, <dgdegra@xxxxxxxxxxxxx> wrote: > On 06/09/2016 12:15 PM, Jan Beulich wrote: >>>>> On 09.06.16 at 16:47, <dgdegra@xxxxxxxxxxxxx> wrote: >>> --- a/xen/common/Kconfig >>> +++ b/xen/common/Kconfig >>> @@ -132,6 +132,23 @@ config FLASK >>> >>> If unsure, say Y. >>> >>> +config XSM_POLICY >>> + bool "Compile Xen with a built-in security policy" >>> + default y >>> + depends on XSM >>> + ---help--- >>> + This includes a default XSM policy in the hypervisor so that the >>> + bootloader does not need to load a policy to get sane behavior from an >>> + XSM-enabled hypervisor. If this is disabled, a policy must be >>> + provided by the bootloader or by Domain 0. Even if this is enabled, a >>> + policy provided by the bootloader will override it. >>> + >>> + This requires that the SELinux policy compiler (checkpolicy) be >>> + available when compiling the hypervisor; if this tool is not found, no >>> + policy will be added. >>> + >>> + If unsure, say Y. >>> + >>> config FLASK_AVC_STATS >>> def_bool y >>> depends on FLASK >> >> Placing this between FLASK and FLASK_AVC_STATS will break proper >> menuconfig representation of the latter afaict. > > This option isn't visible in menuconfig. Should I make it visible? Ah, true. No, it shouldn't become visible now, but since it may become visible eventually I'd still prefer if the ordering was done as if all options having some dependency also had a prompt (reducing future code churn). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |