[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 13/17] xen: move FLASK entry under XSM in Kconfig


  • To: xen-devel@xxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Mon, 20 Jun 2016 10:04:22 -0400
  • Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Mon, 20 Jun 2016 14:04:56 +0000
  • Ironport-phdr: 9a23:SlbWcx30vn5MJjJGsmDT+DRfVm0co7zxezQtwd8ZsegQK/ad9pjvdHbS+e9qxAeQG96LurQV1qGI7OjJYi8p39WoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09fr2zQd6DyZXqnL7ts7ToICx2xxOFKYtoKxu3qQiD/uI3uqBFbpgL9x3Sv3FTcP5Xz247bXianhL7+9vitMU7q3cYhuglv/Jkfe26Ov5gDO8QMDNzI20zocHmqxTHZQ+O/WcHFHUblFxPGQeWwgv9W8Lduy37u+419CTSEtf/RL58DTit46pkUhbAlDYMNzl/9nrezMN3kvQI81qauxVjztuMM8muP/1kc/aYJ4sX
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

Since enabling XSM is required to enable FLASK, place the option for
FLASK below the one for XSM.  In addition, since it does not make sense
to enable XSM without any XSM providers, and FLASK is the only XSM
provider, hide the option to disable FLASK under EXPERT.

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 xen/common/Kconfig | 37 +++++++++++++++++++------------------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index cd59574..6a51fd5 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -11,24 +11,6 @@ config COMPAT
 config CORE_PARKING
        bool
 
-config FLASK
-       bool "FLux Advanced Security Kernel support"
-       default y
-       depends on XSM
-       ---help---
-         Enables the FLASK (FLux Advanced Security Kernel) support which
-         provides a mandatory access control framework by which security
-         enforcement, isolation, and auditing can be achieved with fine
-         granular control via a security policy.
-
-         If unsure, say N.
-
-config FLASK_AVC_STATS
-       def_bool y
-       depends on FLASK
-       ---help---
-         Maintain statistics on the access vector cache
-
 # Select HAS_DEVICE_TREE if device tree is supported
 config HAS_DEVICE_TREE
        bool
@@ -137,6 +119,25 @@ config XSM
 
          If unsure, say N.
 
+config FLASK
+       def_bool y
+       bool "FLux Advanced Security Kernel support" if EXPERT = "y"
+       depends on XSM
+       ---help---
+         Enables FLASK (FLux Advanced Security Kernel) as the access control
+         mechanism used by the XSM framework.  This provides a mandatory access
+         control framework by which security enforcement, isolation, and
+         auditing can be achieved with fine granular control via a security
+         policy.
+
+         If unsure, say Y.
+
+config FLASK_AVC_STATS
+       def_bool y
+       depends on FLASK
+       ---help---
+         Maintain statistics on the access vector cache
+
 # Enable schedulers
 menu "Schedulers"
        visible if EXPERT = "y"
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.