Message ID | 1458319563-25983-1-git-send-email-cardoe@cardoe.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Fri, Mar 18, 2016 at 11:46:03AM -0500, Doug Goldstein wrote: > The command line instructions for FLASK include a note on how to compile > Xen with FLASK but the note was out of date after the change to Kconfig. > > Signed-off-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > --- > CC: Ian Jackson <ian.jackson@eu.citrix.com> > CC: Jan Beulich <jbeulich@suse.com> > CC: Keir Fraser <keir@xen.org> > CC: Tim Deegan <tim@xen.org> > CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > change since v1: > - add menuconfig and config entries as suggested by Konrad > - caught another place mentioning XSM_ENABLE > --- > docs/misc/xen-command-line.markdown | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown > index ca77e3b..e4e4437 100644 > --- a/docs/misc/xen-command-line.markdown > +++ b/docs/misc/xen-command-line.markdown > @@ -665,8 +665,10 @@ to use the default. > > Default: `permissive` > > Specify how the FLASK security server should be configured. This option is only > -available if the hypervisor was compiled with XSM support (which can be enabled > -by setting XSM\_ENABLE = y in .config). > +available if the hypervisor was compiled with FLASK support. This can be > +enabled by running either: > +- make -C xen config and enabling XSM and FLASK. > +- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel support' and 'Xen Security Modules support' > > * `permissive`: This is intended for development and is not suitable for use > with untrusted guests. If a policy is provided by the bootloader, it will be > @@ -805,7 +807,7 @@ Paging (HAP). > Enable late hardware domain creation using the specified domain ID. This is > intended to be used when domain 0 is a stub domain which builds a disaggregated > system including a hardware domain with the specified domain ID. This option is > -supported only when compiled with XSM\_ENABLE=y on x86. > +supported only when compiled with XSM on x86. > > ### hest\_disable > > ` = <boolean>` > -- > 2.7.3 >
>>> On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote: > The command line instructions for FLASK include a note on how to compile > Xen with FLASK but the note was out of date after the change to Kconfig. > > Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > --- > CC: Ian Jackson <ian.jackson@eu.citrix.com> > CC: Jan Beulich <jbeulich@suse.com> > CC: Keir Fraser <keir@xen.org> > CC: Tim Deegan <tim@xen.org> > CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> Daniel, any chance we could get your ack (or otherwise) on this? Thanks, Jan
Jan Beulich writes ("Re: [Xen-devel] [PATCH v2] docs: update FLASK cmd line instructions"): > On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote: > > The command line instructions for FLASK include a note on how to compile > > Xen with FLASK but the note was out of date after the change to Kconfig. ... > Daniel, > any chance we could get your ack (or otherwise) on this? TBH I would have just committed this - it being only a docs patch. But I am happy to wait a bit to give Daniel a chance to comment. Thanks, Ian.
On 04/25/2016 08:17 AM, Jan Beulich wrote: >>>> On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote: >> The command line instructions for FLASK include a note on how to compile >> Xen with FLASK but the note was out of date after the change to Kconfig. >> >> Signed-off-by: Doug Goldstein <cardoe@cardoe.com> >> --- >> CC: Ian Jackson <ian.jackson@eu.citrix.com> >> CC: Jan Beulich <jbeulich@suse.com> >> CC: Keir Fraser <keir@xen.org> >> CC: Tim Deegan <tim@xen.org> >> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> >> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > Daniel, > > any chance we could get your ack (or otherwise) on this? > > Thanks, Jan > > Sure, I didn't realize you were waiting on it. The patch looks good. Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
On Mon, Apr 25, 2016 at 11:24:59AM -0400, Daniel De Graaf wrote: > On 04/25/2016 08:17 AM, Jan Beulich wrote: > >>>>On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote: > >>The command line instructions for FLASK include a note on how to compile > >>Xen with FLASK but the note was out of date after the change to Kconfig. > >> > >>Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > >>--- > >>CC: Ian Jackson <ian.jackson@eu.citrix.com> > >>CC: Jan Beulich <jbeulich@suse.com> > >>CC: Keir Fraser <keir@xen.org> > >>CC: Tim Deegan <tim@xen.org> > >>CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > >>CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > > >Daniel, > > > >any chance we could get your ack (or otherwise) on this? > > > >Thanks, Jan > > > > > > Sure, I didn't realize you were waiting on it. The patch looks good. > > Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > Thank you all. Queued. Wei.
On Mon, Apr 25, 2016 at 04:34:06PM +0100, Wei Liu wrote: > On Mon, Apr 25, 2016 at 11:24:59AM -0400, Daniel De Graaf wrote: > > On 04/25/2016 08:17 AM, Jan Beulich wrote: > > >>>>On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote: > > >>The command line instructions for FLASK include a note on how to compile > > >>Xen with FLASK but the note was out of date after the change to Kconfig. > > >> > > >>Signed-off-by: Doug Goldstein <cardoe@cardoe.com> > > >>--- > > >>CC: Ian Jackson <ian.jackson@eu.citrix.com> > > >>CC: Jan Beulich <jbeulich@suse.com> > > >>CC: Keir Fraser <keir@xen.org> > > >>CC: Tim Deegan <tim@xen.org> > > >>CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > > >>CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > > > > >Daniel, > > > > > >any chance we could get your ack (or otherwise) on this? > > > > > >Thanks, Jan > > > > > > > > > > Sure, I didn't realize you were waiting on it. The patch looks good. > > > > Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> > > > > Thank you all. Queued. > Strangely this patch doesn't apply cleanly for me. I fixed it up by hand. Please check the patch in staging if you are keen. :-) Wei. > Wei.
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown index ca77e3b..e4e4437 100644 --- a/docs/misc/xen-command-line.markdown +++ b/docs/misc/xen-command-line.markdown @@ -665,8 +665,10 @@ to use the default. > Default: `permissive` Specify how the FLASK security server should be configured. This option is only -available if the hypervisor was compiled with XSM support (which can be enabled -by setting XSM\_ENABLE = y in .config). +available if the hypervisor was compiled with FLASK support. This can be +enabled by running either: +- make -C xen config and enabling XSM and FLASK. +- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel support' and 'Xen Security Modules support' * `permissive`: This is intended for development and is not suitable for use with untrusted guests. If a policy is provided by the bootloader, it will be @@ -805,7 +807,7 @@ Paging (HAP). Enable late hardware domain creation using the specified domain ID. This is intended to be used when domain 0 is a stub domain which builds a disaggregated system including a hardware domain with the specified domain ID. This option is -supported only when compiled with XSM\_ENABLE=y on x86. +supported only when compiled with XSM on x86. ### hest\_disable > ` = <boolean>`
The command line instructions for FLASK include a note on how to compile Xen with FLASK but the note was out of date after the change to Kconfig. Signed-off-by: Doug Goldstein <cardoe@cardoe.com> --- CC: Ian Jackson <ian.jackson@eu.citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Keir Fraser <keir@xen.org> CC: Tim Deegan <tim@xen.org> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> change since v1: - add menuconfig and config entries as suggested by Konrad - caught another place mentioning XSM_ENABLE --- docs/misc/xen-command-line.markdown | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)