xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Doug Goldstein <cardoe@cardoe.com>
To: xen-devel@lists.xen.org
Cc: Keir Fraser <keir@xen.org>, Doug Goldstein <cardoe@cardoe.com>,
	Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>,
	Jan Beulich <jbeulich@suse.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH v2] docs: update FLASK cmd line instructions
Date: Fri, 18 Mar 2016 11:46:03 -0500	[thread overview]
Message-ID: <1458319563-25983-1-git-send-email-cardoe@cardoe.com> (raw)

The command line instructions for FLASK include a note on how to compile
Xen with FLASK but the note was out of date after the change to Kconfig.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
---
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Keir Fraser <keir@xen.org>
CC: Tim Deegan <tim@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>

change since v1:
- add menuconfig and config entries as suggested by Konrad
- caught another place mentioning XSM_ENABLE
---
 docs/misc/xen-command-line.markdown | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index ca77e3b..e4e4437 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -665,8 +665,10 @@ to use the default.
 > Default: `permissive`
 
 Specify how the FLASK security server should be configured.  This option is only
-available if the hypervisor was compiled with XSM support (which can be enabled
-by setting XSM\_ENABLE = y in .config).
+available if the hypervisor was compiled with FLASK support.  This can be
+enabled by running either:
+- make -C xen config and enabling XSM and FLASK.
+- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel support' and 'Xen Security Modules support'
 
 * `permissive`: This is intended for development and is not suitable for use
   with untrusted guests.  If a policy is provided by the bootloader, it will be
@@ -805,7 +807,7 @@ Paging (HAP).
 Enable late hardware domain creation using the specified domain ID.  This is
 intended to be used when domain 0 is a stub domain which builds a disaggregated
 system including a hardware domain with the specified domain ID.  This option is
-supported only when compiled with XSM\_ENABLE=y on x86.
+supported only when compiled with XSM on x86.
 
 ### hest\_disable
 > ` = <boolean>`
-- 
2.7.3


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

             reply	other threads:[~2016-03-18 16:46 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-18 16:46 Doug Goldstein [this message]
2016-03-22 20:57 ` [PATCH v2] docs: update FLASK cmd line instructions Konrad Rzeszutek Wilk
2016-04-25 12:17 ` Jan Beulich
2016-04-25 15:21   ` Ian Jackson
2016-04-25 15:24   ` Daniel De Graaf
2016-04-25 15:34     ` Wei Liu
2016-04-25 16:24       ` Wei Liu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1458319563-25983-1-git-send-email-cardoe@cardoe.com \
    --to=cardoe@cardoe.com \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=keir@xen.org \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).