* [PATCH v2] docs: update FLASK cmd line instructions
@ 2016-03-18 16:46 Doug Goldstein
2016-03-22 20:57 ` Konrad Rzeszutek Wilk
2016-04-25 12:17 ` Jan Beulich
0 siblings, 2 replies; 7+ messages in thread
From: Doug Goldstein @ 2016-03-18 16:46 UTC (permalink / raw)
To: xen-devel
Cc: Keir Fraser, Doug Goldstein, Ian Jackson, Tim Deegan,
Jan Beulich, Daniel De Graaf
The command line instructions for FLASK include a note on how to compile
Xen with FLASK but the note was out of date after the change to Kconfig.
Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
---
CC: Ian Jackson <ian.jackson@eu.citrix.com>
CC: Jan Beulich <jbeulich@suse.com>
CC: Keir Fraser <keir@xen.org>
CC: Tim Deegan <tim@xen.org>
CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
change since v1:
- add menuconfig and config entries as suggested by Konrad
- caught another place mentioning XSM_ENABLE
---
docs/misc/xen-command-line.markdown | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index ca77e3b..e4e4437 100644
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -665,8 +665,10 @@ to use the default.
> Default: `permissive`
Specify how the FLASK security server should be configured. This option is only
-available if the hypervisor was compiled with XSM support (which can be enabled
-by setting XSM\_ENABLE = y in .config).
+available if the hypervisor was compiled with FLASK support. This can be
+enabled by running either:
+- make -C xen config and enabling XSM and FLASK.
+- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel support' and 'Xen Security Modules support'
* `permissive`: This is intended for development and is not suitable for use
with untrusted guests. If a policy is provided by the bootloader, it will be
@@ -805,7 +807,7 @@ Paging (HAP).
Enable late hardware domain creation using the specified domain ID. This is
intended to be used when domain 0 is a stub domain which builds a disaggregated
system including a hardware domain with the specified domain ID. This option is
-supported only when compiled with XSM\_ENABLE=y on x86.
+supported only when compiled with XSM on x86.
### hest\_disable
> ` = <boolean>`
--
2.7.3
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-03-18 16:46 [PATCH v2] docs: update FLASK cmd line instructions Doug Goldstein
@ 2016-03-22 20:57 ` Konrad Rzeszutek Wilk
2016-04-25 12:17 ` Jan Beulich
1 sibling, 0 replies; 7+ messages in thread
From: Konrad Rzeszutek Wilk @ 2016-03-22 20:57 UTC (permalink / raw)
To: Doug Goldstein
Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
Daniel De Graaf
On Fri, Mar 18, 2016 at 11:46:03AM -0500, Doug Goldstein wrote:
> The command line instructions for FLASK include a note on how to compile
> Xen with FLASK but the note was out of date after the change to Kconfig.
>
> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> ---
> CC: Ian Jackson <ian.jackson@eu.citrix.com>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Tim Deegan <tim@xen.org>
> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>
> change since v1:
> - add menuconfig and config entries as suggested by Konrad
> - caught another place mentioning XSM_ENABLE
> ---
> docs/misc/xen-command-line.markdown | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
> index ca77e3b..e4e4437 100644
> --- a/docs/misc/xen-command-line.markdown
> +++ b/docs/misc/xen-command-line.markdown
> @@ -665,8 +665,10 @@ to use the default.
> > Default: `permissive`
>
> Specify how the FLASK security server should be configured. This option is only
> -available if the hypervisor was compiled with XSM support (which can be enabled
> -by setting XSM\_ENABLE = y in .config).
> +available if the hypervisor was compiled with FLASK support. This can be
> +enabled by running either:
> +- make -C xen config and enabling XSM and FLASK.
> +- make -C xen menuconfig and enabling 'FLux Advanced Security Kernel support' and 'Xen Security Modules support'
>
> * `permissive`: This is intended for development and is not suitable for use
> with untrusted guests. If a policy is provided by the bootloader, it will be
> @@ -805,7 +807,7 @@ Paging (HAP).
> Enable late hardware domain creation using the specified domain ID. This is
> intended to be used when domain 0 is a stub domain which builds a disaggregated
> system including a hardware domain with the specified domain ID. This option is
> -supported only when compiled with XSM\_ENABLE=y on x86.
> +supported only when compiled with XSM on x86.
>
> ### hest\_disable
> > ` = <boolean>`
> --
> 2.7.3
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-03-18 16:46 [PATCH v2] docs: update FLASK cmd line instructions Doug Goldstein
2016-03-22 20:57 ` Konrad Rzeszutek Wilk
@ 2016-04-25 12:17 ` Jan Beulich
2016-04-25 15:21 ` Ian Jackson
2016-04-25 15:24 ` Daniel De Graaf
1 sibling, 2 replies; 7+ messages in thread
From: Jan Beulich @ 2016-04-25 12:17 UTC (permalink / raw)
To: Daniel De Graaf
Cc: Ian Jackson, Tim Deegan, Keir Fraser, Doug Goldstein, xen-devel
>>> On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote:
> The command line instructions for FLASK include a note on how to compile
> Xen with FLASK but the note was out of date after the change to Kconfig.
>
> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> ---
> CC: Ian Jackson <ian.jackson@eu.citrix.com>
> CC: Jan Beulich <jbeulich@suse.com>
> CC: Keir Fraser <keir@xen.org>
> CC: Tim Deegan <tim@xen.org>
> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel,
any chance we could get your ack (or otherwise) on this?
Thanks, Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-04-25 12:17 ` Jan Beulich
@ 2016-04-25 15:21 ` Ian Jackson
2016-04-25 15:24 ` Daniel De Graaf
1 sibling, 0 replies; 7+ messages in thread
From: Ian Jackson @ 2016-04-25 15:21 UTC (permalink / raw)
To: Jan Beulich
Cc: Keir Fraser, Daniel De Graaf, Tim Deegan, Doug Goldstein, xen-devel
Jan Beulich writes ("Re: [Xen-devel] [PATCH v2] docs: update FLASK cmd line instructions"):
> On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote:
> > The command line instructions for FLASK include a note on how to compile
> > Xen with FLASK but the note was out of date after the change to Kconfig.
...
> Daniel,
> any chance we could get your ack (or otherwise) on this?
TBH I would have just committed this - it being only a docs patch.
But I am happy to wait a bit to give Daniel a chance to comment.
Thanks,
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-04-25 12:17 ` Jan Beulich
2016-04-25 15:21 ` Ian Jackson
@ 2016-04-25 15:24 ` Daniel De Graaf
2016-04-25 15:34 ` Wei Liu
1 sibling, 1 reply; 7+ messages in thread
From: Daniel De Graaf @ 2016-04-25 15:24 UTC (permalink / raw)
To: Jan Beulich
Cc: Ian Jackson, Tim Deegan, Keir Fraser, Doug Goldstein, xen-devel
On 04/25/2016 08:17 AM, Jan Beulich wrote:
>>>> On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote:
>> The command line instructions for FLASK include a note on how to compile
>> Xen with FLASK but the note was out of date after the change to Kconfig.
>>
>> Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
>> ---
>> CC: Ian Jackson <ian.jackson@eu.citrix.com>
>> CC: Jan Beulich <jbeulich@suse.com>
>> CC: Keir Fraser <keir@xen.org>
>> CC: Tim Deegan <tim@xen.org>
>> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
>> CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>
> Daniel,
>
> any chance we could get your ack (or otherwise) on this?
>
> Thanks, Jan
>
>
Sure, I didn't realize you were waiting on it. The patch looks good.
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-04-25 15:24 ` Daniel De Graaf
@ 2016-04-25 15:34 ` Wei Liu
2016-04-25 16:24 ` Wei Liu
0 siblings, 1 reply; 7+ messages in thread
From: Wei Liu @ 2016-04-25 15:34 UTC (permalink / raw)
To: Daniel De Graaf
Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
Wei Liu, Doug Goldstein
On Mon, Apr 25, 2016 at 11:24:59AM -0400, Daniel De Graaf wrote:
> On 04/25/2016 08:17 AM, Jan Beulich wrote:
> >>>>On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote:
> >>The command line instructions for FLASK include a note on how to compile
> >>Xen with FLASK but the note was out of date after the change to Kconfig.
> >>
> >>Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> >>---
> >>CC: Ian Jackson <ian.jackson@eu.citrix.com>
> >>CC: Jan Beulich <jbeulich@suse.com>
> >>CC: Keir Fraser <keir@xen.org>
> >>CC: Tim Deegan <tim@xen.org>
> >>CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> >>CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> >
> >Daniel,
> >
> >any chance we could get your ack (or otherwise) on this?
> >
> >Thanks, Jan
> >
> >
>
> Sure, I didn't realize you were waiting on it. The patch looks good.
>
> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>
Thank you all. Queued.
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] docs: update FLASK cmd line instructions
2016-04-25 15:34 ` Wei Liu
@ 2016-04-25 16:24 ` Wei Liu
0 siblings, 0 replies; 7+ messages in thread
From: Wei Liu @ 2016-04-25 16:24 UTC (permalink / raw)
To: Daniel De Graaf
Cc: Keir Fraser, Ian Jackson, Tim Deegan, xen-devel, Jan Beulich,
Wei Liu, Doug Goldstein
On Mon, Apr 25, 2016 at 04:34:06PM +0100, Wei Liu wrote:
> On Mon, Apr 25, 2016 at 11:24:59AM -0400, Daniel De Graaf wrote:
> > On 04/25/2016 08:17 AM, Jan Beulich wrote:
> > >>>>On 18.03.16 at 17:46, <cardoe@cardoe.com> wrote:
> > >>The command line instructions for FLASK include a note on how to compile
> > >>Xen with FLASK but the note was out of date after the change to Kconfig.
> > >>
> > >>Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
> > >>---
> > >>CC: Ian Jackson <ian.jackson@eu.citrix.com>
> > >>CC: Jan Beulich <jbeulich@suse.com>
> > >>CC: Keir Fraser <keir@xen.org>
> > >>CC: Tim Deegan <tim@xen.org>
> > >>CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
> > >>CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> > >
> > >Daniel,
> > >
> > >any chance we could get your ack (or otherwise) on this?
> > >
> > >Thanks, Jan
> > >
> > >
> >
> > Sure, I didn't realize you were waiting on it. The patch looks good.
> >
> > Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
> >
>
> Thank you all. Queued.
>
Strangely this patch doesn't apply cleanly for me. I fixed it up by
hand. Please check the patch in staging if you are keen. :-)
Wei.
> Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-04-25 16:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-18 16:46 [PATCH v2] docs: update FLASK cmd line instructions Doug Goldstein
2016-03-22 20:57 ` Konrad Rzeszutek Wilk
2016-04-25 12:17 ` Jan Beulich
2016-04-25 15:21 ` Ian Jackson
2016-04-25 15:24 ` Daniel De Graaf
2016-04-25 15:34 ` Wei Liu
2016-04-25 16:24 ` Wei Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).