From: Daniel De Graaf Date: Tue, 21 Jun 2016 17:09:23 +0000 (-0400) Subject: xen: move FLASK entry under XSM in Kconfig X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~858 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https://%22%22/%22http:/www.example.com/cgi/%22https:/%22%22?a=commitdiff_plain;h=6a962ebddce8f287588dfb6599d37ff7b6f583b7;p=xen.git xen: move FLASK entry under XSM in Kconfig Since enabling XSM is required to enable FLASK, place the option for FLASK below the one for XSM. In addition, since it does not make sense to enable XSM without any XSM providers, and FLASK is the only XSM provider, hide the option to disable FLASK under EXPERT. Signed-off-by: Daniel De Graaf Reviewed-by: Doug Goldstein --- diff --git a/xen/common/Kconfig b/xen/common/Kconfig index cd595745a1..faee3ec35a 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -11,24 +11,6 @@ config COMPAT config CORE_PARKING bool -config FLASK - bool "FLux Advanced Security Kernel support" - default y - depends on XSM - ---help--- - Enables the FLASK (FLux Advanced Security Kernel) support which - provides a mandatory access control framework by which security - enforcement, isolation, and auditing can be achieved with fine - granular control via a security policy. - - If unsure, say N. - -config FLASK_AVC_STATS - def_bool y - depends on FLASK - ---help--- - Maintain statistics on the access vector cache - # Select HAS_DEVICE_TREE if device tree is supported config HAS_DEVICE_TREE bool @@ -137,6 +119,25 @@ config XSM If unsure, say N. +config FLASK + def_bool y + prompt "FLux Advanced Security Kernel support" if EXPERT = "y" + depends on XSM + ---help--- + Enables FLASK (FLux Advanced Security Kernel) as the access control + mechanism used by the XSM framework. This provides a mandatory access + control framework by which security enforcement, isolation, and + auditing can be achieved with fine granular control via a security + policy. + + If unsure, say Y. + +config FLASK_AVC_STATS + def_bool y + depends on FLASK + ---help--- + Maintain statistics on the access vector cache + # Enable schedulers menu "Schedulers" visible if EXPERT = "y"