xsm: Reduce compiler command line clutter

Move the preprocessor definitions for all FLASK parameters other than
the enable flag off the compiler command line and into config.h, which
is the preferred location for such definitions.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

diff --git a/xen/Rules.mk b/xen/Rules.mk
index 3a6cec5487fb06edc374be2e524a08c66147f985..42c713fa35a67d23bc500056c928f23ddf20da03 100644 (file)
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -47,8 +47,7 @@ CFLAGS += -pipe -g -D__XEN__ -include $(BASEDIR)/include/xen/config.h
 CFLAGS += -nostdinc
 
 CFLAGS-$(XSM_ENABLE)    += -DXSM_ENABLE
-CFLAGS-$(FLASK_ENABLE)  += -DFLASK_ENABLE -DXSM_MAGIC=0xf97cff8c
-CFLAGS-$(FLASK_ENABLE)  += -DFLASK_DEVELOP -DFLASK_BOOTPARAM -DFLASK_AVC_STATS
+CFLAGS-$(FLASK_ENABLE)  += -DFLASK_ENABLE
 CFLAGS-$(verbose)       += -DVERBOSE
 CFLAGS-$(crash_debug)   += -DCRASH_DEBUG
 CFLAGS-$(perfc)         += -DPERF_COUNTERS

diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index 8bae6e6488b6ce5292496b0bf419ce03116d2f91..7bef8a648df2db5115ace93d4488492c30eca3ec 100644 (file)
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -98,4 +98,14 @@
 #define __cpuinitdata
 #define __cpuinit
 
+#ifdef FLASK_ENABLE
+#define XSM_MAGIC 0xf97cff8c
+/* Enable permissive mode (xl setenforce or flask_enforcing parameter) */
+#define FLASK_DEVELOP 1
+/* Allow runtime disabling of FLASK via the flask_enable parameter */
+#define FLASK_BOOTPARAM 1
+/* Maintain statistics on the access vector cache */
+#define FLASK_AVC_STATS 1
+#endif
+
 #endif /* __XEN_CONFIG_H__ */