diff options
author | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-08-19 09:03:17 +0000 |
---|---|---|
committer | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-08-19 09:03:17 +0000 |
commit | 39ec3e6c6ac6362f6245292701da08e7a055e686 (patch) | |
tree | ed68a7fc7c229db870558a4c1bdb34e8053249fb /Config.mk | |
parent | f5b9cd087fa4774a162d27071d81a3ffad71190e (diff) | |
download | xen-39ec3e6c6ac6362f6245292701da08e7a055e686.tar.gz xen-39ec3e6c6ac6362f6245292701da08e7a055e686.tar.bz2 xen-39ec3e6c6ac6362f6245292701da08e7a055e686.zip |
This patch:
* adds a C-based security policy translation tool to Xen (secpol_xml2bin)
and removes the current Java
security policy translator (Java dependencies). The C-based tool
integrates into the Xen source tree build
and install (using gnome libxml2 for XML parsing). See install.txt.
* introduces security labels and related tools. Users can now use
semantic-rich label names to put security-tags
on domains. See example.txt, policy.txt.
* moves the security configuration (currently ACM_USE_SECURITY_POLICY)
from xen/Rules.mk
into a separate top-level Security.mk file (it is needed by the
tools/security and xen/acm).
Both xen/acm and tools/security are built during the Xen build process
only if ACM_USE_SECURITY_POLICY
is not ACM_NULL_POLICY (which is the default setting).
Signed-off-by Reiner Sailer <sailer@us.ibm.com>
Signed-off by Stefan Berger <stefanb@us.ibm.com>
Signed-off by Ray Valdez <rvaldez@us.ibm.com>
Diffstat (limited to 'Config.mk')
-rw-r--r-- | Config.mk | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -35,3 +35,11 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) # Choose the best mirror to download linux kernel KERNEL_REPO = http://www.kernel.org + +# ACM_USE_SECURITY_POLICY is set to security policy of Xen +# Supported models are: +# ACM_NULL_POLICY (ACM will not be built with this policy) +# ACM_CHINESE_WALL_POLICY +# ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY +# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY +ACM_USE_SECURITY_POLICY ?= ACM_NULL_POLICY |