25.08.25 15:00, Jan Beulich:
On 22.08.2025 11:51, Sergiy Kibrik wrote:
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
I wonder whether we wouldn't better move XSM's controls to a dedicated Kconfig
file there.
you mean something like Kconfig.xsm in the same common/ directory? Or
move this Kconfig out into xsm/ directory with the rest of flask code?
@@ -418,6 +418,25 @@ config XSM_FLASK_AVC_STATS
If unsure, say Y.
+config XSM_FLASK_SIDTABLE_LIMIT
+ def_bool n
This makes little sense; just "bool" would have the same effect. Yet then
you can combine that with ...
+ prompt "Limit the size of SID table" if EXPERT
... this line.
+ depends on XSM_FLASK
+ ---help---
No triple dashes around "help" anymore, please.
+ Limit the number of security identifiers allocated and operated by
Xen.
+ This will limit the number of security contexts and heap memory
+ allocated for SID table entries.
+
+ If unsure, say N.
+
+config XSM_FLASK_MAX_SID
+ int "Max SID table size" if XSM_FLASK_SIDTABLE_LIMIT
+ default 512
Hmm, wouldn't the default better be what we had so far? As per the justification
you aim at a special case (embedded) with this limit.
yes, we can have a default value of UINT_MAX specified here if we'll use
base-2 exponent as a value. And get rid of second option.
-Sergiy
