[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] flask/policy: add accesses used by newer dom0s

  • To: xen-changelog@xxxxxxxxxxxxxxxxxxx
  • From: Xen patchbot-unstable <patchbot@xxxxxxx>
  • Date: Thu, 23 Aug 2012 05:22:08 +0000
  • Delivery-date: Thu, 23 Aug 2012 05:22:20 +0000
  • List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>
# HG changeset patch
# User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
# Date 1345670136 -3600
# Node ID a325ee7a463903ac13a6bf38a3452271631b0043
# Parent  c24eb37fcbbf5a8e4d508059f732b775adada80e
flask/policy: add accesses used by newer dom0s

Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r c24eb37fcbbf -r a325ee7a4639 
tools/flask/policy/policy/modules/xen/xen.if
--- a/tools/flask/policy/policy/modules/xen/xen.if      Wed Aug 22 22:14:52 
2012 +0100
+++ b/tools/flask/policy/policy/modules/xen/xen.if      Wed Aug 22 22:15:36 
2012 +0100
@@ -100,7 +100,7 @@ define(`use_device', `
 # admin_device(domain, device)
 #   Allow a device to be used and delegated by a domain
 define(`admin_device', `
-    allow $1 $2:resource { setup stat_device add_device add_irq add_iomem 
add_ioport remove_device remove_irq remove_iomem remove_ioport };
+    allow $1 $2:resource { setup stat_device add_device add_irq add_iomem 
add_ioport remove_device remove_irq remove_iomem remove_ioport plug unplug };
     allow $1 $2:hvm bind_irq;
     use_device($1, $2)
 ')
diff -r c24eb37fcbbf -r a325ee7a4639 
tools/flask/policy/policy/modules/xen/xen.te
--- a/tools/flask/policy/policy/modules/xen/xen.te      Wed Aug 22 22:14:52 
2012 +0100
+++ b/tools/flask/policy/policy/modules/xen/xen.te      Wed Aug 22 22:15:36 
2012 +0100
@@ -55,8 +55,8 @@ type device_t, resource_type;
 allow xen_t dom0_t:domain { create };
 
 allow dom0_t xen_t:xen { kexec readapic writeapic mtrr_read mtrr_add mtrr_del
-       scheduler physinfo heap quirk readconsole writeconsole settime
-       microcode cpupool_op sched_op };
+       scheduler physinfo heap quirk readconsole writeconsole settime 
getcpuinfo
+       microcode cpupool_op sched_op pm_op };
 allow dom0_t xen_t:mmu { memorymap };
 allow dom0_t security_t:security { check_context compute_av compute_create
        compute_member load_policy compute_relabel compute_user setenforce

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.