[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] xen/xsm/flask: Fix permission tables
At some point, it seems that someone manually added Flask permission definitions to one header file without updating the corresponding policy configuration or the other related table. The end result is that we can get uninterpretable AVC messages like this: # xl dmesg | grep avc (XEN) avc: denied { 0x4000000 } for domid=0 scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain Fix this by updating the flask config and regenerating the headers from it. In the future, this can be further improved by integrating the automatic generation of the headers into the build process as is presently done in SELinux. Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> --- tools/flask/policy/policy/flask/access_vectors | 2 ++ xen/xsm/flask/include/av_perm_to_string.h | 2 ++ 2 files changed, 4 insertions(+) -- Stephen Smalley National Security Agency Attachment:
xen-flask-permission-fix.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |