[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 05 of 11 v4] xen: allow for explicitly specifying node-affinity

On ven, 2013-03-15 at 14:20 +0000, Daniel De Graaf wrote:
> On 03/14/2013 10:30 PM, Dario Faggioli wrote:
> [...]
> > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -611,10 +611,10 @@ static int flask_domctl(struct domain *d
> >           return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
> >
> >       case XEN_DOMCTL_setvcpuaffinity:
> > -        return current_has_perm(d, SECCLASS_DOMAIN, 
> > DOMAIN__SETVCPUAFFINITY);
> > +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETAFFINITY);
> >
> >       case XEN_DOMCTL_getvcpuaffinity:
> > -        return current_has_perm(d, SECCLASS_DOMAIN, 
> > DOMAIN__GETVCPUAFFINITY);
> > +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETAFFINITY);
> 
> You need to add XEN_DOMCTL_{get,set}nodeaffinity to the switch statement
> in addition to changing the permission name for the existing domctls.
> 
Ok.

> >       case XEN_DOMCTL_resumedomain:
> >           return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
> > diff --git a/xen/xsm/flask/policy/access_vectors 
> > b/xen/xsm/flask/policy/access_vectors
> > --- a/xen/xsm/flask/policy/access_vectors
> > +++ b/xen/xsm/flask/policy/access_vectors
> > @@ -103,10 +103,10 @@ class domain
> >       max_vcpus
> >   # XEN_DOMCTL_destroydomain
> >       destroy
> > -# XEN_DOMCTL_setvcpuaffinity
> > -    setvcpuaffinity
> > -# XEN_DOMCTL_getvcpuaffinity
> > -    getvcpuaffinity
> > +# XEN_DOMCTL_setaffinity
> > +    setaffinity
> > +# XEN_DOMCTL_getaffinity
> > +    getaffinity
> >   # XEN_DOMCTL_scheduler_op with XEN_DOMCTL_SCHEDOP_getinfo
> >       getscheduler
> >   # XEN_DOMCTL_getdomaininfo, XEN_SYSCTL_getdomaininfolist
> >
> 
> The comments here are now incorrect, and should reflect the domctls
> controlled by the listed permission.
> 
I see. I tried to update this patch to cope with the changes introduced
by your new IS_PRIV series, but evidently I missed this couple of spots.

Thanks for pointing them out, will do what you ask.

Regards,
Dario

-- 
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.