[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use

To: David Vrabel <david.vrabel@xxxxxxxxxx>
From: David Vrabel <david.vrabel@xxxxxxxxxx>
Date: Wed, 2 Oct 2013 18:06:13 +0100
Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 02 Oct 2013 17:06:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 02/10/13 17:35, David Vrabel wrote:
> 
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -727,6 +727,9 @@ static int flask_domctl(struct domain *d, int cmd)
>      case XEN_DOMCTL_audit_p2m:
>          return current_has_perm(d, SECCLASS_HVM, HVM__AUDIT_P2M);
>  
> +    case XEN_DOMCTL_set_max_evtchn:
> +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MAX_EVTCHN);#

Sorry, I forgot to try a build with XSM and FLASK enabled. This should
have been SECCLASS_DOMAIN2 and DOMAIN2__SET_MAX_EVTCHN.

> +
>      default:
>          printk("flask_domctl: Unknown op %d\n", cmd);
>          return -EPERM;
> diff --git a/xen/xsm/flask/policy/access_vectors 
> b/xen/xsm/flask/policy/access_vectors
> index 5dfe13b..1fbe241 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -194,6 +194,8 @@ class domain2
>      setscheduler
>  # XENMEM_claim_pages
>      setclaim
> +# XEN_DOMCTL_set_max_evtchn
> +    set_max_evtchn
>  }
>  
>  # Similar to class domain, but primarily contains domctls related to HVM 
> domains

David


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use
  - From: David Vrabel

References:
- [Xen-devel] [PATCHv5 0/11] Xen: FIFO-based event channel ABI
  - From: David Vrabel
- [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use
  - From: David Vrabel

Prev by Date: [Xen-devel] [PATCH 10/11] libxc: add xc_domain_set_max_evtchn()
Next by Date: Re: [Xen-devel] [PATCH v6 10/19] xen: introduce xen_alloc/free_coherent_pages
Previous by thread: [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use
Next by thread: Re: [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.