[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use



On 02/10/13 17:35, David Vrabel wrote:
> 
> --- a/xen/xsm/flask/hooks.c
> +++ b/xen/xsm/flask/hooks.c
> @@ -727,6 +727,9 @@ static int flask_domctl(struct domain *d, int cmd)
>      case XEN_DOMCTL_audit_p2m:
>          return current_has_perm(d, SECCLASS_HVM, HVM__AUDIT_P2M);
>  
> +    case XEN_DOMCTL_set_max_evtchn:
> +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MAX_EVTCHN);#

Sorry, I forgot to try a build with XSM and FLASK enabled. This should
have been SECCLASS_DOMAIN2 and DOMAIN2__SET_MAX_EVTCHN.

> +
>      default:
>          printk("flask_domctl: Unknown op %d\n", cmd);
>          return -EPERM;
> diff --git a/xen/xsm/flask/policy/access_vectors 
> b/xen/xsm/flask/policy/access_vectors
> index 5dfe13b..1fbe241 100644
> --- a/xen/xsm/flask/policy/access_vectors
> +++ b/xen/xsm/flask/policy/access_vectors
> @@ -194,6 +194,8 @@ class domain2
>      setscheduler
>  # XENMEM_claim_pages
>      setclaim
> +# XEN_DOMCTL_set_max_evtchn
> +    set_max_evtchn
>  }
>  
>  # Similar to class domain, but primarily contains domctls related to HVM 
> domains

David


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.