Xen project Mailing List

[Xen-changelog] [xen-unstable] flask/policy: add missing manage_domain rules

From: Xen patchbot-unstable <patchbot@xxxxxxx>

Date: Thu, 19 Jan 2012 21:55:14 +0000

Delivery-date: Thu, 19 Jan 2012 21:55:29 +0000

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> # Date 1326211466 0 # Node ID 164ed9b67ad050cbd9efa24f641120733926d7d6 # Parent db22b1aa11d330b0289bb691842b942fc6799dfd flask/policy: add missing manage_domain rules The updated example policy did not include rules to allow managing the created domains (pause, unpause, destroy); allow these actions. Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Committed-by: Ian Jackson <ian.jackson.citrix.com> --- diff -r db22b1aa11d3 -r 164ed9b67ad0 tools/flask/policy/policy/modules/xen/xen.if --- a/tools/flask/policy/policy/modules/xen/xen.if Tue Jan 10 16:04:25 2012 +0000 +++ b/tools/flask/policy/policy/modules/xen/xen.if Tue Jan 10 16:04:26 2012 +0000 @@ -29,6 +29,13 @@ allow $1 $2_$1_channel:event create; ') +# manage_domain(priv, target) +# Allow managing a running domain +define(`manage_domain', ` + allow $1 $2:domain { getdomaininfo getvcpuinfo getvcpuaffinity + getaddrsize pause unpause trigger shutdown destroy + setvcpuaffinity setdomainmaxmem }; +') ################################################################################ # # Inter-domain communication diff -r db22b1aa11d3 -r 164ed9b67ad0 tools/flask/policy/policy/modules/xen/xen.te --- a/tools/flask/policy/policy/modules/xen/xen.te Tue Jan 10 16:04:25 2012 +0000 +++ b/tools/flask/policy/policy/modules/xen/xen.te Tue Jan 10 16:04:26 2012 +0000 @@ -86,10 +86,12 @@ declare_domain(domU_t) domain_self_comms(domU_t) create_domain(dom0_t, domU_t) +manage_domain(dom0_t, domU_t) domain_comms(dom0_t, domU_t) declare_domain(isolated_domU_t) create_domain(dom0_t, isolated_domU_t) +manage_domain(dom0_t, isolated_domU_t) domain_comms(dom0_t, isolated_domU_t) ############################################################################### _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.