Xen project Mailing List

[Xen-changelog] [xen staging] flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved

Date: Mon, 12 Nov 2018 18:22:35 +0000

Delivery-date: Mon, 12 Nov 2018 18:22:37 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 011319e9ce110c70a3d52f2ea05e5eeb538c9e9e Author: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> AuthorDate: Fri Nov 2 13:46:11 2018 -0400 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Mon Nov 12 18:17:34 2018 +0000 flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- tools/flask/policy/modules/dom0.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te index c7d565d3dc..a347d664f8 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -66,6 +66,9 @@ allow dom0_t security_t:security { load_policy setenforce setbool }; # Audit policy change events even when they are allowed auditallow dom0_t security_t:security { load_policy setenforce setbool }; +# Allow dom0 to report platform configuration changes back to the hypervisor +allow dom0_t xen_t:resource setup; + admin_device(dom0_t, device_t) admin_device(dom0_t, irq_t) admin_device(dom0_t, ioport_t) -- generated by git-patchbot for /home/xen/git/xen.git#staging _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.