[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy

On Mon, Sep 22, 2014 at 04:23:18PM -0400, Daniel De Graaf wrote:
> The example XSM policy was missing permission for dom0_t to migrate
> domains with label domU_t; add these permissions.
> Reported-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>


This seems to work to a certain degree. I now hit a new error when
trying to save a domain (PV and HVM).

(XEN) avc:  denied  { map_read } for domid=0 target=32754 scontext=system_u:sysu

And HVM guest creation for both QEMU upstream and traditional works.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.