[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy

To: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Tue, 23 Sep 2014 10:01:48 +0100
Cc: wei.liu2@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Tue, 23 Sep 2014 09:02:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, Sep 22, 2014 at 04:23:18PM -0400, Daniel De Graaf wrote:
> The example XSM policy was missing permission for dom0_t to migrate
> domains with label domU_t; add these permissions.
> 
> Reported-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

Thanks.

This seems to work to a certain degree. I now hit a new error when
trying to save a domain (PV and HVM).

(XEN) avc:  denied  { map_read } for domid=0 target=32754 scontext=system_u:sysu

And HVM guest creation for both QEMU upstream and traditional works.

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy
  - From: Wei Liu

References:
- [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy
  - From: Daniel De Graaf

Prev by Date: Re: [Xen-devel] [PATCH v11 1/2] x86/viridian: Re-purpose the HVM parameter to be a feature mask
Next by Date: Re: [Xen-devel] [RFC Patch v4 7/9] correct xc_domain_save()'s return value
Previous by thread: [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy
Next by thread: Re: [Xen-devel] [PATCH for-4.5] flask/policy: Updates for example XSM policy
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.