[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] PCI passthrough for HVM with stubdomain broken by "tools/libxl: handle the iomem parameter with the memory_mapping hcall"


  • To: Jan Beulich <JBeulich@xxxxxxxx>
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Thu, 23 Jun 2016 10:33:39 -0400
  • Cc: marmarek@xxxxxxxxxxxxxxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxx>
  • Delivery-date: Thu, 23 Jun 2016 14:33:52 +0000
  • Ironport-phdr: 9a23:KYojRxUlhT7VFautNnk96ryXLz/V8LGtZVwlr6E/grcLSJyIuqrYZh2Ht8tkgFKBZ4jH8fUM07OQ6PG4HzRcqsvY+Fk5M7VyFDY9wf0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5K6zPF5LIiIzvjqbpqsWVO1kD2WP1SIgxBSv1hD2ZjtMRj4pmJ/R54TryiVwMRd5rw3h1L0mYhRf265T41pdi9yNNp6BprJYYAu3SNp41Rr1ADTkgL3t9pIiy7UGCHjaV4jMgdkle0l8SW0mWpC39C7X4tGPQu/d52SKadZnUZ70pXTWp749wVQTlziwAMmhq3nvQj5lchaRarRbpixE37JTdaY/dYPZxcq7SZ9oyWXtKXsEXUTdIRIy7cd1cXKI6Ie9Eotyl9BM1phykCFzpXbm3xw==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 06/23/2016 04:39 AM, Jan Beulich wrote:
On 23.06.16 at 10:32, <JBeulich@xxxxxxxx> wrote:
On 22.06.16 at 20:24, <dgdegra@xxxxxxxxxxxxx> wrote:
Either method works, and I agree allowing DM to invoke this domctl is both
useful and not going to introduce problems.  The getdomaininfo permission
will also need to be added to the device_model macro in xen.if.

What exactly this last sentence means I need to add I'm not sure
about.

Perhaps this?

--- unstable.orig/tools/flask/policy/policy/modules/xen/xen.if
+++ unstable/tools/flask/policy/policy/modules/xen/xen.if
@@ -148,7 +148,7 @@ define(`device_model', `
        create_channel($2, $1, $2_channel)
        allow $1 $2_channel:event create;

-       allow $1 $2_target:domain shutdown;
+       allow $1 $2_target:domain { getdomaininfo shutdown };
        allow $1 $2_target:mmu { map_read map_write adjust physmap target_hack 
};
        allow $1 $2_target:hvm { getparam setparam trackdirtyvram hvmctl 
irqlevel pciroute pcilevel cacheattr send_irq };
 ')

Jan

Yes, that is what I meant.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.