[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] XSM/policy: Allow the source domain access to settime and setdomainhandle domctls while creating domain.


  • To: Anshul.Makkar.anshul.makkar@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Thu, 7 Jul 2016 10:49:01 -0400
  • Cc: ian.jackson@xxxxxxxxxxxxx, Anshul Makkar <anshul.makkar@xxxxxxxxxx>, wei.liu2@xxxxxxxxxx
  • Delivery-date: Thu, 07 Jul 2016 14:49:19 +0000
  • Ironport-phdr: 9a23:IoWSdxAJf3g//IvT360rUyQJP3N1i/DPJgcQr6AfoPdwSP/6ocbcNUDSrc9gkEXOFd2CrakV06yM4+u+CCQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09fr2zQd+KyZ7nnL7js7ToICxwzAKnZr1zKBjk5S7wjeIxxbVYF6Aq1xHSqWFJcekFjUlhJFaUggqurpzopM0r221qtvkg789NV7nhN+R9FOQATWcbKWR92OnH/VmGF1POtTMgVTA/lAFIHgyDyRj5XZ7r9CL8repg3G+fNM71RKocUjW+9aZ7DhTvjWNPJzM/tW3alMF0pKZauw664QxyxcjTeo7GGuB5e/bxdNUbSG4JcssZeDZIC430O4cAA+cOJ+9ws5j2p1xIqwC3QwarGrW8mXdzmnbq0PhigKwaGgbc0VllRohWvQ==
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/07/2016 09:45 AM, Anshul.Makkar.anshul.makkar@xxxxxxxxxx wrote:
From: Anshul Makkar <anshul.makkar@xxxxxxxxxx>

This patch resolves the following permission denied scenarios while creating
new domU :
avc:  denied  { setdomainhandle } for domid=0 target=1
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t 
tclass=domain

avc:  denied  { settime } for domid=0 target=1 scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain

Signed-off-by: Anshul Makkar <anshul.makkar@xxxxxxxxxx>

Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.