[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH] XSM/policy: Allow the source domain access to settime and setdomainhandle domctls while creating domain.
- To: Anshul.Makkar.anshul.makkar@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
- From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Date: Thu, 7 Jul 2016 10:49:01 -0400
- Cc: ian.jackson@xxxxxxxxxxxxx, Anshul Makkar <anshul.makkar@xxxxxxxxxx>, wei.liu2@xxxxxxxxxx
- Delivery-date: Thu, 07 Jul 2016 14:49:19 +0000
- Ironport-phdr: 9a23:IoWSdxAJf3g//IvT360rUyQJP3N1i/DPJgcQr6AfoPdwSP/6ocbcNUDSrc9gkEXOFd2CrakV06yM4+u+CCQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09fr2zQd+KyZ7nnL7js7ToICxwzAKnZr1zKBjk5S7wjeIxxbVYF6Aq1xHSqWFJcekFjUlhJFaUggqurpzopM0r221qtvkg789NV7nhN+R9FOQATWcbKWR92OnH/VmGF1POtTMgVTA/lAFIHgyDyRj5XZ7r9CL8repg3G+fNM71RKocUjW+9aZ7DhTvjWNPJzM/tW3alMF0pKZauw664QxyxcjTeo7GGuB5e/bxdNUbSG4JcssZeDZIC430O4cAA+cOJ+9ws5j2p1xIqwC3QwarGrW8mXdzmnbq0PhigKwaGgbc0VllRohWvQ==
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 07/07/2016 09:45 AM, Anshul.Makkar.anshul.makkar@xxxxxxxxxx wrote:
From: Anshul Makkar <anshul.makkar@xxxxxxxxxx>
This patch resolves the following permission denied scenarios while creating
new domU :
avc: denied { setdomainhandle } for domid=0 target=1
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t
tclass=domain
avc: denied { settime } for domid=0 target=1 scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain
Signed-off-by: Anshul Makkar <anshul.makkar@xxxxxxxxxx>
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
