[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-devel] [PATCH] flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved
- To: xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Date: Fri, 2 Nov 2018 13:46:11 -0400
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
- Delivery-date: Fri, 02 Nov 2018 17:46:26 +0000
- Ironport-phdr: 9a23:5JhfvxfaNTlzVDOHUeQ+rRt0lGMj4u6mDksu8pMizoh2WeGdxcSyZR7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQct0ARWpFQ81fSSpPDI2hZIcLFuYNI/pUo4z7qlATrxWxGBOsCfvvxDFWm3H406403eM6HA3awAAtBc4CvW7IoNnpMqoZTOC7zLPPzTXGd/5Y1y3y6I7Jch8/pfGHQLx+ftTMwkcuDQPKlE+fqYL4ND6Sy+sNvHWU4PRvVeK1kWEqsB1xozizyccsjYnFnIQVykve+iljz4Y1IsO4RVd9bNW5E5VQrzmXO5Z5T84tWW1luDs2xqcYtZO0YiQG0okryhjCYPKdaYeI+AjsVOOJLDd9g3JqZaywig6p8Uil1u38Ts600EtWriZdktnDqHQN1xvL58ibUPR95Eah2SuU1wzJ9uFFIVw7larcK5I7xL4/ioETvljZEi/zmUX2iLeadkQi+ue29+Tqeqjqq5CTOoNuigzyL74iltKwDOgmKAQCQnCX+eGm273i+U35Tq9KjvozkqTBrZ/aKtkUqbC2Aw9PyIku8Aq/Dje639QYmnkLNlRFeAmdgITzNFHOJ+74Ae+lg1uwiDdr2+zGPrr5D5rXKHjMja3hcqhz6kJG1AUzytdf54pKBbEbLv/+QVP+tN3EDh8jMgy1zPzrB8l61oMbQWiPGLOWMLvOsV+U4eIiO+aNa5ETuDrkNvcq+eDugmE9mVIGeamp3IAXaGyjHvh8LESWf3zsgs8bEWcNvAoxUvDliEGYXT5UfXayUPF02jZuGI+gSIvOWI2pqLiAxzugWI1bYHhcDVKBGmuucJ+LCNkWbyfHDsZnkzEAHZSsA6A73Big/Fv2xLZqIfDd0jEJvpLkkt5u7qvckg9kpm88NNiUz2zYFzI8pWgPXTJjmfkl+UE=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
tools/flask/policy/modules/dom0.te | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/flask/policy/modules/dom0.te
b/tools/flask/policy/modules/dom0.te
index dfdcdcd128..a0566671d6 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -66,6 +66,9 @@ allow dom0_t security_t:security { load_policy setenforce
setbool };
# Audit policy change events even when they are allowed
auditallow dom0_t security_t:security { load_policy setenforce setbool };
+# Allow dom0 to report platform configuration changes back to the hypervisor
+allow dom0_t xen_t:resource setup;
+
admin_device(dom0_t, device_t)
admin_device(dom0_t, irq_t)
admin_device(dom0_t, ioport_t)
--
2.14.5
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|