[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Fri, 2 Nov 2018 13:46:11 -0400
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Delivery-date: Fri, 02 Nov 2018 17:46:26 +0000
  • Ironport-phdr: 9a23:5JhfvxfaNTlzVDOHUeQ+rRt0lGMj4u6mDksu8pMizoh2WeGdxcSyZR7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQct0ARWpFQ81fSSpPDI2hZIcLFuYNI/pUo4z7qlATrxWxGBOsCfvvxDFWm3H406403eM6HA3awAAtBc4CvW7IoNnpMqoZTOC7zLPPzTXGd/5Y1y3y6I7Jch8/pfGHQLx+ftTMwkcuDQPKlE+fqYL4ND6Sy+sNvHWU4PRvVeK1kWEqsB1xozizyccsjYnFnIQVykve+iljz4Y1IsO4RVd9bNW5E5VQrzmXO5Z5T84tWW1luDs2xqcYtZO0YiQG0okryhjCYPKdaYeI+AjsVOOJLDd9g3JqZaywig6p8Uil1u38Ts600EtWriZdktnDqHQN1xvL58ibUPR95Eah2SuU1wzJ9uFFIVw7larcK5I7xL4/ioETvljZEi/zmUX2iLeadkQi+ue29+Tqeqjqq5CTOoNuigzyL74iltKwDOgmKAQCQnCX+eGm273i+U35Tq9KjvozkqTBrZ/aKtkUqbC2Aw9PyIku8Aq/Dje639QYmnkLNlRFeAmdgITzNFHOJ+74Ae+lg1uwiDdr2+zGPrr5D5rXKHjMja3hcqhz6kJG1AUzytdf54pKBbEbLv/+QVP+tN3EDh8jMgy1zPzrB8l61oMbQWiPGLOWMLvOsV+U4eIiO+aNa5ETuDrkNvcq+eDugmE9mVIGeamp3IAXaGyjHvh8LESWf3zsgs8bEWcNvAoxUvDliEGYXT5UfXayUPF02jZuGI+gSIvOWI2pqLiAxzugWI1bYHhcDVKBGmuucJ+LCNkWbyfHDsZnkzEAHZSsA6A73Big/Fv2xLZqIfDd0jEJvpLkkt5u7qvckg9kpm88NNiUz2zYFzI8pWgPXTJjmfkl+UE=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
 tools/flask/policy/modules/dom0.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/flask/policy/modules/dom0.te 
b/tools/flask/policy/modules/dom0.te
index dfdcdcd128..a0566671d6 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -66,6 +66,9 @@ allow dom0_t security_t:security { load_policy setenforce 
setbool };
 # Audit policy change events even when they are allowed
 auditallow dom0_t security_t:security { load_policy setenforce setbool };
 
+# Allow dom0 to report platform configuration changes back to the hypervisor
+allow dom0_t xen_t:resource setup;
+
 admin_device(dom0_t, device_t)
 admin_device(dom0_t, irq_t)
 admin_device(dom0_t, ioport_t)
-- 
2.14.5


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.