Discussion:
[Xen-changelog] [xen staging] flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved
p***@xen.org
2018-11-12 18:22:35 UTC
Permalink
commit 011319e9ce110c70a3d52f2ea05e5eeb538c9e9e
Author: Daniel De Graaf <***@tycho.nsa.gov>
AuthorDate: Fri Nov 2 13:46:11 2018 -0400
Commit: Andrew Cooper <***@citrix.com>
CommitDate: Mon Nov 12 18:17:34 2018 +0000

flask/policy: allow dom0 to use PHYSDEVOP_pci_mmcfg_reserved

Reported-by: Andrew Cooper <***@citrix.com>
Signed-off-by: Daniel De Graaf <***@tycho.nsa.gov>
Acked-by: Andrew Cooper <***@citrix.com>
---
tools/flask/policy/modules/dom0.te | 3 +++
1 file changed, 3 insertions(+)

diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index c7d565d3dc..a347d664f8 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -66,6 +66,9 @@ allow dom0_t security_t:security { load_policy setenforce setbool };
# Audit policy change events even when they are allowed
auditallow dom0_t security_t:security { load_policy setenforce setbool };

+# Allow dom0 to report platform configuration changes back to the hypervisor
+allow dom0_t xen_t:resource setup;
+
admin_device(dom0_t, device_t)
admin_device(dom0_t, irq_t)
admin_device(dom0_t, ioport_t)
--
generated by git-patchbot for /home/xen/git/xen.git#staging

Loading...