diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-01-10 16:04:26 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-01-10 16:04:26 +0000 |
commit | fa1d65c22f5260d80fcdeace70146645ffb6a29f (patch) | |
tree | 15d57ccd5fb1816df1003c1613a65c0a684e82bf /tools/flask/policy/policy/modules/xen/xen.if | |
parent | ed6ec8137c3f75310eb7e86be49a36fc41bc7772 (diff) | |
download | xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.tar.gz xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.tar.bz2 xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.zip |
flask/policy: add missing manage_domain rules
The updated example policy did not include rules to allow managing the
created domains (pause, unpause, destroy); allow these actions.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.if')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index cd240d8f7d..3065718927 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -29,6 +29,13 @@ define(`create_domain', ` allow $1 $2_$1_channel:event create; ') +# manage_domain(priv, target) +# Allow managing a running domain +define(`manage_domain', ` + allow $1 $2:domain { getdomaininfo getvcpuinfo getvcpuaffinity + getaddrsize pause unpause trigger shutdown destroy + setvcpuaffinity setdomainmaxmem }; +') ################################################################################ # # Inter-domain communication |