diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:49:10 +0000 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:49:10 +0000 |
| commit | dfb32a89d40f3a45203895c63810305daecdc420 (patch) | |
| tree | 99412d03671457208f7139e2e9df7ddcfd6f7eb3 /tools/flask/policy/policy/modules/xen/xen.te | |
| parent | a655abfd8a4bf03de9c9a8d820125be8323d64f8 (diff) | |
| download | xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.gz xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.bz2 xen-dfb32a89d40f3a45203895c63810305daecdc420.zip | |
xen/xsm: distinguish scheduler get/set operations
Add getscheduler and setscheduler permissions to replace the
monolithic scheduler permission in the scheduler_op domctl and sysctl.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
| -rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index c714dcb8e9..955fd8bee6 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -55,8 +55,8 @@ type device_t, resource_type; # ################################################################################ allow dom0_t xen_t:xen { kexec readapic writeapic mtrr_read mtrr_add mtrr_del - scheduler physinfo heap quirk readconsole writeconsole settime getcpuinfo - microcode cpupool_op sched_op pm_op tmem_control }; + physinfo heap quirk readconsole writeconsole settime getcpuinfo + microcode cpupool_op pm_op tmem_control getscheduler setscheduler }; allow dom0_t xen_t:mmu { memorymap }; allow dom0_t security_t:security { check_context compute_av compute_create compute_member load_policy compute_relabel compute_user setenforce |