diff options
| author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-01-10 16:04:26 +0000 |
|---|---|---|
| committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-01-10 16:04:26 +0000 |
| commit | fa1d65c22f5260d80fcdeace70146645ffb6a29f (patch) | |
| tree | 15d57ccd5fb1816df1003c1613a65c0a684e82bf /tools/flask/policy/policy/modules/xen/xen.te | |
| parent | ed6ec8137c3f75310eb7e86be49a36fc41bc7772 (diff) | |
| download | xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.tar.gz xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.tar.bz2 xen-fa1d65c22f5260d80fcdeace70146645ffb6a29f.zip | |
flask/policy: add missing manage_domain rules
The updated example policy did not include rules to allow managing the
created domains (pause, unpause, destroy); allow these actions.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.te')
| -rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index 0fc31b53fa..c5e0883e69 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -86,10 +86,12 @@ auditallow dom0_t security_t:security { load_policy setenforce }; declare_domain(domU_t) domain_self_comms(domU_t) create_domain(dom0_t, domU_t) +manage_domain(dom0_t, domU_t) domain_comms(dom0_t, domU_t) declare_domain(isolated_domU_t) create_domain(dom0_t, isolated_domU_t) +manage_domain(dom0_t, isolated_domU_t) domain_comms(dom0_t, isolated_domU_t) ############################################################################### |