diff options
author | David Vrabel <david.vrabel@citrix.com> | 2013-10-14 10:23:10 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2013-10-14 10:23:10 +0200 |
commit | 8ec7763c807f252e930c9647a0631253db2844a7 (patch) | |
tree | e8704c43d653a4bfdab5e7b71a46930f2927d36c /tools/flask/policy | |
parent | 88910061ec615b2d05e721a82c37139e05df0712 (diff) | |
download | xen-8ec7763c807f252e930c9647a0631253db2844a7.tar.gz xen-8ec7763c807f252e930c9647a0631253db2844a7.tar.bz2 xen-8ec7763c807f252e930c9647a0631253db2844a7.zip |
Add DOMCTL to limit the number of event channels a domain may use
Add XEN_DOMCTL_set_max_evtchn which may be used during domain creation to
set the maximum event channel port a domain may use. This may be used to
limit the amount of Xen resources (global mapping space and xenheap) that
a domain may use for event channels.
A domain that does not have a limit set may use all the event channels
supported by the event channel ABI in use.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask/policy')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 2 | ||||
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index 97af0a8623..dedc0351ab 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -49,7 +49,7 @@ define(`create_domain_common', ` getdomaininfo hypercall setvcpucontext setextvcpucontext getscheduler getvcpuinfo getvcpuextstate getaddrsize getaffinity setaffinity }; - allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim }; + allow $1 $2:domain2 { set_cpuid settsc setscheduler setclaim set_max_evtchn }; allow $1 $2:security check_context; allow $1 $2:shadow enable; allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op }; diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index c89ce28765..bb59fe89df 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -76,7 +76,7 @@ allow dom0_t dom0_t:domain { getpodtarget setpodtarget set_misc_info set_virq_handler }; allow dom0_t dom0_t:domain2 { - set_cpuid gettsc settsc setscheduler + set_cpuid gettsc settsc setscheduler set_max_evtchn }; allow dom0_t dom0_t:resource { add remove }; |