diff options
author | Keir Fraser <keir.fraser@citrix.com> | 2008-10-08 10:03:09 +0100 |
---|---|---|
committer | Keir Fraser <keir.fraser@citrix.com> | 2008-10-08 10:03:09 +0100 |
commit | 913481379c3086ab99b5eea089bd12c1095198bf (patch) | |
tree | 59f62d232c3da5c4a2f5ce643c5e59ab5f0fe1d3 /tools/flask/policy | |
parent | 4208b9286f8df0c8390490455727579bf5d9d037 (diff) | |
download | xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.gz xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.bz2 xen-913481379c3086ab99b5eea089bd12c1095198bf.zip |
flask: Add 2 permissions to the default flask policy to get a VIF-enabled guest to work
This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Diffstat (limited to 'tools/flask/policy')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index dff345c7e9..62920fc68e 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -110,6 +110,9 @@ allow dom0_t evchn0-U_t:event {send}; create_channel(domU_t, dom0_t, evchnU-0_t) allow domU_t evchnU-0_t:event {send}; +allow dom0_t dom0_t:event {send}; +allow dom0_t domU_t:grant {copy}; + manage_domain(dom0_t, domU_t) ################################################################################ |