diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-09-17 21:10:39 +0100 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2012-09-17 21:10:39 +0100 |
commit | f6db6c7b888e0cdb42d653bd551f5d6490b33ad5 (patch) | |
tree | eb01ff35139a346cfd655ee637002be9efb904fa /tools/flask | |
parent | 23ef6c3662d4a106117ea8c1370e6d5f8016a7db (diff) | |
download | xen-f6db6c7b888e0cdb42d653bd551f5d6490b33ad5.tar.gz xen-f6db6c7b888e0cdb42d653bd551f5d6490b33ad5.tar.bz2 xen-f6db6c7b888e0cdb42d653bd551f5d6490b33ad5.zip |
xsm/flask: remove unneeded create_sid field
This field was only used to populate the ssid of dom0, which can be
handled explicitly in the domain creation hook. This also removes the
unnecessary permission check on the creation of dom0.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.te | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te index e175d4b358..9cc5240b5c 100644 --- a/tools/flask/policy/policy/modules/xen/xen.te +++ b/tools/flask/policy/policy/modules/xen/xen.te @@ -52,8 +52,6 @@ type device_t, resource_type; # Rules required to boot the hypervisor and dom0 # ################################################################################ -allow xen_t dom0_t:domain { create }; - allow dom0_t xen_t:xen { kexec readapic writeapic mtrr_read mtrr_add mtrr_del scheduler physinfo heap quirk readconsole writeconsole settime getcpuinfo microcode cpupool_op sched_op pm_op }; |