flask: Add 2 permissions to the default flask policy to get a VIF-enabled guest to work

This adds two more permissions to the default Flask policy to get a VM with a network interface to work. Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
author: Keir Fraser <keir.fraser@citrix.com> 2008-10-08 10:03:09 +0100
committer: Keir Fraser <keir.fraser@citrix.com> 2008-10-08 10:03:09 +0100
commit: 913481379c3086ab99b5eea089bd12c1095198bf (patch)
tree: 59f62d232c3da5c4a2f5ce643c5e59ab5f0fe1d3 /tools/flask
parent: 4208b9286f8df0c8390490455727579bf5d9d037 (diff)
download: xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.gz
xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.bz2
xen-913481379c3086ab99b5eea089bd12c1095198bf.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index dff345c7e9..62920fc68e 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -110,6 +110,9 @@ allow dom0_t evchn0-U_t:event {send};
 create_channel(domU_t, dom0_t, evchnU-0_t)
 allow domU_t evchnU-0_t:event {send};
 
+allow dom0_t dom0_t:event {send};
+allow dom0_t domU_t:grant {copy};
+
 manage_domain(dom0_t, domU_t)
 
 ################################################################################
author	Keir Fraser <keir.fraser@citrix.com>	2008-10-08 10:03:09 +0100
committer	Keir Fraser <keir.fraser@citrix.com>	2008-10-08 10:03:09 +0100
commit	913481379c3086ab99b5eea089bd12c1095198bf (patch)
tree	59f62d232c3da5c4a2f5ce643c5e59ab5f0fe1d3 /tools/flask
parent	4208b9286f8df0c8390490455727579bf5d9d037 (diff)
download	xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.gz xen-913481379c3086ab99b5eea089bd12c1095198bf.tar.bz2 xen-913481379c3086ab99b5eea089bd12c1095198bf.zip