diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:49:10 +0000 |
---|---|---|
committer | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2013-01-11 10:49:10 +0000 |
commit | dfb32a89d40f3a45203895c63810305daecdc420 (patch) | |
tree | 99412d03671457208f7139e2e9df7ddcfd6f7eb3 /xen/xsm/flask/policy/access_vectors | |
parent | a655abfd8a4bf03de9c9a8d820125be8323d64f8 (diff) | |
download | xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.gz xen-dfb32a89d40f3a45203895c63810305daecdc420.tar.bz2 xen-dfb32a89d40f3a45203895c63810305daecdc420.zip |
xen/xsm: distinguish scheduler get/set operations
Add getscheduler and setscheduler permissions to replace the
monolithic scheduler permission in the scheduler_op domctl and sysctl.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/xsm/flask/policy/access_vectors')
-rw-r--r-- | xen/xsm/flask/policy/access_vectors | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 7a7e253a93..b982cf5c88 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -5,7 +5,6 @@ class xen { - scheduler settime tbufcontrol readconsole @@ -34,9 +33,10 @@ class xen mca_op lockprof cpupool_op - sched_op tmem_op tmem_control + getscheduler + setscheduler } class domain @@ -51,7 +51,7 @@ class domain destroy setvcpuaffinity getvcpuaffinity - scheduler + getscheduler getdomaininfo getvcpuinfo getvcpucontext @@ -85,6 +85,7 @@ class domain2 set_cpuid gettsc settsc + setscheduler } class hvm |