aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask/policy/policy/modules/xen/xen.if
diff options
context:
space:
mode:
Diffstat (limited to 'tools/flask/policy/policy/modules/xen/xen.if')
-rw-r--r--tools/flask/policy/policy/modules/xen/xen.if6
1 files changed, 3 insertions, 3 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if
index d9d534427b..2ce22125c1 100644
--- a/tools/flask/policy/policy/modules/xen/xen.if
+++ b/tools/flask/policy/policy/modules/xen/xen.if
@@ -47,9 +47,9 @@ define(`declare_build_label', `
define(`create_domain_common', `
allow $1 $2:domain { create max_vcpus setdomainmaxmem setaddrsize
getdomaininfo hypercall setvcpucontext setextvcpucontext
- scheduler getvcpuinfo getvcpuextstate getaddrsize
+ getscheduler getvcpuinfo getvcpuextstate getaddrsize
getvcpuaffinity setvcpuaffinity };
- allow $1 $2:domain2 { set_cpuid settsc };
+ allow $1 $2:domain2 { set_cpuid settsc setscheduler };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op };
@@ -79,7 +79,7 @@ define(`create_domain_build_label', `
define(`manage_domain', `
allow $1 $2:domain { getdomaininfo getvcpuinfo getvcpuaffinity
getaddrsize pause unpause trigger shutdown destroy
- setvcpuaffinity setdomainmaxmem };
+ setvcpuaffinity setdomainmaxmem getscheduler };
')
# migrate_domain_out(priv, target)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 21:31:21 +0000