diff options
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/policy/modules/xen/xen.if | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/tools/flask/policy/policy/modules/xen/xen.if b/tools/flask/policy/policy/modules/xen/xen.if index 18647c9327..3a59f38567 100644 --- a/tools/flask/policy/policy/modules/xen/xen.if +++ b/tools/flask/policy/policy/modules/xen/xen.if @@ -54,7 +54,8 @@ define(`create_domain_common', ` allow $1 $2:shadow enable; allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op }; allow $1 $2:grant setup; - allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc setparam pcilevel trackdirtyvram }; + allow $1 $2:hvm { cacheattr getparam hvmctl irqlevel pciroute sethvmc + setparam pcilevel trackdirtyvram nested }; ') # create_domain(priv, target) |