]> xenbits.xensource.com Git - xen.git/commitdiff
projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a4cf23)
xsm: Permit dom0 to use dmops
authorAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 27 Jan 2017 14:16:58 +0000 (14:16 +0000)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Mon, 30 Jan 2017 12:03:55 +0000 (12:03 +0000)
c/s 524a98c2ac5 "public / x86: introduce __HYPERCALL_dm_op" gave flask
permisisons for a stubdomain to use dmops, but omitted the case of a device
model running in dom0.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Tested-by: Paul Durrant <paul.durrant@citrix.com>
tools/flask/policy/modules/xen.if patch | blob | blame | history

diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if
index f5d254f053e07d65dbc0bea34dbd3acbf9269cac..ed0df4f01068f6aded617e0dddde41832edecfe3 100644 (file)
--- a/tools/flask/policy/modules/xen.if
+++ b/tools/flask/policy/modules/xen.if
@@ -58,7 +58,7 @@ define(`create_domain_common', `
        allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
        allow $1 $2:grant setup;
        allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc
-                       setparam nested altp2mhvm altp2mhvm_op };
+                       setparam nested altp2mhvm altp2mhvm_op dm };
 ')
 
 # create_domain(priv, target)
Xen (staging and unstable) mirror