Addition of FLASK permission for this hypercall was overlooked in the
original patch. Fix it. Setting LLC colors is only possible during domain
creation.
Fixes: 6985aa5e0c3c ("xen: extend domctl interface for cache coloring")
Signed-off-by: Michal Orzel <michal.orzel@amd.com>
Release-Acked-By: Oleksii Kurochko <oleksii.kurochko@gmail.com>
Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com>
allow $1 $2:domain2 { set_cpu_policy settsc setscheduler setclaim
set_vnumainfo get_vnumainfo cacheflush
psr_cmt_op psr_alloc soft_reset
- resource_map get_cpu_policy vuart_op };
+ resource_map get_cpu_policy vuart_op set_llc_colors };
allow $1 $2:security check_context;
allow $1 $2:shadow enable;
allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp };
case XEN_DOMCTL_dt_overlay:
return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__DT_OVERLAY);
+ case XEN_DOMCTL_set_llc_colors:
+ return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__SET_LLC_COLORS);
+
default:
return avc_unknown_permission("domctl", cmd);
}
vuart_op
# XEN_DOMCTL_dt_overlay
dt_overlay
+# XEN_DOMCTL_set_llc_colors
+ set_llc_colors
}
# Similar to class domain, but primarily contains domctls related to HVM domains
projects / xen.git / commitdiff