Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP
On 01/25/2017 05:43 AM, Wei Liu wrote: In 58cbc034 send_irq permission was removed but there was still reference to it in policy file. Remove the stale reference. And now we also need dm permission. Add that. Signed-off-by: Wei LiuAcked-by: Daniel De Graaf ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP
On Thu, Jan 26, 2017 at 10:22:52AM +, Wei Liu wrote: > On Wed, Jan 25, 2017 at 10:43:11AM +, Wei Liu wrote: > > In 58cbc034 send_irq permission was removed but there was still > > reference to it in policy file. Remove the stale reference. > > > > And now we also need dm permission. Add that. > > > > Signed-off-by: Wei Liu> > --- > > Cc: Daniel De Graaf > > FAOD: Daniel I will need you ack before I can apply these two patches. Actually I'm going to commit these patches now because staging is blocked, so this is a bit urgent. Daniel, please review them all the same and tell us if you think things should be done differently. I will then post incremental patch for that. Wei. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP
On Wed, Jan 25, 2017 at 10:43:11AM +, Wei Liu wrote: > In 58cbc034 send_irq permission was removed but there was still > reference to it in policy file. Remove the stale reference. > > And now we also need dm permission. Add that. > > Signed-off-by: Wei Liu> --- > Cc: Daniel De Graaf FAOD: Daniel I will need you ack before I can apply these two patches. ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
Re: [Xen-devel] [PATCH] flask: fix build after the introduction of DMOP
> -Original Message- > From: Wei Liu [mailto:wei.l...@citrix.com] > Sent: 25 January 2017 10:43 > To: Xen-devel> Cc: Wei Liu ; Daniel De Graaf > ; Paul Durrant ; Ian > Jackson > Subject: [PATCH] flask: fix build after the introduction of DMOP > > In 58cbc034 send_irq permission was removed but there was still > reference to it in policy file. Remove the stale reference. > > And now we also need dm permission. Add that. > > Signed-off-by: Wei Liu > --- > Cc: Daniel De Graaf > Cc: Paul Durrant > Cc: Ian Jackson > > Staging is currently broken. Sorry about that. Reviewed-by: Paul Durrant > --- > tools/flask/policy/modules/xen.if | 2 +- > xen/xsm/flask/policy/access_vectors | 2 ++ > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/tools/flask/policy/modules/xen.if > b/tools/flask/policy/modules/xen.if > index 45e5cea04f..f5d254f053 100644 > --- a/tools/flask/policy/modules/xen.if > +++ b/tools/flask/policy/modules/xen.if > @@ -58,7 +58,7 @@ define(`create_domain_common', ` > allow $1 $2:mmu { map_read map_write adjust memorymap > physmap pinpage mmuext_op updatemp }; > allow $1 $2:grant setup; > allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc > - setparam nested altp2mhvm altp2mhvm_op > send_irq }; > + setparam nested altp2mhvm altp2mhvm_op }; > ') > > # create_domain(priv, target) > diff --git a/xen/xsm/flask/policy/access_vectors > b/xen/xsm/flask/policy/access_vectors > index 36a7df9394..1f7eb35fc8 100644 > --- a/xen/xsm/flask/policy/access_vectors > +++ b/xen/xsm/flask/policy/access_vectors > @@ -284,6 +284,8 @@ class hvm > # HVMOP_altp2m_destroy_p2m HVMOP_altp2m_switch_p2m > # HVMOP_altp2m_set_mem_access HVMOP_altp2m_change_gfn > altp2mhvm_op > +# DMOP > +dm > } > > # Class event describes event channels. Interdomain event channels have > their > -- > 2.11.0 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
[Xen-devel] [PATCH] flask: fix build after the introduction of DMOP
In 58cbc034 send_irq permission was removed but there was still reference to it in policy file. Remove the stale reference. And now we also need dm permission. Add that. Signed-off-by: Wei Liu--- Cc: Daniel De Graaf Cc: Paul Durrant Cc: Ian Jackson Staging is currently broken. --- tools/flask/policy/modules/xen.if | 2 +- xen/xsm/flask/policy/access_vectors | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if index 45e5cea04f..f5d254f053 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -58,7 +58,7 @@ define(`create_domain_common', ` allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp }; allow $1 $2:grant setup; allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc - setparam nested altp2mhvm altp2mhvm_op send_irq }; + setparam nested altp2mhvm altp2mhvm_op }; ') # create_domain(priv, target) diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors index 36a7df9394..1f7eb35fc8 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -284,6 +284,8 @@ class hvm # HVMOP_altp2m_destroy_p2m HVMOP_altp2m_switch_p2m # HVMOP_altp2m_set_mem_access HVMOP_altp2m_change_gfn altp2mhvm_op +# DMOP +dm } # Class event describes event channels. Interdomain event channels have their -- 2.11.0 ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel