projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a4ab163) | patch
flask/policy: updates from osstest runs
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Tue, 26 May 2015 18:13:27 +0000 (14:13 -0400)
committerIan Campbell <ian.campbell@citrix.com>
Wed, 3 Jun 2015 10:12:01 +0000 (11:12 +0100)
commit4f835b64cf7425d7f1527ef2b4a9d8c171115137
tree87999399b1fdcf3d38c1fbe0331ecac38656a9c6tree | snapshot
parenta4ab16365e0c57aaf74e61b4a829162d19b5e87dcommit | diff
flask/policy: updates from osstest runs

Migration and HVM domain creation both trigger AVC denials that should
be allowed in the default policy; add these rules.

Guest console writes need to be either allowed or denied without audit
depending on the decision of the local administrator; introduce a policy
boolean to switch between these possibilities.

Reported-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
tools/flask/policy/policy/modules/xen/xen.if diff | blob | history
tools/flask/policy/policy/modules/xen/xen.te diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.