projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 31689dc) | patch
flask/policy: split out rules for system_r
authorDaniel De Graaf <dgdegra@tycho.nsa.gov>
Mon, 20 Jun 2016 14:04:11 +0000 (10:04 -0400)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 21 Jun 2016 14:29:17 +0000 (15:29 +0100)
commita2c8399a91bf868cc7359dde3c04fb7b6e0fa452
tree8353192f56574598299449259cbb98eb1b30464ftree | snapshot
parent31689dcb0fbfe00f7556337ac72a10c238d7a40dcommit | diff
flask/policy: split out rules for system_r

When the all_system_role module is enabled, any domain type can be
created using the system_r role, which was the default.  When it is
disabled, domains not using the default types (dom0_t and domU_t) must
use another role such as vm_r.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
tools/flask/policy/modules/all_system_role.te [new file with mode: 0644] blob
tools/flask/policy/modules/domU.te diff | blob | history
tools/flask/policy/modules/modules.conf diff | blob | history
tools/flask/policy/modules/xen.te diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.