projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 75f04e4) | patch
xsm/flask: Fix permission tables
authorKeir Fraser <keir@xen.org>
Sun, 6 Feb 2011 17:10:31 +0000 (17:10 +0000)
committerKeir Fraser <keir@xen.org>
Sun, 6 Feb 2011 17:10:31 +0000 (17:10 +0000)
commit95eddf1e8725a52b319a6d53ced93c30315fe1ff
tree5ccd94d74905b5e30b0a93d42876f755010c41c1tree | snapshot
parent75f04e45d08c5c5f8088f72782b0c3dec823721bcommit | diff
xsm/flask: Fix permission tables

At some point, it seems that someone manually added Flask permission
definitions to one header file without updating the corresponding
policy configuration or the other related table.  The end result is
that we can get uninterpretable AVC messages like this:
# xl dmesg | grep avc
(XEN) avc:  denied  { 0x4000000 } for domid=0
scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t
tclass=domain

Fix this by updating the flask config and regenerating the headers
from it.  In the future, this can be further improved by integrating
the automatic generation of the headers into the build process as is
presently done in SELinux.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
tools/flask/policy/policy/flask/access_vectors diff | blob | history
xen/xsm/flask/include/av_perm_to_string.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.