From 4208b9286f8df0c8390490455727579bf5d9d037 Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Wed, 8 Oct 2008 10:02:27 +0100
Subject: [PATCH] flask: Fix to default policy to get simple VM running

This fix gets to the default Flask/XSM policy gets a simple guest VM
(Ramdisk only, no VIF) running.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
---
 tools/flask/policy/policy/modules/xen/xen.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index 70fbfc0774..dff345c7e9 100644
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -33,7 +33,7 @@ define(`create_domain', `
 				getvcpuinfo getaddrsize getvcpuaffinity};
 	allow $1 $2:shadow {enable};
 	allow $1 $2:mmu {map_read map_write memorymap adjust pinpage};
-	allow $2 $2:mmu {map_read map_write pinpage};
+	allow $2 $2:mmu {map_read map_write adjust pinpage};
 	allow $2 domio_t:mmu {map_read};
 	allow $2 $2:grant {query setup};
 	allow $1 $2:grant {map_read unmap};
-- 
2.30.2