flask: Add 2 permissions to the default flask policy to get a VIF-enabled guest to...

This adds two more permissions to the default Flask policy to get a VM
with a network interface to work.

Signed-off-by: Stefan Berger <stefanb@us.ibm.com>

diff --git a/tools/flask/policy/policy/modules/xen/xen.te b/tools/flask/policy/policy/modules/xen/xen.te
index dff345c7e969dec6045e97497a03f5a2e892feda..62920fc68ea02a22ae5f2a756bbc61cde42debbd 100644 (file)
--- a/tools/flask/policy/policy/modules/xen/xen.te
+++ b/tools/flask/policy/policy/modules/xen/xen.te
@@ -110,6 +110,9 @@ allow dom0_t evchn0-U_t:event {send};
 create_channel(domU_t, dom0_t, evchnU-0_t)
 allow domU_t evchnU-0_t:event {send};
 
+allow dom0_t dom0_t:event {send};
+allow dom0_t domU_t:grant {copy};
+
 manage_domain(dom0_t, domU_t)
 
 ################################################################################