From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dario Faggioli <dario.faggioli@citrix.com>
Subject: Re: [PATCH 05 of 11 v4] xen: allow for explicitly
 specifying node-affinity
Date: Sat, 16 Mar 2013 08:11:17 +0100
Message-ID: <1363417877.3069.2.camel@Abyss>
References: <patchbomb.1363314642@hit-nxdomain.opendns.com>
	<b6a361f4894def414b83.1363314647@hit-nxdomain.opendns.com>
	<51432E33.7080502@tycho.nsa.gov>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6126255130647949082=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <51432E33.7080502@tycho.nsa.gov>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Marcus Granado <Marcus.Granado@eu.citrix.com>, Dan Magenheimer <dan.magenheimer@oracle.com>, Ian Campbell <Ian.Campbell@citrix.com>, Anil Madhavapeddy <anil@recoil.org>, George Dunlap <George.Dunlap@eu.citrix.com>, Andrew Cooper <Andrew.Cooper3@citrix.com>, Juergen Gross <juergen.gross@ts.fujitsu.com>, Ian Jackson <Ian.Jackson@eu.citrix.com>, Xen-Devel <xen-devel@lists.xen.org>, Jan Beulich <JBeulich@suse.com>, Matt Wilson <msw@amazon.com>
List-Id: xen-devel@lists.xenproject.org

--===============6126255130647949082==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="=-ykNTX+EKPX8k85xqcJJ9"

--=-ykNTX+EKPX8k85xqcJJ9
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On ven, 2013-03-15 at 14:20 +0000, Daniel De Graaf wrote:
> On 03/14/2013 10:30 PM, Dario Faggioli wrote:
> [...]
> > diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
> > --- a/xen/xsm/flask/hooks.c
> > +++ b/xen/xsm/flask/hooks.c
> > @@ -611,10 +611,10 @@ static int flask_domctl(struct domain *d
> >           return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__UNPAUSE);
> >
> >       case XEN_DOMCTL_setvcpuaffinity:
> > -        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETVCPUAFF=
INITY);
> > +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETAFFINIT=
Y);
> >
> >       case XEN_DOMCTL_getvcpuaffinity:
> > -        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETVCPUAFF=
INITY);
> > +        return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETAFFINIT=
Y);
>=20
> You need to add XEN_DOMCTL_{get,set}nodeaffinity to the switch statement
> in addition to changing the permission name for the existing domctls.
>=20
Ok.

> >       case XEN_DOMCTL_resumedomain:
> >           return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__RESUME);
> > diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy=
/access_vectors
> > --- a/xen/xsm/flask/policy/access_vectors
> > +++ b/xen/xsm/flask/policy/access_vectors
> > @@ -103,10 +103,10 @@ class domain
> >       max_vcpus
> >   # XEN_DOMCTL_destroydomain
> >       destroy
> > -# XEN_DOMCTL_setvcpuaffinity
> > -    setvcpuaffinity
> > -# XEN_DOMCTL_getvcpuaffinity
> > -    getvcpuaffinity
> > +# XEN_DOMCTL_setaffinity
> > +    setaffinity
> > +# XEN_DOMCTL_getaffinity
> > +    getaffinity
> >   # XEN_DOMCTL_scheduler_op with XEN_DOMCTL_SCHEDOP_getinfo
> >       getscheduler
> >   # XEN_DOMCTL_getdomaininfo, XEN_SYSCTL_getdomaininfolist
> >
>=20
> The comments here are now incorrect, and should reflect the domctls
> controlled by the listed permission.
>=20
I see. I tried to update this patch to cope with the changes introduced
by your new IS_PRIV series, but evidently I missed this couple of spots.

Thanks for pointing them out, will do what you ask.

Regards,
Dario

--=20
<<This happens because I choose it to happen!>> (Raistlin Majere)
-----------------------------------------------------------------
Dario Faggioli, Ph.D, http://about.me/dario.faggioli
Senior Software Engineer, Citrix Systems R&D Ltd., Cambridge (UK)


--=-ykNTX+EKPX8k85xqcJJ9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEABECAAYFAlFEGxUACgkQk4XaBE3IOsT/ggCfYzFjfmjP2TB6dXlPqlwjnJyR
JEsAoJFe+2F71vIwgSXCiFi6oqcBWpLP
=o8fz
-----END PGP SIGNATURE-----

--=-ykNTX+EKPX8k85xqcJJ9--


--===============6126255130647949082==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============6126255130647949082==--