From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Vrabel Subject: Re: [PATCH 09/11] xen: Add DOMCTL to limit the number of event channels a domain may use Date: Wed, 2 Oct 2013 18:06:13 +0100 Message-ID: <524C5285.7060301@citrix.com> References: <1380731760-2749-1-git-send-email-david.vrabel@citrix.com> <1380731760-2749-10-git-send-email-david.vrabel@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1380731760-2749-10-git-send-email-david.vrabel@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: David Vrabel Cc: Daniel De Graaf , Keir Fraser , Jan Beulich , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 02/10/13 17:35, David Vrabel wrote: > > --- a/xen/xsm/flask/hooks.c > +++ b/xen/xsm/flask/hooks.c > @@ -727,6 +727,9 @@ static int flask_domctl(struct domain *d, int cmd) > case XEN_DOMCTL_audit_p2m: > return current_has_perm(d, SECCLASS_HVM, HVM__AUDIT_P2M); > > + case XEN_DOMCTL_set_max_evtchn: > + return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SET_MAX_EVTCHN);# Sorry, I forgot to try a build with XSM and FLASK enabled. This should have been SECCLASS_DOMAIN2 and DOMAIN2__SET_MAX_EVTCHN. > + > default: > printk("flask_domctl: Unknown op %d\n", cmd); > return -EPERM; > diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/access_vectors > index 5dfe13b..1fbe241 100644 > --- a/xen/xsm/flask/policy/access_vectors > +++ b/xen/xsm/flask/policy/access_vectors > @@ -194,6 +194,8 @@ class domain2 > setscheduler > # XENMEM_claim_pages > setclaim > +# XEN_DOMCTL_set_max_evtchn > + set_max_evtchn > } > > # Similar to class domain, but primarily contains domctls related to HVM domains David