diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2016-06-20 10:04:19 -0400 |
---|---|---|
committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2016-06-21 15:55:30 +0100 |
commit | 559f439bfa3bf931414534ec0c46e5e8a21fa3ba (patch) | |
tree | 6ead71535bb68311c6a2f40621aa5c6beb22118e /tools/flask | |
parent | d18224766fa2e6e0746e8c9e759a8e0cc8c87129 (diff) | |
download | xen-559f439bfa3bf931414534ec0c46e5e8a21fa3ba.tar.gz |
flask: remove xen_flask_userlist operation
This operation has no known users, and is primarily useful when an MLS
policy is in use (which has never been shipped with Xen). In addition,
the information it provides does not actually depend on hypervisor
state (only on the XSM policy), so an application that needs it could
compute the results without needing to involve the hypervisor.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/modules/dom0.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te index d228b247a2..2d982d94cd 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -47,7 +47,7 @@ allow dom0_t dom0_t:resource { add remove }; # that does not have its own security server to make access decisions based on # Xen's security policy. allow dom0_t security_t:security { - compute_av compute_create compute_member compute_relabel compute_user + compute_av compute_create compute_member compute_relabel }; # Allow string/SID conversions (for "xl list -Z" and similar) |