flask: remove xen_flask_userlist operation

This operation has no known users, and is primarily useful when an MLS policy is in use (which has never been shipped with Xen). In addition, the information it provides does not actually depend on hypervisor state (only on the XSM policy), so an application that needs it could compute the results without needing to involve the hypervisor. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
author: Daniel De Graaf <dgdegra@tycho.nsa.gov> 2016-06-20 10:04:19 -0400
committer: Andrew Cooper <andrew.cooper3@citrix.com> 2016-06-21 15:55:30 +0100
commit: 559f439bfa3bf931414534ec0c46e5e8a21fa3ba (patch)
tree: 6ead71535bb68311c6a2f40621aa5c6beb22118e /tools/flask
parent: d18224766fa2e6e0746e8c9e759a8e0cc8c87129 (diff)
download: xen-559f439bfa3bf931414534ec0c46e5e8a21fa3ba.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/modules/dom0.te
index d228b247a2..2d982d94cd 100644
--- a/tools/flask/policy/modules/dom0.te
+++ b/tools/flask/policy/modules/dom0.te
@@ -47,7 +47,7 @@ allow dom0_t dom0_t:resource { add remove };
 # that does not have its own security server to make access decisions based on
 # Xen's security policy.
 allow dom0_t security_t:security {
-	compute_av compute_create compute_member compute_relabel compute_user
+	compute_av compute_create compute_member compute_relabel
 };
 
 # Allow string/SID conversions (for "xl list -Z" and similar)
author	Daniel De Graaf <dgdegra@tycho.nsa.gov>	2016-06-20 10:04:19 -0400
committer	Andrew Cooper <andrew.cooper3@citrix.com>	2016-06-21 15:55:30 +0100
commit	559f439bfa3bf931414534ec0c46e5e8a21fa3ba (patch)
tree	6ead71535bb68311c6a2f40621aa5c6beb22118e /tools/flask
parent	d18224766fa2e6e0746e8c9e759a8e0cc8c87129 (diff)
download	xen-559f439bfa3bf931414534ec0c46e5e8a21fa3ba.tar.gz