diff options
author | Andrew Cooper <andrew.cooper3@citrix.com> | 2017-01-27 14:16:58 +0000 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2017-01-30 12:03:55 +0000 |
commit | 5a77ccf609da289131bd1664ee20c17b1f9bb93c (patch) | |
tree | fd8403523759b97d63e5b27a7af75f9780f27df4 /tools/flask | |
parent | 7a4cf23e2653e8abf4793820487df32b094de56a (diff) | |
download | xen-5a77ccf609da289131bd1664ee20c17b1f9bb93c.tar.gz |
xsm: Permit dom0 to use dmops
c/s 524a98c2ac5 "public / x86: introduce __HYPERCALL_dm_op" gave flask
permisisons for a stubdomain to use dmops, but omitted the case of a device
model running in dom0.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Tested-by: Paul Durrant <paul.durrant@citrix.com>
Diffstat (limited to 'tools/flask')
-rw-r--r-- | tools/flask/policy/modules/xen.if | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules/xen.if index f5d254f053..ed0df4f010 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -58,7 +58,7 @@ define(`create_domain_common', ` allow $1 $2:mmu { map_read map_write adjust memorymap physmap pinpage mmuext_op updatemp }; allow $1 $2:grant setup; allow $1 $2:hvm { cacheattr getparam hvmctl sethvmc - setparam nested altp2mhvm altp2mhvm_op }; + setparam nested altp2mhvm altp2mhvm_op dm }; ') # create_domain(priv, target) |