[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] XSM-Policy: allow source domain access to setpodtarget for ballooning.


  • To: Anshul Makkar <anshul.makkar@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
  • From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
  • Date: Wed, 13 Jul 2016 13:28:27 -0400
  • Cc: ian.jackson@xxxxxxxxxxxxx
  • Delivery-date: Wed, 13 Jul 2016 17:28:39 +0000
  • Ironport-phdr: 9a23:VFosDRMUKYsO8apiy+cl6mtUPXoX/o7sNwtQ0KIMzox0Kf3zrarrMEGX3/hxlliBBdydsKMczbaO+PC/EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6anHS+4HYoFwnlMkItf6KuS9aU05z8h7/60qaQSj0AvCC6b7J2IUf+hiTqne5Sv7FfLL0swADCuHpCdrce72ppIVWOg0S0vZ/or9ZLuh5dsPM59sNGTb6yP+FhFeQZXwk8NygJwOGj9VyZFUrcrkcbB0wQiRpVB0Dg5RL5V4255iL8repg3G+fNM71RKocUjW+9aZ7DhTvjXFDfy409iTbh9J9iIpfoQm9vFpvzoiSZ5uaZ9RkeaaIUdocRGdFFupcHwNbC4qyJ98DAOYMMvxRh5XsrFsJ6x2lDE+jA/25mWwAvWP/waBvi7dpKgrBxgF1WotU6Hk=
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 07/13/2016 08:59 AM, Anshul Makkar wrote:
Access to setpodtarget is required by dom0 to set the balloon targets for
domU. The patch gives source domain (dom0) access to set this target for
domU and resolve the following permission denied error message during
ballooning :
avc:  denied  { setpodtarget } for domid=0 target=9
scontext=system_u:system_r:dom0_t
tcontext=system_u:system_r:domU_t tclass=domain

Signed-off-by: Anshul Makkar <anshul.makkar@xxxxxxxxxx>

This seems to indicate that getpodtarget should also be added to the list.

Either as-is or with getpodtarget also added,
Acked-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.