On Tue, 2015-12-15 at 16:34 -0500, Daniel De Graaf wrote:
> On 14/12/15 07:05, Ian Jackson wrote:
> > Ian Campbell writes ("[PATCH] flask: Allow device model to raise PCI
> > interrupts (pcilevel capability)"):
> > ...
> > > - allow $1 $2_target:hvm { getparam setparam trackdirtyvram
> > > hvmctl irqlevel pciroute cacheattr send_irq };
> > > + allow $1 $2_target:hvm { getparam setparam trackdirtyvram
> > > hvmctl irqlevel pciroute pcilevel cacheattr send_irq };
> >
> > Thanks for tracking this down.
> >
> > Based on xen/xsm/flask/policy/access_vectors this seems like a
> > no-brainer. Hopefully Daniel will agree :-).
> >
> > Acked-by: Ian Jackson <ian.jack...@eu.citrix.com>
> >
> > Ian.
>
> Yep, this change is obvious given the issue. I didn't find any other
> missing XSM_DM_PRIV accesses when I walked through them, so hopefully
> this is the only one that wasn't correct.
FWIW I didn't see any other AVC messages in the logs when a ran this
through an ad-hoc osstest job, so I'm hopeful that your hopefulness is not
misplaced ;-)
> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
Thanks, applied.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
