On 03/15/2016 01:56 PM, Konrad Rzeszutek Wilk wrote:
All of XENVER_* have now an XSM check for their sub-ops.
The subop for XENVER_commandline is now a priviliged operation.
To not break guests we still return an string - but it is
just '<denied>\0'.
The rest: XENVER_[version|extraversion|capabilities|
parameters|get_features|page_size|guest_handle|changeset|
compile_info] behave as before - allowed by default for all
guests if using the XSM default policy or with the dummy one.
The admin can choose to change the sub-ops to be denied
as they see fit.
Also we add a local variable block.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
