| Message ID | 1465483638-9489-7-git-send-email-dgdegra@tycho.nsa.gov (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Jun 09, 2016 at 10:47:09AM -0400, Daniel De Graaf wrote: > The access vectors defined here have never been used by xenstore. > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> > --- > tools/flask/policy/policy/access_vectors | 23 ++--------------------- > tools/flask/policy/policy/security_classes | 1 - > 2 files changed, 2 insertions(+), 22 deletions(-) > > diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors > index 4fd61f1..d9c69c0 100644 > --- a/tools/flask/policy/policy/access_vectors > +++ b/tools/flask/policy/policy/access_vectors > @@ -1,24 +1,5 @@ > # Locally defined access vectors > # > -# Define access vectors for the security classes defined in security_classes > +# Define access vectors for the security classes defined in security_classes. > +# Access vectors defined in this file should not be used by the hypervisor. > # > - > -# Note: this is an example; the xenstore daemon provided with Xen does > -# not yet include XSM support, and the exact permissions may be defined > -# differently if such support is added. > -class xenstore { > - # read from keys owned by the target domain (if permissions allow) > - read > - # write to keys owned by the target domain (if permissions allow) > - write > - # change permissions of a key owned by the target domain > - chmod > - # change the owner of a key which was owned by the target domain > - chown_from > - # change the owner of a key to the target domain > - chown_to > - # access a key owned by the target domain without permission > - override > - # introduce a domain > - introduce > -} > diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes > index 56595e8..0f0f9f3 100644 > --- a/tools/flask/policy/policy/security_classes > +++ b/tools/flask/policy/policy/security_classes > @@ -5,4 +5,3 @@ > # security policy. > # > # Access vectors for these classes must be defined in the access_vectors file. > -class xenstore > -- > 2.5.5 > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel
On 6/9/16 9:47 AM, Daniel De Graaf wrote: > The access vectors defined here have never been used by xenstore. > > Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
diff --git a/tools/flask/policy/policy/access_vectors b/tools/flask/policy/policy/access_vectors index 4fd61f1..d9c69c0 100644 --- a/tools/flask/policy/policy/access_vectors +++ b/tools/flask/policy/policy/access_vectors @@ -1,24 +1,5 @@ # Locally defined access vectors # -# Define access vectors for the security classes defined in security_classes +# Define access vectors for the security classes defined in security_classes. +# Access vectors defined in this file should not be used by the hypervisor. # - -# Note: this is an example; the xenstore daemon provided with Xen does -# not yet include XSM support, and the exact permissions may be defined -# differently if such support is added. -class xenstore { - # read from keys owned by the target domain (if permissions allow) - read - # write to keys owned by the target domain (if permissions allow) - write - # change permissions of a key owned by the target domain - chmod - # change the owner of a key which was owned by the target domain - chown_from - # change the owner of a key to the target domain - chown_to - # access a key owned by the target domain without permission - override - # introduce a domain - introduce -} diff --git a/tools/flask/policy/policy/security_classes b/tools/flask/policy/policy/security_classes index 56595e8..0f0f9f3 100644 --- a/tools/flask/policy/policy/security_classes +++ b/tools/flask/policy/policy/security_classes @@ -5,4 +5,3 @@ # security policy. # # Access vectors for these classes must be defined in the access_vectors file. -class xenstore
The access vectors defined here have never been used by xenstore. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- tools/flask/policy/policy/access_vectors | 23 ++--------------------- tools/flask/policy/policy/security_classes | 1 - 2 files changed, 2 insertions(+), 22 deletions(-)