From: pebenito@ieee.org (Chris PeBenito)
Date: Sun, 6 Aug 2017 11:22:38 -0400
Subject: [refpolicy] [SELINUX POLICY PATCH] Update for Xen 4.7
In-Reply-To: <20170728141618.32175-1-anthony.perard@citrix.com>
References: <20170728141618.32175-1-anthony.perard@citrix.com>
Message-ID: <7033b880-36d7-213c-2993-82200c57f018@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/28/2017 10:16 AM, Anthony PERARD via refpolicy wrote:
> Since Xen 4.7, /dev/xen/privcmd is used instead of /proc/xen/privcmd.
> Add the device into the policy so `xenstored` can work.
>
> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
> ---
>  policy/modules/kernel/devices.fc | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
> index e3a5ebc9..f4093434 100644
> --- a/policy/modules/kernel/devices.fc
> +++ b/policy/modules/kernel/devices.fc
> @@ -182,6 +182,7 @@ ifdef(`distro_suse', `
>  /dev/xen/evtchn		-c	gen_context(system_u:object_r:xen_device_t,s0)
>  /dev/xen/gntdev		-c	gen_context(system_u:object_r:xen_device_t,s0)
>  /dev/xen/gntalloc	-c	gen_context(system_u:object_r:xen_device_t,s0)
> +/dev/xen/privcmd	-c	gen_context(system_u:object_r:xen_device_t,s0)
>
>  ifdef(`distro_debian',`
>  # this is a static /dev dir "backup mount"

Merged.

-- 
Chris PeBenito