Re: [Xen-devel] [PATCH] xsm: correct AVC lookups for two sysctls

On 09/08/17 17:56, Daniel De Graaf wrote: > The current code was incorrectly using SECCLASS_XEN instead of > SECCLASS_XEN2, resulting in the wrong permission being checked. > > GET_CPU_LEVELLING_CAPS was checking MTRR_DEL > GET_CPU_FEATURESET was checking MTRR_READ > > The default XSM policy only a

[Xen-devel] [PATCH] xsm: correct AVC lookups for two sysctls

The current code was incorrectly using SECCLASS_XEN instead of SECCLASS_XEN2, resulting in the wrong permission being checked. GET_CPU_LEVELLING_CAPS was checking MTRR_DEL GET_CPU_FEATURESET was checking MTRR_READ The default XSM policy only allowed these permissions to dom0, so this didn't resul