Allow the hwdom to access the console, and to access physical
information about the system.
xenconsoled can read Xen's dmesg. If it's in hwdom, then that
permission would be required.
SYSCTL_physinfo is mainly to silence xl messages:
$ xl list
libxl: error: libxl_utils.c:818:libxl_cpu_bitmap_alloc: failed to retrieve the
maximum number of cpus
Signed-off-by: Jason Andryuk <jason.andr...@amd.com>
---
This is not strictly needed.
---
xen/common/sysctl.c | 2 +-
xen/include/xsm/dummy.h | 14 ++++++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/xen/common/sysctl.c b/xen/common/sysctl.c
index c2d99ae12e..89d5176f4d 100644
--- a/xen/common/sysctl.c
+++ b/xen/common/sysctl.c
@@ -42,7 +42,7 @@ long do_sysctl(XEN_GUEST_HANDLE_PARAM(xen_sysctl_t) u_sysctl)
if ( op->interface_version != XEN_SYSCTL_INTERFACE_VERSION )
return -EACCES;
- ret = xsm_sysctl(XSM_PRIV, op->cmd);
+ ret = xsm_sysctl(XSM_OTHER, op->cmd);
if ( ret )
return ret;
diff --git a/xen/include/xsm/dummy.h b/xen/include/xsm/dummy.h
index 477fadaefd..5e806dc241 100644
--- a/xen/include/xsm/dummy.h
+++ b/xen/include/xsm/dummy.h
@@ -188,8 +188,18 @@ static XSM_INLINE int cf_check xsm_domctl(
static XSM_INLINE int cf_check xsm_sysctl(XSM_DEFAULT_ARG int cmd)
{
- XSM_ASSERT_ACTION(XSM_PRIV);
- return xsm_default_action(action, current->domain, NULL);
+ XSM_ASSERT_ACTION(XSM_OTHER);
+ switch ( cmd )
+ {
+ case XEN_SYSCTL_readconsole:
+ return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
+ case XEN_SYSCTL_physinfo:
+ if ( is_hardware_domain(current->domain) )
+ return xsm_default_action(XSM_HW_PRIV, current->domain, NULL);
+ fallthrough;
+ default:
+ return xsm_default_action(XSM_PRIV, current->domain, NULL);
+ }
}
static XSM_INLINE int cf_check xsm_readconsole(XSM_DEFAULT_ARG uint32_t clear)
--
2.49.0
