xen: Revoke kernel module loading permissions.
This domain also calls kernel_request_load_module(), which should be sufficient. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
1c20c002cd
commit
5b02b44e51
|
@ -500,7 +500,6 @@ xen_stream_connect_xenstore(xm_t)
|
||||||
|
|
||||||
can_exec(xm_t, xm_exec_t)
|
can_exec(xm_t, xm_exec_t)
|
||||||
|
|
||||||
kernel_load_module(xm_t)
|
|
||||||
kernel_request_load_module(xm_t)
|
kernel_request_load_module(xm_t)
|
||||||
kernel_read_system_state(xm_t)
|
kernel_read_system_state(xm_t)
|
||||||
kernel_read_network_state(xm_t)
|
kernel_read_network_state(xm_t)
|
||||||
|
|
Loading…
Reference in New Issue