|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 03/18] xsm: allow use of XEN_DOMCTL_getdomaininfo by non-IS_PRIV domains
On 01/11/2012 12:27 PM, Keir Fraser wrote: > On 11/01/2012 17:21, "Daniel De Graaf" <dgdegra@xxxxxxxxxxxxx> wrote: > >> This domctl does not allow manipulation of domains, only basic >> information such as size and state. XSM modules can also provide >> fine-grained control over what domains are visible to domains that call >> getdomaininfo. > > Well there's a reason we might not disallow the hypercall. But why would we > actually care to allow it? > > -- Keir > Xenstored needs to be able to call getdomaininfo to determine what domain(s) have been shut down when it receives the DOM_EXC VIRQ. This is used both to clean up references to the domain (event/grant) and to fire the @releaseDomain watch so that other domains also clean up after the domain. Other than this hypercall, there is no reason to make xenstored's domain privileged (the VIRQ must be delegated by dom0). >> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> >> --- >> xen/common/domctl.c | 4 ++++ >> 1 files changed, 4 insertions(+), 0 deletions(-) >> >> diff --git a/xen/common/domctl.c b/xen/common/domctl.c >> index a775aa3..2c1ca85 100644 >> --- a/xen/common/domctl.c >> +++ b/xen/common/domctl.c >> @@ -263,6 +263,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl) >> return -EPERM; >> break; >> } >> +#ifdef XSM_ENABLE >> + case XEN_DOMCTL_getdomaininfo: >> + break; >> +#endif >> default: >> if ( !IS_PRIV(current->domain) ) >> return -EPERM; > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |