|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 07/18] arch/x86: add missing XSM checks to XENPF_ commands
On 08/06/2012 10:57 AM, Jan Beulich wrote: >>>> On 06.08.12 at 16:32, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote: > > What's the point of doing XSM checks for Dom0-only interfaces > anyway? I don't see how these can be subject to disaggregation... > > Jan > When splitting up the domain builder and hardware access domains, the domain builder still needs to be privileged but should not have access the functions that manage the hardware. Similarly, the hardware domain has no need to use dom0 functions for accessing remote domains. This also allows exposing read-only interfaces like getcpuinfo to a domain containing something like OpenStack, instead of needing to proxy all such calls through dom0. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |