|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks
On 08/07/2012 02:07 PM, Shakeel Butt wrote: >> I wasn't intending to exclude the other uses of XSM that this series will >> benefit; dom0 disaggregation is just the most obvious case that requires >> the larger changes like removing IS_PRIV checks. > I was just saying that this patch series is more beneficial than claimed. > >> Xenstore can already be split into its own stub domain (or domains, as in >> the Xoar paper). The permissions model in Xenstore has a privileged bit >> similar to IS_PRIV; extending XSM controls into Xenstore similar to how >> SELinux controls were extended into DBus will address this. > > My real concern here was the use of is_initial_domain() in the xenbus driver > code. For example I am running all Linux PV and one of them is XenStore > domain, the xenbus driver needs to do something different than > is_initial_domain(), > maybe something like is_xenstore_domain() [not saying this is right > way to do it]. > Please correct me if I am wrong. > > thanks, > Shakeel > The method in upstream Linux is more complete than this: if the domain is started with xenstore information in the shared page, it will use it (which happens when a domain builder is used to launch dom0 and xenstore stub domains at the same time); otherwise, there is an ioctl that can be used in dom0 to tell it about a newly launched xenstore stub domain. The combination of these eliminates any need for an is_xenstore_domain() function. -- Daniel De Graaf National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |