[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/5] libxl: allow /local/domain/0/device-model/$DOMID to be written by $DOMID



Stefano Stabellini writes ("[PATCH v2 1/5] libxl: allow 
/local/domain/0/device-model/$DOMID to be written by $DOMID"):
> The device model is going to restrict its xenstore connection to $DOMID
> level. Let it access /local/domain/0/device-model/$DOMID, as it is
> required by QEMU to read/write the physmap. It doesn't contain any
> information the guest is not already fully aware of.

This permissions change needs to be accompanied, in its commit
message, with an argument explaining why it is safe.

In particular, we need to know that nothing uses information from this
path in an unsafe way (including in the case when the qemu is
privileged).

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.