[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 1/5] libxl: allow /local/domain/0/device-model/$DOMID to be written by $DOMID

To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
From: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
Date: Mon, 8 Jun 2015 16:48:00 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, wei.liu2@xxxxxxxxxx, Ian.Campbell@xxxxxxxxxx
Delivery-date: Mon, 08 Jun 2015 15:48:12 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Stefano Stabellini writes ("[PATCH v2 1/5] libxl: allow 
/local/domain/0/device-model/$DOMID to be written by $DOMID"):
> The device model is going to restrict its xenstore connection to $DOMID
> level. Let it access /local/domain/0/device-model/$DOMID, as it is
> required by QEMU to read/write the physmap. It doesn't contain any
> information the guest is not already fully aware of.

This permissions change needs to be accompanied, in its commit
message, with an argument explaining why it is safe.

In particular, we need to know that nothing uses information from this
path in an unsafe way (including in the case when the qemu is
privileged).

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v2 0/5] libxl: xs_restrict QEMU
  - From: Stefano Stabellini
- [Xen-devel] [PATCH v2 1/5] libxl: allow /local/domain/0/device-model/$DOMID to be written by $DOMID
  - From: Stefano Stabellini

Prev by Date: Re: [Xen-devel] [PATCH v2 5/5] libxl: spawns two QEMUs for HVM guests
Next by Date: Re: [Xen-devel] [PATCH v2 3/5] libxl: xsrestrict QEMU
Previous by thread: Re: [Xen-devel] [PATCH v2 1/5] libxl: allow /local/domain/0/device-model/$DOMID to be written by $DOMID
Next by thread: [Xen-devel] [PATCH v2 5/5] libxl: spawns two QEMUs for HVM guests
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.