|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] domctl: relax getdomaininfo permissions
>>> On 04.08.16 at 18:31, <ian.jackson@xxxxxxxxxxxxx> wrote:
> Jan Beulich writes ("[PATCH] domctl: relax getdomaininfo permissions"):
>> Qemu needs access to this for the domain it controls, both due to it
>> being used by xc_domain_memory_mapping() (which qemu calls) and the
>> explicit use in hw/xenpv/xen_domainbuild.c:xen_domain_poll().
>>
>> This at once avoids a for_each_domain() loop when the ID of an
>> existing domain gets passed in.
>>
>> Reported-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> This commit message does not seem to say, AFAICT, what the new
> permissions check is. Do you mean to make this available to all
> domains, or just to device model domains ? (I wasn't able to figure
> that out easily by reading the patch...)
>
> I don't think we want to expose the getdomaininfo to random other
> guests.
Of course not. This sub-op was special cased before, and gets a
little less special cased now. Would adding
Extend permissions to that of any "ordinary" domctl: A domain
controlling the targeted domain can invoke this operation for that
target domain (which is being achieved by no longer passing NULL
to xsm_domctl()).
to the first paragraph be sufficient? Or do I then also need to
say explicitly that of course this doesn't limit the current
permissions, i.e. a fully privileged domain con continue to invoke
this on any guest?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |