Re: [Xen-devel] [PATCH 17/22] xl, libxl: Provide dm_restrict

[Ian Jackson <ian.jackson@xxxxxxxxxxxxx>]

Wei Liu writes ("Re: [PATCH 17/22] xl, libxl: Provide dm_restrict"):
> On Fri, Sep 15, 2017 at 07:48:54PM +0100, Ian Jackson wrote:
> > This functionality is still quite imperfect, but it will be useful in
> > certain restricted use cases.
...
> Seeing this is mostly plumbing for QEMU and a technology preview
> feature:

Doing a more complete job will involve more significant work which is
probably not (or at least, much of which is not) going to be ready for
4.10.

I may update things to make some additional restriction calls in qemu
but the big one is uid reuse.  I think fixing the uid reuse problem
involves adding a new fork to the domain creation and domain teardown,
since I'm not aware of a way to kill all processes with a particular
uid other than by running a process with that uid.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel