[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/5] docs/qemu-deprivilege: Revise and update with status and future plans

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxx>
Date: Fri, 26 Oct 2018 14:45:44 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Wilk <konrad.wilk@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 26 Oct 2018 13:46:06 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

George Dunlap writes ("[PATCH 1/5] docs/qemu-deprivilege: Revise and update 
with status and future plans"):
> docs/qemu-deprivilege.txt had some basic instructions for using
> dm_restrict, but it was incomplete, misleading, and stale.

Thanks for the updates to the unshare stuff.

> +### Device Model Deprivileging
> +
> +    Status, Linux: Tech Preview, with limited support
                    ^
                     dom0

I think this maybe needs

  +    Status, FreeBSD dom0: Unsupported

too ?  The usual default is supported and not listing it at all is
confusing.

> +NOTE: Most modern systems have 32-bit UIDs, and so can in theory go up
> +to 2^31 (or 2^32 if uids are unsigned).  POSIX only guarantees 16-bit
> +UIDs however; UID 65535 is reserved for an invalid value, and 65534 is
> +normally allocated to "nobody".  Additionally, some container systems
> +have proposed using the upper 32 bits of the uid for a container ID.
                                 ^^
                                 16
This is a good paragraph.

Can I suggest we pick a different example to 65536 ?  It's visually
similar to the familiar values of 65534 and 65535 and abuts them.

osstest uses 200000 but that's not a multiple of 2^16.
How about 131072 ?

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH 1/5] docs/qemu-deprivilege: Revise and update with status and future plans
  - From: George Dunlap

Prev by Date: Re: [Xen-devel] [PATCH v2 2/5] x86/domain: Initialise vcpu debug registers correctly
Next by Date: [Xen-devel] [xen-unstable test] 128972: regressions - trouble: broken/fail/pass
Previous by thread: Re: [Xen-devel] [PATCH 1/5] docs/qemu-deprivilege: Revise and update with status and future plans
Next by thread: [Xen-devel] [PATCH] x86/svm: Fix svm_update_guest_efer() for domains using shadow paging
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.