[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/5] tools/dm_restrict: Ask QEMU to chroot

To: George Dunlap <george.dunlap@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxx>
Date: Fri, 26 Oct 2018 14:52:57 +0100
Cc: Anthony Perard <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Wei Liu <wei.liu2@xxxxxxxxxx>
Delivery-date: Fri, 26 Oct 2018 13:53:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

George Dunlap writes ("[PATCH 2/5] tools/dm_restrict: Ask QEMU to chroot"):
> When dm_restrict is enabled, ask QEMU to chroot into an empty directory.
> 
> * Create /var/run/qemu/root-domid (deleting the old one if it's there)
> * Pass the -chroot option to QEMU
> 
> Rather than running `rm -rf` on the directory before creating it
> (since there is no library function to do this), simply rmdir the
> directory, relying on the fact that the previous QEMU instance, if
> properly restricted, shouldn't have been able to write anything
> anyway.

Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH 1/5] docs/qemu-deprivilege: Revise and update with status and future plans
  - From: George Dunlap
- [Xen-devel] [PATCH 2/5] tools/dm_restrict: Ask QEMU to chroot
  - From: George Dunlap

Prev by Date: [Xen-devel] [xen-unstable test] 128972: regressions - trouble: broken/fail/pass
Next by Date: Re: [Xen-devel] [PATCH 3/5] tools/dm_restrict: Unshare mount and IPC namespaces on Linux
Previous by thread: [Xen-devel] [PATCH 2/5] tools/dm_restrict: Ask QEMU to chroot
Next by thread: [Xen-devel] [PATCH 4/5] tools/dm_depriv: Add first cut RLIMITs
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.