Xen project Mailing List

Re: [Xen-devel] [PATCH 4/9] dm_depriv: Describe expected usage of device_model_user parameter

To: George Dunlap <george.dunlap@xxxxxxxxxx>

Date: Wed, 28 Nov 2018 15:37:34 +0000

Cc: Anthony Perard <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Wei Liu <wei.liu2@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxx>

Delivery-date: Wed, 28 Nov 2018 15:38:57 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Nov 23, 2018 at 05:14:57PM +0000, George Dunlap wrote: > A number of subsequent patches rely on as-yet undefined behavior for > what the `device_model_user` parameter does. Rather than implement it > incorrectly (or randomly), or remove the feature, describe an expected > usage for the feature. Further patches will make decisions based on > this expected usage. > > Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> > --- > CC: Ian Jackson <ian.jackson@xxxxxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: Anthony Perard <anthony.perard@xxxxxxxxxx> > --- > docs/features/qemu-deprivilege.pandoc | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/docs/features/qemu-deprivilege.pandoc > b/docs/features/qemu-deprivilege.pandoc > index f941525189..49b571980e 100644 > --- a/docs/features/qemu-deprivilege.pandoc > +++ b/docs/features/qemu-deprivilege.pandoc > @@ -66,6 +66,23 @@ this, create a user named `xen-qemuuser-shared`; for > example: > > adduser --no-create-home --system xen-qemuuser-shared > > +A final way to set up a separate process for qemus is to allocate one > +UID per VM, and set the UID in the domain config file with the > +`device_model_user` argument. For example, suppose you have a VM > +named `c6-01`. You might do the following: > + > + adduser --system --no-create-home --group xen-qemuuuser-c6-01 > + > +And then in your config file, the following line: > + > + device_model_user="xen-qemuuser-c6-01" > + > +NOTE: It is important when using `device_model_user` that EACH VM HAVE > +A SEPARATE UID, and that none of these UIDs map to root. xl will > +throw an error a uid maps to zero, but not if multiple VMs have the > +same uid. Multiple VMs with the same device model uid will cause > +problems. > + This sounds plausible but I haven't been following the design discussion closely so I will leave this to Ian and Anthony. Wei. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.