Xen project Mailing List

[Xen-changelog] [xen master] dm_depriv: Mark `UID cleanup` as completed

Date: Sun, 23 Dec 2018 19:30:01 +0000

Delivery-date: Sun, 23 Dec 2018 19:30:05 +0000

List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit c820787c6e8ce67e50e65ab42c444a6552e58ee9 Author: George Dunlap <george.dunlap@xxxxxxxxxx> AuthorDate: Fri Dec 21 15:41:11 2018 +0000 Commit: George Dunlap <george.dunlap@xxxxxxxxxx> CommitDate: Fri Dec 21 18:42:01 2018 +0000 dm_depriv: Mark `UID cleanup` as completed Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx> Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> --- docs/designs/qemu-deprivilege.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/designs/qemu-deprivilege.md b/docs/designs/qemu-deprivilege.md index f7444a434d..81a5f5c05d 100644 --- a/docs/designs/qemu-deprivilege.md +++ b/docs/designs/qemu-deprivilege.md @@ -128,26 +128,6 @@ are specified; this does not apply to QEMU running as a Xen DM. '''Tested''': Not tested -# Restrictions / improvements still to do - -This lists potential restrictions still to do. It is meant to be -listed in order of ease of implementation, with low-hanging fruit -first. - -### Further RLIMITs - -RLIMIT_AS limits the total amount of memory; but this includes the -virtual memory which QEMU uses as a mapcache. xen-mapcache.c already -fiddles with this; it would be straightforward to make it *set* the -rlimit to what it thinks a sensible limit is. - -RLIMIT_NPROC limits total number of processes or threads. QEMU uses -threads for some devices, so this would require some thought. - -Other things that would take some cleverness / changes to QEMU to -utilize due to ordering constrants: - - RLIMIT_NOFILES (after all necessary files are opened) - ### libxl UID cleanup '''Description''': Domain IDs are reused, and thus restricted UIDs are @@ -223,6 +203,26 @@ Since this will kill all other `reaper_uid` processes as well, we must either allocate a separate `reaper_uid` per domain, or use locking to ensure that only one killing process is active at a time. +# Restrictions / improvements still to do + +This lists potential restrictions still to do. It is meant to be +listed in order of ease of implementation, with low-hanging fruit +first. + +### Further RLIMITs + +RLIMIT_AS limits the total amount of memory; but this includes the +virtual memory which QEMU uses as a mapcache. xen-mapcache.c already +fiddles with this; it would be straightforward to make it *set* the +rlimit to what it thinks a sensible limit is. + +RLIMIT_NPROC limits total number of processes or threads. QEMU uses +threads for some devices, so this would require some thought. + +Other things that would take some cleverness / changes to QEMU to +utilize due to ordering constrants: + - RLIMIT_NOFILES (after all necessary files are opened) + ## libxl: Treat QMP connection as untrusted '''Description''': Currently libxl talks with QEMU via QMP; but its -- generated by git-patchbot for /home/xen/git/xen.git#master _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.