[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] regarding privileges

> That's a fair point. The intention is to split up the 'privilege'
> in to a bit mask to enable finer grained control and granting of
> specific privileges to domains, (like the 'CAP_*' stuff in
> Linux). It should be a fairly simple task to split the privileges
> up -- one for the todo list.

Yes, this needs to be considered at the same time we refactor the Xen
hypercall interface. eg. perhaps not all current dom0_ops should be
dom0_ops (access should instead be controlled by some other
capability). Adjusting it so that access to each `privileged'
hypercall is controlled by one capability each might be neat, and help
work out a neat rearrangement for the hypercalls.

 -- Keir

This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.