|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Tiny patch for 2004 04 08 unstable tarball. arch/xen/kernel/time.c
> > There's an argument for doing away with the option > > altogether. Xen enforces the protection, so it doesn't matter > > whether untrusted domains are compiled with > > CONFIG_XEN_PRIVILEGED_GUEST or not. The amount of code that this > > option compiles out is likely less than 1KB, so it's probably > > not worth having. > > > > However, we should make sure that the domain hides the various > > proc files if it has insufficient privilege from Xen, so as to > > avoid confusing users. > > In that case, the config option should be used for that. > If it's set, don't even bother checking whether you can do privledged ops, and > just assume you can't; also, don't bother creating the proc files. That's what already happens with the CONFIG option. Also, we don't create the proc files if the domain has insufficient privilege to be able to use them. (e.g. /proc/xen/priv_cmd won't exist). > If it *is* set, then you still have to check, as the instance may not have > been given the nescessary privs. I was just questioning whether it was worth maintaing the build option at all. I guess it's no hassle, and serves to document the code which wouldn't be needed for other guestos ports that aren't intended to be used as a privileged domain. Ian ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |