[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] netif & grant tables



> It could be done implicitly, meaning that if you give a domain a backend
> (netif/blkif), that privilege flag will automatically be set by XEN-D and
> used when creating the domain, or explicitly where one specifies the
> flag(s) to set in the VM config file.

Doing it implicitly would probably be sensible.

> From what I can see this does not work anymore - I used to do that also.
> Passing a PCI device to a partition results in an error since the
> xc_physdev_pci_access_modify call ends in an error.

Assigning PCI devices is broken in unstable at the moment.  It'll be coming 
back at some stage.

> I am not sure how 'privilege' is defined.

Very coarsely at present: IIRC right now domain who's got access to a PCI 
device is as privileged as dom0.  This means they're allowed to map memory of 
other domains, do dom0 ops, etc.

Grant tables will enable us to deprivilege guests somewhat, then we'll split 
privileges down into more fine-grained capabilities.

Cheers,
Mark

> The privilege does so far not 
> only mean to do dom 0 ops, but seems to also limit guest domains of doing
> other things - like the backend problem I see. I agree, though, that for
> grant table support a backend should not need privileges.
>
> > Cheers,
> > Mark
>
> Cheers,
>    Stefan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.