[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 1/2] xen: Implement ioctl to restrict privcmd to a specific domain
On Tue, 2014-08-05 at 14:45 +0100, David Vrabel wrote: > On 05/08/14 14:42, Konrad Rzeszutek Wilk wrote: > > > > - Some of these hypercalls don't have an ABI so we can't depend > > on them being stable. How do you want to handle that? > > We are not going any further with this series because of this. > > David Well, this is partially true. We agree the patches as they are cannot be accepted however in the long term we'd like to find a solution. The current ABI from user-space to kernel defined by these patches is perfectly fine (just two ioctl to restrict event channel/privcmd to a specific domain). For the implementation we were looking at different approaches: - add an additional target field in vcpu structure to restrict to a target for a particular vCPU with some additional hypercalls (like multicall) that restrict contained hypercalls to a domain; - an additional hypercall to do domctl but with restriction (this probably require less changes to current patches); - using flask. This looks easy to implement but currently code does not deals well with vCPUs as labels are attached to domains. Frediano _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |