[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model



On Mon, May 23, 2016 at 12:57:26PM +0100, Wei Liu wrote:
> On Mon, May 23, 2016 at 12:35:02PM +0100, Anthony PERARD wrote:
> > Running QEMU as non-root user is not ready yet, so avoid avertising it
> > with a warning.
> > 
> > Also improve the doc to include more potential issue with running QEMU
> > as non-root.
> > 
> > Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> > ---
> >  docs/man/xl.cfg.pod.5          | 5 +++--
> >  docs/misc/qemu-deprivilege.txt | 4 ++--
> >  tools/libxl/libxl_dm.c         | 2 +-
> >  3 files changed, 6 insertions(+), 5 deletions(-)
> > 
> > diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
> > index accd9b4..8a4f4c5 100644
> > --- a/docs/man/xl.cfg.pod.5
> > +++ b/docs/man/xl.cfg.pod.5
> > @@ -1953,8 +1953,9 @@ option to the device-model.
> >  
> >  Run the device model as user "username", instead of
> >  B<xen-qemuuser-domid$domid> or B<xen-qemuuser-shared> or B<root>.
> > -Please note that running QEMU as non-root causes migration and PCI
> > -passthrough not to work properly.
> > +Please note that running QEMU as non-root causes several features like
> > +migration and PCI passthrough to not work properly and may prevent the 
> > guest
> > +from booting.
> >  
> 
> What is not clear is that whether using this option would buy the user
> anything security-wise. If it doesn't improve security but only break
> things we should probably remove it from man page all together.

If having undocumented config options is fine, then I guess we can
remove this from the man.

-- 
Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.