[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3] xenstore: remove XS_RESTRICT support



On Tue, Feb 07, 2017 at 09:06:55AM +0000, David Scott wrote:
> 
> > On 1 Feb 2017, at 14:49, Juergen Gross <jgross@xxxxxxxx> wrote:
> > 
> > On 27/01/17 12:47, Juergen Gross wrote:
> >> XS_RESTRICT and the xenstore library function xs_restrict() have never
> >> been usable in all configurations and there are no known users.
> >> 
> >> This functionality was thought to limit access rights of device models
> >> to xenstore in order to avoid affecting other domains in case of a
> >> security breech. Unfortunately XS_RESTRICT won't help as current
> >> qemu is requiring access to dom0 only accessible xenstore paths to
> >> work correctly. So this command is useless and should be removed.
> >> 
> >> In order to avoid problems in the future remove all support for
> >> XS_RESTRICT from xenstore.
> >> 
> >> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
> > 
> > Adding Dave Scott to Cc: list.
> 
> Looks fine to me:
> 
> Acked-by: David Scott <dave@xxxxxxxxxx>

Applied.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.