[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT

To: Paul Durrant <paul.durrant@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Date: Mon, 13 Feb 2017 14:20:27 -0500
Cc: Juergen Gross <jgross@xxxxxxxx>
Delivery-date: Mon, 13 Feb 2017 19:20:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>



On 02/13/2017 12:03 PM, Paul Durrant wrote:

The purpose if this ioctl is to allow a user of privcmd to restrict its
operation such that it will no longer service arbitrary hypercalls via
IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when
servicing IOCTL_PRIVCMD_DM_OP.


and IOCTL_PRIVCMD_MMAP*.

The aim of this is to limit the attack
surface for a compromised device model.



-boris

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3 0/3] xen/privcmd: support for dm_op and restriction
  - From: Paul Durrant
- [Xen-devel] [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT
  - From: Paul Durrant

Prev by Date: Re: [Xen-devel] [PATCH v3 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
Next by Date: Re: [Xen-devel] [PATCH v3 2/3] xen/privcmd: Add IOCTL_PRIVCMD_DM_OP
Previous by thread: [Xen-devel] [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT
Next by thread: Re: [Xen-devel] [PATCH v3 3/3] xen/privcmd: add IOCTL_PRIVCMD_RESTRICT
Index(es):
- Date
- Thread

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.