[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v5 0/8] xen: xen-domid-restrict improvements

To: <qemu-devel@xxxxxxxxxx>
From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Thu, 19 Oct 2017 17:51:48 +0100
Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 19 Oct 2017 16:52:16 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

I have been working on trying to get qemu, when running as a Xen
device model, to _actually_ not have power equivalent to root.

I think I have achieved this, with some limitations (which are
discussed in my series against xen.git.

However, there are changes to qemu needed.  In particular

 * The -xen-domid-restrict option does not work properly right now.
   It only restricts a small subset of the descriptors qemu has open.
   I am introducing a new library call in the Xen libraries for this,
   xentoolcore_restrict_all.

 * We need to call a different function on domain shutdown.

 * The restriction operation needs to be done at a slightly different
   time, necessitating a new hook.

 * Additionally, we want to be able to set aside a uid range for these
   qemus to run in, and that involves being able to tell qemu to drop
   privilege by numeric uid and gid.

Thanks to Anthony Perard, Ross Lagerwall, Peter Maydell, Markus
Armbruster and Daniel P. Berrange for assistance, review and testing.

  m 1/8  xen: link against xentoolcore
 r  2/8  xen: restrict: use xentoolcore_restrict_all
 rm 3/8  xen: defer call to xen_restrict until just before
 r  4/8  xen: destroy_hvm_domain: Move reason into a variable
 a  5/8  xen: move xc_interface compatibility fallback further up
 r  6/8  xen: destroy_hvm_domain: Try xendevicemodel_shutdown
  * 7/8  os-posix: Provide new -runas <uid>.<gid> facility
    8/8  configure: do_compiler: Dump some extra info under bash

 m = commit message (only) changed in v5 of the series
 * = patch changed in v5 of the series
 r = reviewed
 a = acked

Thanks,
Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v5 0/8] xen: xen-domid-restrict improvements
  - From: Anthony PERARD
- Re: [Xen-devel] [Qemu-devel] [PATCH v5 0/8] xen: xen-domid-restrict improvements
  - From: no-reply
- [Xen-devel] [PATCH 5/8] xen: move xc_interface compatibility fallback further up the file
  - From: Ian Jackson
- [Xen-devel] [PATCH 7/8] os-posix: Provide new -runas <uid>.<gid> facility
  - From: Ian Jackson
- [Xen-devel] [PATCH 3/8] xen: defer call to xen_restrict until just before os_setup_post
  - From: Ian Jackson
- [Xen-devel] [PATCH 1/8] xen: link against xentoolcore
  - From: Ian Jackson
- [Xen-devel] [PATCH 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown
  - From: Ian Jackson
- [Xen-devel] [PATCH 4/8] xen: destroy_hvm_domain: Move reason into a variable
  - From: Ian Jackson
- [Xen-devel] [PATCH 8/8] configure: do_compiler: Dump some extra info under bash
  - From: Ian Jackson
- [Xen-devel] [PATCH 2/8] xen: restrict: use xentoolcore_restrict_all
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] [PATCH 1/8] xen: link against xentoolcore
Next by Date: [Xen-devel] [PATCH 2/8] xen: restrict: use xentoolcore_restrict_all
Previous by thread: [Xen-devel] [xen-unstable-smoke test] 114756: tolerable all pass - PUSHED
Next by thread: [Xen-devel] [PATCH 2/8] xen: restrict: use xentoolcore_restrict_all
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.