[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: fix build on rather old systems

On Fri, Jan 11, 2019 at 04:24:35AM -0700, Jan Beulich wrote:
[...]
> > 
> >> +#endif
> >> +    r = unshare(CLONE_NEWIPC);
> >> +    if (r) {
> >> +        if (r && errno != EINVAL) {
> >> +            LOGE(ERROR, "libxl: IPC namespace unshare failed");
> >> +            return ERROR_FAIL;
> >> +        }
> >> +        LOG(WARN, "libxl: IPC namespace unshare unavailable");
> > 
> > But I guess whether it should be allowed to continue or not is another
> > question. Do we consider this IPC namespace "must-have"?
> 
> Well, there simply can't be different namespaces to switch between
> when the kernel doesn't understand the flag.
> 

... which means the isolation property is weaken by the lack of IPC
namespace.

If we don't want to weaken isolation, not allowing it to continue is the
right thing to do -- that means the hunk to split IPC namespace to
separate call is not necessary. If we would rather lower the isolation
guarantee provided, then this hunk needs to stay.

Wei.

> Jan
> 
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.