[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] libxl: fix build on rather old systems
Juergen Gross writes ("Re: [PATCH] libxl: fix build on rather old systems"): > On 11/01/2019 11:09, Jan Beulich wrote: > > CLONE_NEWIPC has been introduced in Linux 2.6.19 only (and into glibc > > at around that time as well). Cope with it being undefined as well as > > with the underlying kernel not knowing of it. > > > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > Release-acked-by: Juergen Gross <jgross@xxxxxxxx> I know I am too slow with this, but for the record: Nacked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> On two grounds: 1. This situation should be handled by disabling the dm restrict feature, not silently falling back to lower protection. 2. Style, #ifdeffery. I don't agree that the unshare of the IPC namespace is a `nice to have'. Without it, a rogue qemu might be able to do a number of bad things. Background: AIUI in kernels without CLONE_NEWIPC, the IPC namespace is shared with the network namespace. But of course what matters is what the *runtime* kernel supports, not the build-time kernel. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |