[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restric
From: |
Ian Jackson |
Subject: |
Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all |
Date: |
Fri, 27 Oct 2017 11:30:38 +0100 |
Stefano Stabellini writes ("Re: [PATCH v5.1 2/8] xen: restrict: use
xentoolcore_restrict_all"):
> On Fri, 20 Oct 2017, Ian Jackson wrote:
...
> > Drop individual use of xendevicemodel_restrict and
> > xenforeignmemory_restrict. These are not actually effective in this
> > version of qemu, because qemu has a large number of fds open onto
> > various Xen control devices.
...
> Wait, if the compat stub returns error, and this patch removed the code
> to check for ENOTTY, doesn't it prevent any QEMU compiled against older
> Xen from working?
>
> Or am I missing something?
You are right, but this is intended. The paragraph I quote in the
commit message above is intended to explain.
That is: without xentoolcore_restrict_all, -xen-domid-restrict is a
booby-trap. It does not actually prevent a compromised qemu from
doing anything. So there is no reason to pass it in such a
configuration. If you do pass it it is better for the domain startup
to fail, than for it to carry on without the restriction.
The only reason I am not saying someone should be issuing an advisory
is that this feature was never supported by any of the Xen toolstacks.
Thanks,
Ian.
- Re: [Qemu-devel] [PATCH v5.1 8/8] configure: do_compiler: Dump some extra info under bash, (continued)
- [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Ian Jackson, 2017/10/27
- [Qemu-devel] [PATCH v5.1 4/8] xen: destroy_hvm_domain: Move reason into a variable, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 4/8] xen: destroy_hvm_domain: Move reason into a variable, Stefano Stabellini, 2017/10/26
- [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all,
Ian Jackson <=
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Stefano Stabellini, 2017/10/27
- [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Anthony PERARD, 2017/10/24
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/24
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/27
- [Qemu-devel] [PATCH v5.1 5/8] xen: move xc_interface compatibility fallback further up the file, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 5/8] xen: move xc_interface compatibility fallback further up the file, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 1/8] xen: link against xentoolcore, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 1/8] xen: link against xentoolcore, Ian Jackson, 2017/10/27