[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restric
From: |
Stefano Stabellini |
Subject: |
Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all |
Date: |
Fri, 27 Oct 2017 10:20:41 -0700 (PDT) |
User-agent: |
Alpine 2.10 (DEB 1266 2009-07-14) |
On Fri, 27 Oct 2017, Ian Jackson wrote:
> Stefano Stabellini writes ("Re: [PATCH v5.1 2/8] xen: restrict: use
> xentoolcore_restrict_all"):
> > On Fri, 20 Oct 2017, Ian Jackson wrote:
> ...
> > > Drop individual use of xendevicemodel_restrict and
> > > xenforeignmemory_restrict. These are not actually effective in this
> > > version of qemu, because qemu has a large number of fds open onto
> > > various Xen control devices.
> ...
> > Wait, if the compat stub returns error, and this patch removed the code
> > to check for ENOTTY, doesn't it prevent any QEMU compiled against older
> > Xen from working?
> >
> > Or am I missing something?
>
> You are right, but this is intended. The paragraph I quote in the
> commit message above is intended to explain.
>
> That is: without xentoolcore_restrict_all, -xen-domid-restrict is a
> booby-trap. It does not actually prevent a compromised qemu from
> doing anything. So there is no reason to pass it in such a
> configuration. If you do pass it it is better for the domain startup
> to fail, than for it to carry on without the restriction.
>
> The only reason I am not saying someone should be issuing an advisory
> is that this feature was never supported by any of the Xen toolstacks.
Ah, right. And libxl has never passed -xen-domid-restrict in previous
releases, so we are OK.
Acked-by: Stefano Stabellini <address@hidden>
- [Qemu-devel] [PATCH v5.1 3/8] xen: defer call to xen_restrict until just before os_setup_post, (continued)
- [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown, Ian Jackson, 2017/10/27
- [Qemu-devel] [PATCH v5.1 4/8] xen: destroy_hvm_domain: Move reason into a variable, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 4/8] xen: destroy_hvm_domain: Move reason into a variable, Stefano Stabellini, 2017/10/26
- [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all, Ian Jackson, 2017/10/27
- Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all,
Stefano Stabellini <=
- [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Anthony PERARD, 2017/10/24
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/24
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas <uid>:<gid> facility, Ian Jackson, 2017/10/27
- [Qemu-devel] [PATCH v5.1 5/8] xen: move xc_interface compatibility fallback further up the file, Ian Jackson, 2017/10/20
- Re: [Qemu-devel] [PATCH v5.1 5/8] xen: move xc_interface compatibility fallback further up the file, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 1/8] xen: link against xentoolcore, Stefano Stabellini, 2017/10/26
- Re: [Qemu-devel] [PATCH v5.1 1/8] xen: link against xentoolcore, Ian Jackson, 2017/10/27
Re: [Qemu-devel] [PATCH v5 0/8] xen: xen-domid-restrict improvements, no-reply, 2017/10/21