[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 0/2] restrict the privilege of the xenstore conne
|
From: |
Stefano Stabellini |
|
Subject: |
[Qemu-devel] [PATCH v2 0/2] restrict the privilege of the xenstore connection |
|
Date: |
Thu, 4 Jun 2015 12:20:53 +0100 |
|
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
Hi all,
this patch series introduces a new command line option to restrict the
privilege of the xenstore connection. Used together with -runas, can
help secure the execution of QEMU in Dom0.
Changes in v2:
- remove xenstore_record_dm_state and open code the xenstore write
instead
- change the xenpv machine xenstore path for startup notification to
device-model/$DOMID/pv/state
Stefano Stabellini (2):
xen: separate the xenstore_record_dm_state calls for pv and hvm machines
xen: introduce xsrestrict
hw/xenpv/xen_machine_pv.c | 10 ++++++++++
include/hw/xen/xen.h | 2 ++
qemu-options.hx | 15 +++++++++++++++
vl.c | 8 ++++++++
xen-common-stub.c | 2 ++
xen-common.c | 29 -----------------------------
xen-hvm.c | 44 ++++++++++++++++++++++++++++++++++++--------
7 files changed, 73 insertions(+), 37 deletions(-)
Cheers,
Stefano
- [Qemu-devel] [PATCH v2 0/2] restrict the privilege of the xenstore connection,
Stefano Stabellini <=