Re: [Xen-devel] [PATCH v2 00/24] Provide some actual restriction of qemu

2017-10-09 Thread Ian Jackson
Ian Jackson writes ("[PATCH v2 00/24] Provide some actual restriction of qemu"): > With this series, it is possible to run qemu in a way that I think > really does not have global privilege any more. This is not v2. It is v4. Sorry. Ian. ___ Xen-deve

[Xen-devel] [PATCH v2 00/24] Provide some actual restriction of qemu

2017-10-09 Thread Ian Jackson
With this series, it is possible to run qemu in a way that I think really does not have global privilege any more. I have verified that it runs as a non-root user. I have checked all of its fds and they are either privcmd (which I have arranged to neuter), or /dev/null, or harmless sockets and pi

[Xen-devel] [PATCH v2 00/24] Provide some actual restriction of qemu

2017-10-04 Thread Ian Jackson
With this series, it is possible to run qemu in a way that I think really does not have global privilege any more> I have verified that it runs as a non-root user. I have checked all of its fds and they are either privcmd (which I have arranged to neuter), or /dev/null, or harmless sockets and pi