Wei Liu writes ("Re: [PATCH 17/22] xl, libxl: Provide dm_restrict"):
> On Fri, Sep 15, 2017 at 07:48:54PM +0100, Ian Jackson wrote:
> > This functionality is still quite imperfect, but it will be useful in
> > certain restricted use cases.
...
> Seeing this is mostly plumbing for QEMU and a technology preview
> feature:Doing a more complete job will involve more significant work which is probably not (or at least, much of which is not) going to be ready for 4.10. I may update things to make some additional restriction calls in qemu but the big one is uid reuse. I think fixing the uid reuse problem involves adding a new fork to the domain creation and domain teardown, since I'm not aware of a way to kill all processes with a particular uid other than by running a process with that uid. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
