On Mon, 2015-11-02 at 12:30 +0000, Stefano Stabellini wrote: > Try to use "xen-qemudepriv-domid$domid" first, then > "xen-qemudepriv-shared" and root if everything else fails. > > The uids need to be manually created by the user or, more likely, by the > xen package maintainer. > > Expose a device_model_user setting in libxl_domain_build_info, so that > opinionated callers, such as libvirt, can set any user they like. Do not > fall back to root if device_model_user is set. Users can also set > device_model_user by hand in the xl domain config file. > > QEMU is going to setuid and setgid to the user ID and the group ID of > the specified user, soon after initialization, before starting to deal > with any guest IO. > > To actually secure QEMU when running in Dom0, we need at least to > deprivilege the privcmd and xenstore interfaces, this is just the first > step in that direction. > > Signed-off-by: Stefano Stabellini <stefano.stabell...@eu.citrix.com>
Acked-by: Ian Campbell <ian.campb...@citrix.com> (based on previous plus eyeballing only the changes from: > > Changes in v9: > - add a device_model_user option to the xl domain config file Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
