Juergen Gross writes ("Re: Xenstore domains and XS_RESTRICT"):
> Rejecting XS_RESTRICT for a non-socket connection is mandatory to
> ensure a XS_RESTRICT user on an old kernel not knowing about it can't
> drop the privilege of all other user's on that system, too.Kernels need to proxy all commands from their users, so they should have a table (usually a switch statement) of supported commands. New commands are therefore unavailable until the kernel is updated. I haven't checked the Linux xenbus chardev driver to see if it is correct ... Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
