We don't promise to protect you against rogue stub domain binaries;
only from the running domain once the guest has come up.
Signed-off-by: George Dunlap <george.dun...@citrix.com>
---
CC: Ian Jackson <ian.jack...@citrix.com>
CC: Wei Liu <wei.l...@citrix.com>
CC: Andrew Cooper <andrew.coop...@citrix.com>
CC: Jan Beulich <jbeul...@suse.com>
CC: Tim Deegan <t...@xen.org>
CC: Stefano Stabellini <sstabell...@kernel.org>
CC: Konrad Wilk <konrad.w...@oracle.com>
CC: Julien Grall <julien.gr...@arm.com>
---
SUPPORT.md | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/SUPPORT.md b/SUPPORT.md
index a1810b8046..ce9f68e1c2 100644
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -501,6 +501,11 @@ for more information about security support.
Status: Supported, with caveats
+Only stub domain binaries provided by the host admin
+or trusted users are security supported;
+untrusted stub domain binaries (e.g., provided by untrusted users)
+are excluded from security support.
+
Vulnerabilities of a device model stub domain
to a hostile driver domain (either compromised or untrusted)
are excluded from security support.
--
2.16.2
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
