-----Original Message----- > On 13/06/18 23:15, Stefano Stabellini wrote: > > This is very useful when starting multiple domains from Xen without > > xenstore access. It will allow them to print out to the Xen console. > > > > Signed-off-by: Stefano Stabellini <stefa...@xilinx.com> > > CC: andrew.coop...@citrix.com > > CC: george.dun...@eu.citrix.com > > CC: ian.jack...@eu.citrix.com > > CC: jbeul...@suse.com > > CC: konrad.w...@oracle.com > > CC: t...@xen.org > > CC: wei.l...@citrix.com > > CC: dgde...@tycho.nsa.gov > > --- > > If there is a better way to do this with XSM, please advise. > > We definitely need to keep the XSM around to avoid opening a hole. We also > don't want all the domain to access the console. > > Looking at the implementation, any domain with is_privileged will be able to > access the console. IHMO, I don't think we should set > that for DomU created by Xen. > > So I would suggest to introduce a new variable is_console and to tell whether > a domain can access the console. xsm_console_io(...) > would then need to be updated accordingly.
There is an existing CONFIG_VERBOSE_DEBUG option which, among other things, allows console output from any domain. The console output part of that (which is just the #ifdef in include/xsm/dummy.h) could be moved to another CONFIG or ORed with an ARM flag. This would apply to all domains; if that's not what you want, you'll need to add a flag (like Julien suggested) or use XSM. If XSM is enabled, guest hypervisor console output is controlled by the guest_writeconsole boolean in the default policy (tools/flask/policy/modules/guest_features.te) which defaults to allowing it. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
