Re: [Xen-devel] [PATCH 17/22] xl, libxl: Provide dm_restrict

2017-09-19 Thread Ian Jackson 
Wei Liu writes ("Re: [PATCH 17/22] xl, libxl: Provide dm_restrict"):
> On Fri, Sep 15, 2017 at 07:48:54PM +0100, Ian Jackson wrote:
> > This functionality is still quite imperfect, but it will be useful in
> > certain restricted use cases.
...
> Seeing this is mostly plumbing for QEMU and a technology preview
> feature:

Doing a more complete job will involve more significant work which is
probably not (or at least, much of which is not) going to be ready for
4.10.

I may update things to make some additional restriction calls in qemu
but the big one is uid reuse.  I think fixing the uid reuse problem
involves adding a new fork to the domain creation and domain teardown,
since I'm not aware of a way to kill all processes with a particular
uid other than by running a process with that uid.

Ian.

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 17/22] xl, libxl: Provide dm_restrict

2017-09-19 Thread Wei Liu 
On Fri, Sep 15, 2017 at 07:48:54PM +0100, Ian Jackson wrote:
> This functionality is still quite imperfect, but it will be useful in
> certain restricted use cases.
> 
> Signed-off-by: Ian Jackson 

Seeing this is mostly plumbing for QEMU and a technology preview
feature:

Acked-by: Wei Liu 

___
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[Xen-devel] [PATCH 17/22] xl, libxl: Provide dm_restrict

2017-09-15 Thread Ian Jackson 
This functionality is still quite imperfect, but it will be useful in
certain restricted use cases.

Signed-off-by: Ian Jackson 
---
 docs/man/xl.cfg.pod.5.in| 86 +
 tools/libxl/libxl_create.c  |  1 +
 tools/libxl/libxl_dm.c  |  9 +
 tools/libxl/libxl_types.idl |  1 +
 tools/xl/xl_parse.c |  3 ++
 5 files changed, 100 insertions(+)

diff --git a/docs/man/xl.cfg.pod.5.in b/docs/man/xl.cfg.pod.5.in
index 79cb2ea..e3a73bc 100644
--- a/docs/man/xl.cfg.pod.5.in
+++ b/docs/man/xl.cfg.pod.5.in
@@ -2045,6 +2045,92 @@ specified, enabling the use of XenServer PV drivers in 
the guest.
 This parameter only takes effect when device_model_version=qemu-xen.
 See B for more information.
 
+=item