lt;jgr...@suse.com>; linux-
> ker...@vger.kernel.org
> Subject: Re: [Xen-devel] [PATCH 3/3] xen/privcmd: add
> IOCTL_PRIVCMD_RESTRICT
>
> >>> On 09.02.17 at 15:17, <paul.durr...@citrix.com> wrote:
> > @@ -666,6 +680,20 @@ static long privcmd_ioctl_dm_op(void __user
> *u
>>> On 09.02.17 at 15:17, wrote:
> @@ -666,6 +680,20 @@ static long privcmd_ioctl_dm_op(void __user *udata)
> return rc;
> }
>
> +static long privcmd_ioctl_restrict(struct file *file, void __user *udata)
> +{
> + struct privcmd_data *data =
The purpose if this ioctl is to allow a user of privcmd to restrict its
operation such that it will no longer service arbitrary hypercalls via
IOCTL_PRIVCMD_HYPERCALL, and will check for a matching domid when
servicing IOCTL_PRIVCMD_DM_OP. The aim of this is to limit the attack
surface for a