Re: [Xen-devel] [PATCH v5.1 3/8] xen: defer call to xen_restrict until just before os_setup_post

This patch affects non-Xen components. CC'ing the relevant maintainers. On Fri, 20 Oct 2017, Ian Jackson wrote: > We need to restrict *all* the control fds that qemu opens. Looking in > /proc/PID/fd shows there are many; their allocation seems scattered > throughout Xen support code in qemu. > >

[Xen-devel] [PATCH v5.1 3/8] xen: defer call to xen_restrict until just before os_setup_post

We need to restrict *all* the control fds that qemu opens. Looking in /proc/PID/fd shows there are many; their allocation seems scattered throughout Xen support code in qemu. We must postpone the restrict call until roughly the same time as qemu changes its uid, chroots (if applicable), and so on