CVSROOT: /cvs
Module name: src
Changes by: r...@cvs.openbsd.org 2015/12/02 15:19:11
Modified files:
usr.sbin/vmd : Makefile control.c proc.h vmd.c vmd.h vmm.c
Added files:
usr.sbin/vmd : config.c
Log message:
Split the fully privileged parent into two processes "parent" and
"vmm" with reduced privileges:
- the "parent" opens fds (disks, ifs, etc.) but runs as root but pledged as
"stdio rpath wpath proc tty sendfd".
- the "vmm" process handles the creation and supervision of vm processes,
and the primary communication with the vmm(4) subsystem. It runs as _vmd
in the chroot but does not use pledge, as the vmm ioctls are not allowed
by any pledge model yet.
With this change, vmd starts to track the configuration state of VMs
in vmd and will allow other things later (like terminating a vm by
name, moving the configuration parser to vmd, ...). More incremental
changes will follow.
