Some early kernesl are known not to reject unknown flags to unshare(). There may be other problems.
CC: Jan Beulich <jbeul...@suse.com> Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com> --- v3: New in this version of the series. --- docs/features/qemu-deprivilege.pandoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/features/qemu-deprivilege.pandoc b/docs/features/qemu-deprivilege.pandoc index eb05981a83..20d6ac2189 100644 --- a/docs/features/qemu-deprivilege.pandoc +++ b/docs/features/qemu-deprivilege.pandoc @@ -112,6 +112,9 @@ The following features still need to be implemented: * Inserting a new cdrom while the guest is running (xl cdrom-insert) * Migration / save / restore +dm_restrict is totally unsupported and may have unexpected security +problems if used with a dom0 Linux kernel earlier than 2.6.18. + Additionally, getting PCI passthrough to work securely would require a significant rework of how passthrough works at the moment. It may be implemented at some point but is not a near-term priority. -- 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel