This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Tiny patch for 2004 04 08 unstable tarball. arch/xen/ker

To: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] Tiny patch for 2004 04 08 unstable tarball. arch/xen/kernel/time.c
From: Adam Heath <doogie@xxxxxxxxxx>
Date: Fri, 9 Apr 2004 03:27:56 -0500 (CDT)
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Sat, 10 Apr 2004 13:28:22 +0100
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: <E1BBrBm-000176-00@xxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
References: <E1BBrBm-000176-00@xxxxxxxxxxxxxxxxx>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx
On Fri, 9 Apr 2004, Ian Pratt wrote:

> > Tiny patch. :)  Compile fails if you turn off priviliged access in the
> > xenolinux config.
> Cheers.
> There's an argument for doing away with the option
> altogether. Xen enforces the protection, so it doesn't matter
> whether untrusted domains are compiled with
> CONFIG_XEN_PRIVILEGED_GUEST or not. The amount of code that this
> option compiles out is likely less than 1KB, so it's probably
> not worth having.
> However, we should make sure that the domain hides the various
> proc files if it has insufficient privilege from Xen, so as to
> avoid confusing users.

In that case, the config option should be used for that.

If it's set, don't even bother checking whether you can do privledged ops, and
just assume you can't; also, don't bother creating the proc files.

If it *is* set, then you still have to check, as the instance may not have
been given the nescessary privs.

This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
Xen-devel mailing list