WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] regarding privileges

from [Keir Fraser] [Permanent Link][Original]
To: Ian Pratt <Ian.Pratt@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] regarding privileges
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Sat, 25 Oct 2003 11:32:33 +0100
Cc: Paul Boehm <paul@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 25 Oct 2003 11:43:46 +0100
Envelope-to: steven.hand@xxxxxxxxxxxx
In-reply-to: Your message of "Sat, 25 Oct 2003 04:20:12 BST." <E1ADEyL-0003Th-00@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
List-help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-id: List for Xen developers <xen-devel.lists.sourceforge.net>
List-post: <mailto:xen-devel@lists.sourceforge.net>
List-subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>, <mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
Sender: xen-devel-admin@xxxxxxxxxxxxxxxxxxxxx 
> That's a fair point. The intention is to split up the 'privilege'
> in to a bit mask to enable finer grained control and granting of
> specific privileges to domains, (like the 'CAP_*' stuff in
> Linux). It should be a fairly simple task to split the privileges
> up -- one for the todo list.

Yes, this needs to be considered at the same time we refactor the Xen
hypercall interface. eg. perhaps not all current dom0_ops should be
dom0_ops (access should instead be controlled by some other
capability). Adjusting it so that access to each `privileged'
hypercall is controlled by one capability each might be neat, and help
work out a neat rearrangement for the hypercalls.

 -- Keir


-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program.
Do you like what SourceForge.net is doing for the Open
Source Community?  Make a contribution, and help us add new
features and functionality. Click here: http://sourceforge.net/donate/
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Support for mii_xxx functions?, Keir Fraser
Next by Date:  [Xen-devel] Help, QuickNet
Previous by Thread:  Re: [Xen-devel] regarding privileges, Ian Pratt
Next by Thread:  [Xen-devel] Help, QuickNet
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy