From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: One question about the hypercall to translate gfn to mfn. Date: Thu, 18 Dec 2014 17:01:28 +0000 Message-ID: <54930868.7060603@citrix.com> References: <5486CAAF.9070807@linux.intel.com> <20141209104633.GC75319@deinos.phlegethon.org> <20141210105505.GA64596@deinos.phlegethon.org> <20141211212904.GA91831@deinos.phlegethon.org> <20141218160846.GD67264@deinos.phlegethon.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20141218160846.GD67264@deinos.phlegethon.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Tim Deegan , "Tian, Kevin" Cc: "Yu, Zhang" , "Paul.Durrant@citrix.com" , "keir@xen.org" , "JBeulich@suse.com" , "Xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org On 18/12/14 16:08, Tim Deegan wrote: >> yep. Just curious, I thought stubdomain is not popularly used. typical >> > case is to have qemu in dom0. is this still true? :-) > Some do and some don't. :) High-security distros like Qubes and > XenClient do. You can enable it in xl config files pretty easily. > IIRC the xapi toolstack doesn't use it, but XenServer uses privilege > separation to isolate the qemu processes in dom0. > We are looking into stubdomains as part of future architectural roadmap, but as identified, there is a lot of toolstack plumbing required before this be feasible to put into XenServer. Our privilege separate in qemu is a stopgap measure which we would like to replace in due course. ~Andrew