From mboxrd@z Thu Jan 1 00:00:00 1970 From: Konrad Rzeszutek Wilk Subject: Re: [PATCH 00/18] RFC: Merge IS_PRIV checks into XSM hooks Date: Tue, 7 Aug 2012 14:06:21 -0400 Message-ID: <20120807180621.GE15053@phenom.dumpdata.com> References: <1344263550-3941-1-git-send-email-dgdegra@tycho.nsa.gov> <50215461.4030901@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Shakeel Butt Cc: Daniel De Graaf , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On Tue, Aug 07, 2012 at 02:07:55PM -0400, Shakeel Butt wrote: > > I wasn't intending to exclude the other uses of XSM that this series will > > benefit; dom0 disaggregation is just the most obvious case that requires > > the larger changes like removing IS_PRIV checks. > I was just saying that this patch series is more beneficial than claimed. > > > Xenstore can already be split into its own stub domain (or domains, as in > > the Xoar paper). The permissions model in Xenstore has a privileged bit > > similar to IS_PRIV; extending XSM controls into Xenstore similar to how > > SELinux controls were extended into DBus will address this. > > My real concern here was the use of is_initial_domain() in the xenbus driver > code. For example I am running all Linux PV and one of them is XenStore > domain, the xenbus driver needs to do something different than > is_initial_domain(), Stefano and Daniel are already making the Linux XenBus driver more intelligient. So that it can figure out whether is initial domain, but not running XenBus. > maybe something like is_xenstore_domain() [not saying this is right > way to do it]. > Please correct me if I am wrong. > > thanks, > Shakeel > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel