From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@citrix.com>
Subject: [PATCH v4 3/6] tools/dm_restrict: Ask QEMU to chroot
Date: Mon, 5 Nov 2018 18:07:08 +0000
Message-ID: <20181105180711.20322-3-george.dunlap@citrix.com>
References: <20181105180711.20322-1-george.dunlap@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xenproject.org>
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <srs0=k8cf=nq=citrix.com=prvs=840cd6c1a=george.dunlap@srs-us1.protection.inumbo.net>)
 id 1gJjIA-0000YO-0w
 for xen-devel@lists.xenproject.org; Mon, 05 Nov 2018 18:08:02 +0000
In-Reply-To: <20181105180711.20322-1-george.dunlap@citrix.com>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
To: xen-devel@lists.xenproject.org
Cc: Anthony Perard <anthony.perard@citrix.com>, Ian Jackson <ian.jackson@citrix.com>, Wei Liu <wei.liu2@citrix.com>, George Dunlap <george.dunlap@citrix.com>
List-Id: xen-devel@lists.xenproject.org

V2hlbiBkbV9yZXN0cmljdCBpcyBlbmFibGVkLCBhc2sgUUVNVSB0byBjaHJvb3QgaW50byBhbiBl
bXB0eSBkaXJlY3RvcnkuCgoqIENyZWF0ZSAvdmFyL3J1bi9xZW11L3Jvb3QtZG9taWQgKGRlbGV0
aW5nIHRoZSBvbGQgb25lIGlmIGl0J3MgdGhlcmUpCiogUGFzcyB0aGUgLWNocm9vdCBvcHRpb24g
dG8gUUVNVQoKUmF0aGVyIHRoYW4gcnVubmluZyBgcm0gLXJmYCBvbiB0aGUgZGlyZWN0b3J5IGJl
Zm9yZSBjcmVhdGluZyBpdAooc2luY2UgdGhlcmUgaXMgbm8gbGlicmFyeSBmdW5jdGlvbiB0byBk
byB0aGlzKSwgc2ltcGx5IHJtZGlyIHRoZQpkaXJlY3RvcnksIHJlbHlpbmcgb24gdGhlIGZhY3Qg
dGhhdCB0aGUgcHJldmlvdXMgUUVNVSBpbnN0YW5jZSwgaWYKcHJvcGVybHkgcmVzdHJpY3RlZCwg
c2hvdWxkbid0IGhhdmUgYmVlbiBhYmxlIHRvIHdyaXRlIGFueXRoaW5nCmFueXdheS4KClN1Z2dl
c3RlZC1ieTogUm9zcyBMYWdlcndhbGwgPHJvc3MubGFnZXJ3YWxsQGNpdHJpeC5jb20+ClNpZ25l
ZC1vZmYtYnk6IEdlb3JnZSBEdW5sYXAgPGdlb3JnZS5kdW5sYXBAY2l0cml4LmNvbT4KQWNrZWQt
Ynk6IElhbiBKYWNrc29uIDxpYW4uamFja3NvbkBldS5jaXRyaXguY29tPgotLS0KQ2hhbmdlcyBz
aW5jZSB2MjoKLSBTdHlsZSBmaXhlcwotIFRlc3RpbmcgbW92ZWQgdG8gYSBkaWZmZXJlbnQgcGF0
Y2gKCkNDOiBJYW4gSmFja3NvbiA8aWFuLmphY2tzb25AY2l0cml4LmNvbT4KQ0M6IFdlaSBMaXUg
PHdlaS5saXUyQGNpdHJpeC5jb20+CkNDOiBBbnRob255IFBlcmFyZCA8YW50aG9ueS5wZXJhcmRA
Y2l0cml4LmNvbT4KLS0tCiBkb2NzL2Rlc2lnbnMvcWVtdS1kZXByaXZpbGVnZS5tZCB8IDEyICsr
KysrLS0tLS0KIHRvb2xzL2xpYnhsL2xpYnhsX2RtLmMgICAgICAgICAgIHwgNDEgKysrKysrKysr
KysrKysrKysrKysrKysrKysrKysrKy0KIDIgZmlsZXMgY2hhbmdlZCwgNDYgaW5zZXJ0aW9ucygr
KSwgNyBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9kb2NzL2Rlc2lnbnMvcWVtdS1kZXByaXZp
bGVnZS5tZCBiL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdlLm1kCmluZGV4IDc4N2FlMWFj
N2MuLjAzOTViYmJiNDAgMTAwNjQ0Ci0tLSBhL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdl
Lm1kCisrKyBiL2RvY3MvZGVzaWducy9xZW11LWRlcHJpdmlsZWdlLm1kCkBAIC02MSwxMiArNjEs
NiBAQCBzb3VyY2UgdHJlZS4pCiAKICcnJ1Rlc3Rpbmcgc3RhdHVzJycnOiBUZXN0ZWQKIAotIyBS
ZXN0cmljdGlvbnMgLyBpbXByb3ZlbWVudHMgc3RpbGwgdG8gZG8KLQotVGhpcyBsaXN0cyBwb3Rl
bnRpYWwgcmVzdHJpY3Rpb25zIHN0aWxsIHRvIGRvLiAgSXQgaXMgbWVhbnQgdG8gYmUKLWxpc3Rl
ZCBpbiBvcmRlciBvZiBlYXNlIG9mIGltcGxlbWVudGF0aW9uLCB3aXRoIGxvdy1oYW5naW5nIGZy
dWl0Ci1maXJzdC4KLQogIyMgQ2hyb290CiAKICcnJ0Rlc2NyaXB0aW9uJycnOiBRZW11IHJ1bnMg
aW4gaXRzIG93biBjaHJvb3QsIHN1Y2ggdGhhdCBldmVuIGlmIGl0CkBAIC04NCw2ICs3OCwxMiBA
QCBUaGVuIGFkZHMgdGhlIGZvbGxvd2luZyB0byB0aGUgcWVtdSBjb21tYW5kLWxpbmU6CiAJCiAn
JydUZXN0ZWQnJyc6IE5vdCB0ZXN0ZWQKIAorIyMgUmVzdHJpY3Rpb25zIC8gaW1wcm92ZW1lbnRz
IHN0aWxsIHRvIGRvCisKK1RoaXMgbGlzdHMgcG90ZW50aWFsIHJlc3RyaWN0aW9ucyBzdGlsbCB0
byBkby4gIEl0IGlzIG1lYW50IHRvIGJlCitsaXN0ZWQgaW4gb3JkZXIgb2YgZWFzZSBvZiBpbXBs
ZW1lbnRhdGlvbiwgd2l0aCBsb3ctaGFuZ2luZyBmcnVpdAorZmlyc3QuCisKICMjIE5hbWVzcGFj
ZXMgZm9yIHVudXNlZCBmdW5jdGlvbmFsaXR5IChMaW51eCBvbmx5KQogCiAnJydEZXNjcmlwdGlv
bicnJzogUUVNVSBkb2Vzbid0IHVzZSB0aGUgZnVuY3Rpb25hbGl0eSBhc3NvY2lhdGVkIHdpdGgK
ZGlmZiAtLWdpdCBhL3Rvb2xzL2xpYnhsL2xpYnhsX2RtLmMgYi90b29scy9saWJ4bC9saWJ4bF9k
bS5jCmluZGV4IDI2ZWIxNmFmMzQuLmFkM2VmY2M3ODMgMTAwNjQ0Ci0tLSBhL3Rvb2xzL2xpYnhs
L2xpYnhsX2RtLmMKKysrIGIvdG9vbHMvbGlieGwvbGlieGxfZG0uYwpAQCAtMTQxMCw5ICsxNDEw
LDQ4IEBAIHN0YXRpYyBpbnQgbGlieGxfX2J1aWxkX2RldmljZV9tb2RlbF9hcmdzX25ldyhsaWJ4
bF9fZ2MgKmdjLAogICAgICAgICB9CiAgICAgfQogCi0gICAgaWYgKGxpYnhsX2RlZmJvb2xfdmFs
KGJfaW5mby0+ZG1fcmVzdHJpY3QpKQorICAgIGlmIChsaWJ4bF9kZWZib29sX3ZhbChiX2luZm8t
PmRtX3Jlc3RyaWN0KSkgeworICAgICAgICBjaGFyICpjaHJvb3RfZGlyID0gR0NTUFJJTlRGKCIl
cy9xZW11LXJvb3QtJWQiLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBs
aWJ4bF9fcnVuX2Rpcl9wYXRoKCksIGd1ZXN0X2RvbWlkKTsKKyAgICAgICAgaW50IHI7CisgICAg
ICAgIAogICAgICAgICBmbGV4YXJyYXlfYXBwZW5kKGRtX2FyZ3MsICIteGVuLWRvbWlkLXJlc3Ry
aWN0Iik7CiAKKyAgICAgICAgLyogCisgICAgICAgICAqIFJ1biBRRU1VIGluIGEgY2hyb290IGF0
IFhFTl9SVU5fRElSL3FlbXUtcm9vdC0lZAorICAgICAgICAgKgorICAgICAgICAgKiBUaGVyZSBp
cyBubyBsaWJyYXJ5IGZ1bmN0aW9uIHRvIGRvIHRoZSBlcXVpdmFsZW50IG9mIGBybQorICAgICAg
ICAgKiAtcmZgLiAgSG93ZXZlciBkZXByaXZpbGVnZWQgUUVNVSBpbiB0aGVvcnkgc2hvdWxkbid0
IGJlCisgICAgICAgICAqIGFibGUgdG8gd3JpdGUgYW55IGZpbGVzLCBhcyB0aGUgY2hyb290IHdv
dWxkIGJlIG93bmVkIGJ5CisgICAgICAgICAqIHJvb3QsIGJ1dCBpdCB3b3VsZCBiZSBydW5uaW5n
IGFzIGFuIHVucHJpdmlsZWdlZCBwcm9jZXNzLgorICAgICAgICAgKiBTbyBpbiB0aGVvcnksIG9s
ZCBjaHJvb3RzIHNob3VsZCBhbHdheXMgYmUgZW1wdHkuCisgICAgICAgICAqIAorICAgICAgICAg
KiBybWRpciB0aGUgZGlyZWN0b3J5IGJlZm9yZSBhdHRlbXB0aW5nIHRvIGNyZWF0ZQorICAgICAg
ICAgKiBpdDsgaWYgaXQgcmV0dXJucyBhbnl0aGluZyBvdGhlciB0aGFuIEVOT0VOVCwgZmFpbCBk
b21haW4KKyAgICAgICAgICogY3JlYXRpb24uCisgICAgICAgICAqLworICAgICAgICByID0gcm1k
aXIoY2hyb290X2Rpcik7CisgICAgICAgIGlmIChyICE9IDAgJiYgZXJybm8gIT0gRU5PRU5UKSB7
CisgICAgICAgICAgICBMT0dFRChFUlJPUiwgZ3Vlc3RfZG9taWQsCisgICAgICAgICAgICAgICAg
ICAiZmFpbGVkIHRvIHJlbW92ZSBleGlzdGluZyBjaHJvb3QgZGlyICVzIiwgY2hyb290X2Rpcik7
CisgICAgICAgICAgICByZXR1cm4gRVJST1JfRkFJTDsKKyAgICAgICAgfQorICAgICAgICAKKyAg
ICAgICAgZm9yICg7OykgeworICAgICAgICAgICAgciA9IG1rZGlyKGNocm9vdF9kaXIsIDAwMDAp
OworICAgICAgICAgICAgaWYgKCFyKQorICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAg
ICAgaWYgKGVycm5vID09IEVJTlRSKSBjb250aW51ZTsKKyAgICAgICAgICAgIExPR0VEKEVSUk9S
LCBndWVzdF9kb21pZCwKKyAgICAgICAgICAgICAgICAgICJmYWlsZWQgdG8gY3JlYXRlIGNocm9v
dCBkaXIgJXMiLCBjaHJvb3RfZGlyKTsKKyAgICAgICAgICAgIHJldHVybiBFUlJPUl9GQUlMOwor
ICAgICAgICB9CisKKyAgICAgICAgLyogQWRkICItY2hyb290IFtkaXJdIiB0byBjb21tYW5kLWxp
bmUgKi8KKyAgICAgICAgZmxleGFycmF5X2FwcGVuZChkbV9hcmdzLCAiLWNocm9vdCIpOworICAg
ICAgICBmbGV4YXJyYXlfYXBwZW5kKGRtX2FyZ3MsIGNocm9vdF9kaXIpOworICAgIH0KKwogICAg
IGlmIChzdGF0ZS0+c2F2ZWRfc3RhdGUpIHsKICAgICAgICAgLyogVGhpcyBmaWxlIGRlc2NyaXB0
b3IgaXMgbWVhbnQgdG8gYmUgdXNlZCBieSBRRU1VICovCiAgICAgICAgICpkbV9zdGF0ZV9mZCA9
IG9wZW4oc3RhdGUtPnNhdmVkX3N0YXRlLCBPX1JET05MWSk7Ci0tIAoyLjE5LjEKCgpfX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGlu
ZyBsaXN0Clhlbi1kZXZlbEBsaXN0cy54ZW5wcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnhlbnBy
b2plY3Qub3JnL21haWxtYW4vbGlzdGluZm8veGVuLWRldmVs