Hi all,
this patch series introduces a new command line option to restrict the
privilege of the xenstore connection. Used together with -runas, can
help secure the execution of QEMU in Dom0.
Stefano Stabellini (2):
xen: separate the xenstore_record_dm_state calls for pv and hvm machines
xen: introduce xsrestrict
hw/xenpv/xen_machine_pv.c | 11 +++++++++++
include/hw/xen/xen.h | 4 ++++
qemu-options.hx | 15 +++++++++++++++
vl.c | 8 ++++++++
xen-common-stub.c | 6 ++++++
xen-common.c | 15 +--------------
xen-hvm.c | 38 ++++++++++++++++++++++++++++++--------
7 files changed, 75 insertions(+), 22 deletions(-)
Cheers,
Stefano
