We don't promise to protect you against rogue stub domain binaries; only from the running domain once the guest has come up.
Signed-off-by: George Dunlap <[email protected]> --- CC: Ian Jackson <[email protected]> CC: Wei Liu <[email protected]> CC: Andrew Cooper <[email protected]> CC: Jan Beulich <[email protected]> CC: Tim Deegan <[email protected]> CC: Stefano Stabellini <[email protected]> CC: Konrad Wilk <[email protected]> CC: Julien Grall <[email protected]> --- SUPPORT.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SUPPORT.md b/SUPPORT.md index a1810b8046..ce9f68e1c2 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -501,6 +501,11 @@ for more information about security support. Status: Supported, with caveats +Only stub domain binaries provided by the host admin +or trusted users are security supported; +untrusted stub domain binaries (e.g., provided by untrusted users) +are excluded from security support. + Vulnerabilities of a device model stub domain to a hostile driver domain (either compromised or untrusted) are excluded from security support. -- 2.16.2 _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
