On 08/10/2025 3:08 pm, Jürgen Groß wrote: > On 08.10.25 15:33, Andrew Cooper wrote: >> Anyway - /dev/xen/privcmd (and /hypercall) shouldn't be tied to xenfs. >> They should be SIF_PRIVILEGED alone, should they not? > > I don't think they should be tied to SIF_PRIVILEGED, as device model ops > are handled via the privcmd driver, too. > > TBH I have no idea why there is a direct connection to xenfs. > > Did you try to modprobe privcmd without mounting xenfs? I guess the > connection is that the capabilities in /proc/xen/capabilities are > tested to > contain "control_d", resulting in the privcmd driver to be loaded.
modprobe xen_privcmd in isolation does cause /dev/xen/privcmd to appear. ~Andrew
