• David Vrabel's avatar
    xen/evtchn: add IOCTL_EVTCHN_RESTRICT · fbc872c3
    David Vrabel authored
    IOCTL_EVTCHN_RESTRICT limits the file descriptor to being able to bind
    to interdomain event channels from a specific domain.  Event channels
    that are already bound continue to work for sending and receiving
    This is useful as part of deprivileging a user space PV backend or
    device model (QEMU).  e.g., Once the device model as bound to the
    ioreq server event channels it can restrict the file handle so an
    exploited DM cannot use it to create or bind to arbitrary event
    Signed-off-by: 's avatarDavid Vrabel <david.vrabel@citrix.com>
    Reviewed-by: 's avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
Last commit
Last update
Kbuild Loading commit data...
evtchn.h Loading commit data...
gntalloc.h Loading commit data...
gntdev.h Loading commit data...
privcmd.h Loading commit data...