This is essentially V2 of a small series inspired by a report on the security list about nwfilters not working with Xen VMs. V1 was posted to the security list, so no public reference. The libxl driver simply does not support nwfilters, so the report is really a RFE vs a security issue. I'm now moving the discussion to the public devel list. I don't have time to add nwfilter support to the libxl driver, but agree the documentation could be improved. Given the perceived security implications, I also think it's worth considering rejecting Xen VM <interface> configuration containing <filterref>, even though libvirt tends to ignore unsupported XML config. Patch1 improves the documentation. I also considered adding a "Limitations" section to docs/drvxen.rst, but none of the other drivers have such section. Also, for the xen one, I wasn't sure where to start with listing limitations :-P. Patch2 rejects Xen VM config containg <filterref> in their <interface> definitions. Jim Fehlig (2): docs: Clarify hypervisor support for nwfilter profiles libxl: Reject VM config referencing nwfilters docs/formatdomain.rst | 8 ++++---- src/libxl/libxl_domain.c | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) -- 2.35.3
