On 12/22/2011 11:39 AM, Laine Stump wrote: > > These two patches are in response to CVE-2011-4127: > > http://seclists.org/oss-sec/2011/q4/536 > > Once the kernel security fix and corresponding qemu mitigation patch > are in place, access to SG_IO commands from qemu guests will be > disabled by default. This patch series provides a way to explicitly > enable such support when it is required. Given that this helps mitigate a CVE, I think we want to include this in 0.9.9 (another reason for an rc2 build shortly). I'll go ahead and review these patches, but I'm still not sure whether we have consensus on whether to use type='lun' or device='lun'. -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list