On Mon, 2012-02-06 at 13:46 -0600, Scott Wood wrote: > On 02/03/2012 04:52 PM, Anthony Liguori wrote: > > On 02/03/2012 12:07 PM, Eric Northup wrote: > >> On Thu, Feb 2, 2012 at 8:09 AM, Avi Kivity<avi@xxxxxxxxxx> wrote: > >> [...] > >>> > >>> Moving to syscalls avoids these problems, but introduces new ones: > >>> > >>> - adding new syscalls is generally frowned upon, and kvm will need > >>> several > >>> - syscalls into modules are harder and rarer than into core kernel code > >>> - will need to add a vcpu pointer to task_struct, and a kvm pointer to > >>> mm_struct > >> - Lost a good place to put access control (permissions on /dev/kvm) > >> for which user-mode processes can use KVM. > >> > >> How would the ability to use sys_kvm_* be regulated? > > > > Why should it be regulated? > > > > It's not a finite or privileged resource. > > You're exposing a large, complex kernel subsystem that does very > low-level things with the hardware. It's a potential source of exploits > (from bugs in KVM or in hardware). I can see people wanting to be > selective with access because of that. Exactly. In a perfect world I'd agree with Anthony, but in reality I think sysadmins are quite happy that they can prevent some users from using KVM. You could presumably achieve something similar with capabilities or whatever, but a node in /dev is much simpler. cheers
Attachment:
signature.asc
Description: This is a digitally signed message part
