>>> On 31.07.14 at 15:16, <frediano.ziglio@xxxxxxxxxx> wrote: > Add a RESTRICT ioctl to /dev/xen/privcmd, which allows privileged commands > file descriptor to be restricted to only working with a particular domain. The "with" here has been quite confusing, and I realized that you mean the subject domain rather than the actor one only after having gone through quite some parts of the patch. For a patch this size, a little more of a description (and the original motivation) would have helped. Wrt motivation: Why does this need enforcing in the kernel at all? Doesn't XSM_DM_PRIV mode deal specifically with what you're trying to do here? Or else I guess I really need some better explanation of what this is about. Jan -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
