Re: [PATCH RFC v2 00/13] IOMMUFD Generic interface

Thursday, 22 September 2022

On Thu, Sep 22, 2022 at 11:13:42AM -0300, Jason Gunthorpe wrote:
...
 On Thu, Sep 22, 2022 at 12:06:33PM +0100, Daniel P. Berrangé wrote:

 > So per-user locked mem accounting looks like a regression in
 > our VM isolation abilities compared to the per-task accounting.

 For this kind of API the management app needs to put each VM in its
 own user, which I'm a bit surprised it doesn't already do as a further
 protection against cross-process concerns. 
Putting VMs in dedicated users is not practical to automatically do
on a general purpose OS install, because there's no arbitrator of
what UID ranges can be safely used without conflicting with other
usage on the OS. 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [PATCH RFC v2 00/13] IOMMUFD Generic interface